Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help me remove searchnu

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help me remove searchnu

Unread postby Charliea » July 25th, 2012, 11:45 pm

Please help me get my computer cleaned up. I know I atleast have searchnu on here and maybe others. My machine has been acting really wired lately. Below are the files requested. Thanks in advanced for your help and time.



DDS File

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Dad at 23:35:35 on 2012-07-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2558.384 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Citrix\GoToAssist Express Expert\363\g2ax_start.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\GoToAssist Express Expert\363\g2ax_comm_expert.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\GoToAssist Express Expert\363\g2ax_user_expert.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchnu.com/406
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
TB: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [GoToAssist Express Expert] "c:\program files\citrix\gotoassist express expert\363\g2ax_start.exe" "/Trigger RunAtLogon"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [nwiz] nwiz.exe /install
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\dad\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{3B44AA32-4E3A-4B0C-B36E-972416B69767} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{F4587C63-D925-4209-AB90-0E4554E042E9} : DhcpNameServer = 192.168.11.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\febeprof.charlie\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z144&form ... 0111115&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\retrogamer_4wei\installr\1.bin\NP4wEISb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.autoDisableScopes - 14
.
.
FF - user.js: extentions.y2layers.installId - b22580ad-cd3a-48bc-8cbf-f23a57b8fc6b
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2011-12-20 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2011-12-20 83392]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2011-12-22 14464]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-23 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-12 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-25 17:35:38 -------- d-----w- c:\users\dad\appdata\local\{A77D68F9-609F-4D3C-84E5-774ACCC6F2A0}
2012-07-25 17:35:16 -------- d-----w- c:\users\dad\appdata\local\{F321FCAD-FF1A-413A-8676-8F9B3AC4AF35}
2012-07-25 04:23:26 -------- d-----w- c:\users\dad\appdata\local\{D6285447-177A-40F5-91BC-1233FED0E4CA}
2012-07-24 16:22:55 -------- d-----w- c:\users\dad\appdata\local\{B6839429-4311-4AA2-83CB-D8C53DE6649C}
2012-07-24 16:22:42 -------- d-----w- c:\users\dad\appdata\local\{AEA9869E-EE3B-4637-AA37-23CB8C6D76B2}
2012-07-24 04:20:18 -------- d-----w- c:\users\dad\appdata\local\{EDF7901D-5191-44B0-B721-9722E8C9F259}
2012-07-24 04:20:06 -------- d-----w- c:\users\dad\appdata\local\{598647B2-C269-477C-8AC5-47086B9F877A}
2012-07-24 02:02:10 -------- d-----w- c:\users\dad\appdata\local\Ilivid Player
2012-07-24 01:59:27 -------- d-----w- c:\programdata\boost_interprocess
2012-07-23 23:36:25 -------- d-----w- c:\users\dad\appdata\local\CRE
2012-07-23 23:36:06 -------- d-----w- c:\program files\Conduit
2012-07-23 23:36:03 -------- d-----w- c:\users\dad\appdata\local\Conduit
2012-07-23 23:22:17 -------- d-----w- c:\program files\Yontoo
2012-07-23 23:21:29 -------- d-----w- c:\program files\1ClickDownload
2012-07-23 23:17:58 -------- d-----w- c:\program files\wxDownload Fast
2012-07-23 23:17:57 -------- d-----w- c:\programdata\Premium
2012-07-23 23:17:48 -------- d-----w- c:\programdata\WxDFastUpdater
2012-07-23 23:16:40 -------- d-----w- c:\programdata\InstallMate
2012-07-23 16:19:28 -------- d-----w- c:\users\dad\appdata\local\{B6313C20-6E86-4388-8449-A65292DB8E02}
2012-07-23 16:19:15 -------- d-----w- c:\users\dad\appdata\local\{CE2601C9-B3DA-4CC2-BE17-A79238A54B3A}
2012-07-23 16:13:22 -------- d-----w- c:\program files\RobotBoom_60EI
2012-07-23 04:18:36 -------- d-----w- c:\users\dad\appdata\local\{306C2CB3-E380-41B9-95FF-31648262D41E}
2012-07-22 16:17:42 -------- d-----w- c:\users\dad\appdata\local\{2199E04E-482F-4187-A58E-86FC94A3651F}
2012-07-22 04:17:17 -------- d-----w- c:\users\dad\appdata\local\{B1D1277E-BE7D-427A-B03E-2045C9162A14}
2012-07-21 16:22:42 -------- d-----w- c:\users\dad\appdata\local\Nero_AG
2012-07-21 16:21:47 -------- d-----w- c:\users\dad\appdata\local\Nero
2012-07-21 16:18:55 -------- d-----w- c:\program files\Nero
2012-07-21 16:18:00 -------- d-----w- c:\programdata\Nero
2012-07-21 16:16:39 -------- d-----w- c:\users\dad\appdata\local\{4B400713-A274-4038-AA26-1F798210C616}
2012-07-21 16:16:20 -------- d-----w- c:\users\dad\appdata\local\{829D06E3-67F6-464F-9A4E-AFCC434CC630}
2012-07-21 16:04:56 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-07-21 16:04:35 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-07-21 16:04:10 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-07-21 16:03:36 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-07-21 16:03:04 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-07-21 16:02:20 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-07-21 16:01:13 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-07-21 15:59:42 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-07-21 15:58:54 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-07-21 15:57:57 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2012-07-17 18:43:36 -------- d-----w- c:\users\dad\appdata\local\{624A0B98-F388-4FB5-B920-F54A0AE52CA4}
2012-07-17 18:43:13 -------- d-----w- c:\users\dad\appdata\local\{7F742AD6-2969-4B8B-92AB-177CDA3674E0}
2012-07-16 11:47:21 -------- d-----w- c:\users\dad\appdata\local\{79FB95C0-FCD4-4288-AF3B-9A461FE9F451}
2012-07-15 23:46:50 -------- d-----w- c:\users\dad\appdata\local\{65C39CD0-4F95-41AD-A83C-93F5CB598A75}
2012-07-15 11:45:46 -------- d-----w- c:\users\dad\appdata\local\{B86F3CBA-DC3D-4FB5-83D8-E1752855920D}
2012-07-14 23:44:33 -------- d-----w- c:\users\dad\appdata\local\{0311955A-011F-423B-A71B-81477B9F14A2}
2012-07-14 11:44:08 -------- d-----w- c:\users\dad\appdata\local\{1D235B01-C8BC-4B56-A1D7-0ED7C22ED457}
2012-07-13 23:43:11 -------- d-----w- c:\users\dad\appdata\local\{D4935920-CF01-4E7E-A084-E3E766D82725}
2012-07-13 11:41:58 -------- d-----w- c:\users\dad\appdata\local\{493996EA-1EDF-4C4E-B05F-E4DB76AC2015}
2012-07-13 11:41:47 -------- d-----w- c:\users\dad\appdata\local\{C946B5CD-6B73-4619-88A2-CE16EB27A48E}
2012-07-12 23:41:20 -------- d-----w- c:\users\dad\appdata\local\{AEB28F79-47A4-4B0E-ABB3-C4880E1D04C1}
2012-07-12 11:40:16 -------- d-----w- c:\users\dad\appdata\local\{2EFB0560-1AF3-4824-B797-DC57E9136228}
2012-07-11 23:39:15 -------- d-----w- c:\users\dad\appdata\local\{BF68EB17-F548-4C52-BC59-68DEAA2B5E8E}
2012-07-11 23:39:03 -------- d-----w- c:\users\dad\appdata\local\{7380E6E6-F55E-4BE8-A9E4-DD91615989D9}
2012-07-11 11:38:33 -------- d-----w- c:\users\dad\appdata\local\{C93E859A-E638-4E77-88CF-524B6ED1DCE9}
2012-07-11 11:38:18 -------- d-----w- c:\users\dad\appdata\local\{A2B0BDF8-6AB5-4772-BE8D-254BC2370C99}
2012-07-10 23:37:47 -------- d-----w- c:\users\dad\appdata\local\{59C38A7D-C6E7-4E89-BD1E-0731BE2BFC21}
2012-07-10 23:37:36 -------- d-----w- c:\users\dad\appdata\local\{5E680B55-E491-43E9-A36B-0737F18FE46B}
2012-07-10 22:19:05 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2012-07-10 22:18:53 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-07-10 11:37:05 -------- d-----w- c:\users\dad\appdata\local\{2784A28E-A653-4AD1-9301-153A4C90FD29}
2012-07-10 11:36:52 -------- d-----w- c:\users\dad\appdata\local\{09087DC1-F399-45CA-8889-1C83AF3F2BB9}
2012-07-09 23:36:09 -------- d-----w- c:\users\dad\appdata\local\{F6E7394C-3453-4D12-B829-DD5B191EE0C2}
2012-07-09 23:35:48 -------- d-----w- c:\users\dad\appdata\local\{E084C7BA-26E1-4525-9974-D8D6B7BF0365}
2012-07-09 11:34:55 -------- d-----w- c:\users\dad\appdata\local\{4FB4BF7C-4B07-41A9-B41E-D9E1CAD61AE5}
2012-07-09 11:34:44 -------- d-----w- c:\users\dad\appdata\local\{5C80CF8B-BD9D-4F13-B4FE-1B4DDE5DAB92}
2012-07-08 23:34:18 -------- d-----w- c:\users\dad\appdata\local\{7FA3F4F6-B43F-47DB-AE1F-E537B1704CC7}
2012-07-08 11:33:54 -------- d-----w- c:\users\dad\appdata\local\{AF67523D-9203-4A95-9716-4231BB128389}
2012-07-08 11:33:43 -------- d-----w- c:\users\dad\appdata\local\{23E0BACC-26DE-459F-B961-C69F8F0AAC83}
2012-07-07 23:33:16 -------- d-----w- c:\users\dad\appdata\local\{D7568DB3-299B-416A-BE4D-05088BAA0F83}
2012-07-07 11:32:52 -------- d-----w- c:\users\dad\appdata\local\{2D782D66-4819-4D22-971D-2F2CE0F9D0BF}
2012-07-06 23:31:52 -------- d-----w- c:\users\dad\appdata\local\{F449525A-A119-4D29-9833-E425A079E502}
2012-07-06 11:30:51 -------- d-----w- c:\users\dad\appdata\local\{AE8A6991-961B-4D2A-AD06-21231FE900B4}
2012-07-05 23:30:07 -------- d-----w- c:\users\dad\appdata\local\{43783025-A08B-4420-8E12-49F8505C46B7}
2012-07-05 11:29:41 -------- d-----w- c:\users\dad\appdata\local\{724667D3-B62C-42F0-89FE-130450FD40DB}
2012-07-04 23:28:45 -------- d-----w- c:\users\dad\appdata\local\{1A9E4DA8-A451-4FDF-BF86-79B377D1F8A7}
2012-07-04 23:28:31 -------- d-----w- c:\users\dad\appdata\local\{D6DD029E-474D-4A25-AB15-3C65AE8FAB23}
2012-07-04 19:25:59 -------- d-----w- c:\program files\iTunes
2012-07-04 19:25:59 -------- d-----w- c:\program files\iPod
2012-07-04 19:21:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-07-04 19:21:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-07-04 19:21:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-07-04 19:21:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-07-04 19:21:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-07-04 19:21:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-07-04 19:21:10 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-07-04 11:28:05 -------- d-----w- c:\users\dad\appdata\local\{138A25DE-B9F3-42E9-9CB4-060BC53F10DA}
2012-07-03 23:27:41 -------- d-----w- c:\users\dad\appdata\local\{D3D12D47-A4A4-4257-AAE4-495754F10A41}
2012-07-03 11:26:52 -------- d-----w- c:\users\dad\appdata\local\{D6044834-AA31-4B8A-9408-80597DD3B5B6}
2012-07-02 23:25:38 -------- d-----w- c:\users\dad\appdata\local\{24BFDAF3-1F8A-41AA-B938-2F938C584995}
2012-07-02 11:25:00 -------- d-----w- c:\users\dad\appdata\local\{584CF7FB-FD14-4895-818C-142F702ECBD1}
2012-07-01 23:24:35 -------- d-----w- c:\users\dad\appdata\local\{960A6577-1403-4C16-BE05-FF1CE707E739}
2012-07-01 11:23:31 -------- d-----w- c:\users\dad\appdata\local\{9E04C4F8-2EEF-448D-B996-99CDEBE47B62}
2012-07-01 11:23:20 -------- d-----w- c:\users\dad\appdata\local\{460D4579-8CA8-4F99-A82F-399CA942738C}
2012-06-30 23:22:36 -------- d-----w- c:\users\dad\appdata\local\{631E9E3C-5CF0-4A38-AFE4-A14FF01FBEE6}
2012-06-30 11:22:11 -------- d-----w- c:\users\dad\appdata\local\{7C9F22A1-850A-4EEE-AA07-7D036512149F}
2012-06-30 11:21:57 -------- d-----w- c:\users\dad\appdata\local\{FC457680-3701-4C1D-8975-E169B3748177}
2012-06-29 23:19:41 -------- d-----w- c:\users\dad\appdata\local\{2E6BA506-FAFE-4E57-8D61-01F2B4EDEE18}
2012-06-29 11:19:09 -------- d-----w- c:\users\dad\appdata\local\{08DA4092-BBF7-4637-9F32-12411A5BA7DD}
2012-06-28 23:18:15 -------- d-----w- c:\users\dad\appdata\local\{40A23E2F-EB5B-42EE-84C3-8CC7689CD130}
2012-06-28 11:17:07 -------- d-----w- c:\users\dad\appdata\local\{7B62E1EB-1469-4ACC-A39E-7F64B9283F41}
2012-06-27 23:16:07 -------- d-----w- c:\users\dad\appdata\local\{78711C55-2423-460D-B192-E7F1910B07E8}
2012-06-27 23:15:55 -------- d-----w- c:\users\dad\appdata\local\{957A9122-AB8A-4E79-B3F8-CEE1C6886DE9}
2012-06-27 11:15:25 -------- d-----w- c:\users\dad\appdata\local\{1B9AA96F-FA3A-49E7-9E4B-A6AED632DD9D}
2012-06-26 23:14:19 -------- d-----w- c:\users\dad\appdata\local\{B398C61A-CD04-4742-980D-991443CD93A2}
2012-06-26 11:13:15 -------- d-----w- c:\users\dad\appdata\local\{B96166D9-C67F-4E32-974F-4746914E950C}
2012-06-26 11:13:04 -------- d-----w- c:\users\dad\appdata\local\{7B856668-4F68-4850-926E-42DE5CE1DB3B}
.
==================== Find3M ====================
.
2012-07-17 18:43:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-17 18:43:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-12-22 18:44:36 447 ----a-w- c:\program files\1222201113443591.bat
.
============= FINISH: 23:37:21.64 ===============


Attach file:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/12/2010 8:16:20 PM
System Uptime: 7/25/2012 9:05:29 PM (2 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1660/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 222.992 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acronis True Image WD Edition
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
AVG 2012
Bonjour
CCScore
CDBurnerXP
Conexant HDA D110 MDC V.92 Modem
Core Temp version 0.99.7
D3DX10
eReg
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Express Burn
FileZilla Client 3.5.3
Foxit Reader
GoToManage Expert 1.6.0.363
High-Definition Video Playback
I8kfanGUI V3.1
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Kodak EasyShare software
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.62.0.1300
MEGA PIXEL DSC
Memorex exPressit Label Design Studio
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 11 Kwik Themes Basic
Nero Audio Pack 1
Nero Core Components 11
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero SharedVideoCodecs
Nero Update
nero.prerequisites.msi
netbrdg
NVIDIA Drivers
NVIDIA nView Desktop Manager
OfotoXMI
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
SFR
SHASTA
skin0001
SKINXSDK
SpeedFan (remove only)
Spybot - Search & Destroy
staticcr
TeamSpeak 3 Client
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VPRINTOL
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
7/25/2012 9:09:50 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'O2Micro CCID SC Reader 0' rejected IOCTL GET_STATE: The device has been removed. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
7/25/2012 9:03:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/25/2012 9:03:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/25/2012 9:03:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/25/2012 9:03:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/25/2012 9:03:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache spldr Wanarpv6
7/25/2012 6:45:09 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
7/25/2012 1:05:07 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
Charliea
Active Member
 
Posts: 13
Joined: July 25th, 2012, 11:31 pm
Advertisement
Register to Remove

Re: Please help me remove searchnu

Unread postby pgmigg » July 27th, 2012, 3:10 pm

Hello Charliea,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start




Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Please help me remove searchnu

Unread postby pgmigg » July 27th, 2012, 4:18 pm

Hello Charliea,

RE: Microsoft Office Enterprise 2007
Can you tell me how this program came to be installed on your machine?

Please tell me also, is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Please help me remove searchnu

Unread postby Charliea » July 27th, 2012, 6:35 pm

Hi pgmigg,

I use to work for my brother in-law but now for over a year with medical problems and his divorce from my sister I no longer work for him. This is my personal computer and installed the above software while working for him.

Thanks
Charliea
Charliea
Active Member
 
Posts: 13
Joined: July 25th, 2012, 11:31 pm

Re: Please help me remove searchnu

Unread postby pgmigg » July 28th, 2012, 12:35 am

Thank you Charliea,

Let start to treat your computer...

Step 0.
Disable Spybot's TeaTimer. This is a two step process.
From your log I can see that you are running a Spybot S&D Teatimer. This might interfere with fixes we are about to do so we need to disable it.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5 or later, click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

Step 1.
Create a System Restore Point
Because we are going to be making changes to your computer, it is advisable to create a new System Restore Point.
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 3.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Spybot Search & Destroy
    Yontoo 1.10.02
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Step 4.
  1. Special FIX Download
    Right-click on the filename link below and select "Save target as..." or "Save Link as...", and save it to your Desktop as filename: Fix.txt.
    SQW7-Vista_x32.TXT
  2. OTL - Download
    Please download OTL.exe by Old Timer and save it to your Desktop.
  3. OTL - Run Fix Script
    Important! Close all applications and windows so that you have nothing open and are at your Desktop.
    1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    2. Underneath Output at the top, make sure Standard Output is selected.
    3. Click the Run Fix button at the top. You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel".
    4. Click the OK button. An Open dialog will be displayed.
    5. Navigate to the Desktop, scroll to find the file named Fix.txt and click Open button. Some text will appear in the Custom scans/Fixes box.
    6. Click the Run Fix button.
    7. Let the program run unhindered and reboot the PC when it is done.
      When the computer reboots, and you start your usual account, a Notepad text file will appear.
    8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 5.
SystemLook
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Conduit*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *IObit*
    *whitesmoke*
    *datamngr*
    *Torrent*
    *trolltech*
    *Yontoo*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Conduit*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *IObit*
    *whitesmoke*
    *datamngr*
    *Torrent*
    *trolltech*
    *Yontoo*
    
    :Regfind
    Fun4IM
    Bandoo
    Conduit
    Searchnu
    Searchqu
    iLivid
    IObit
    whitesmoke
    datamngr
    Torrent
    trolltech
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 6.
Fresh OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Contents of a OTL.txt log file
  5. Contents of a Extras.txt log file
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Please help me remove searchnu

Unread postby Charliea » July 28th, 2012, 5:24 am

Part 2 of scan results.. Was too long for text box..

E:New Extras results:


OTL Extras logfile created on: 7/28/2012 3:51:54 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dad\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 61.69% Memory free
4.99 Gb Paging File | 3.87 Gb Available in Paging File | 77.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 218.92 Gb Free Space | 73.47% Space Free | Partition Type: NTFS

Computer Name: ALLMAN-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B6E6BF-DA5D-42E8-A6B1-51BCB03DB520}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0503CFEF-4D24-48B7-AB86-FD67A1BE9762}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{119BA3FE-C05C-4269-B361-307B470E76F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{14B369FF-BE3F-4DB6-9211-E95295AE0625}" = rport=139 | protocol=6 | dir=out | app=system |
"{190EE105-9F9E-4DFE-8E26-F0AFADB0C7E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25F642F7-F292-4392-8745-A6022CB67842}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3013F545-55BF-4947-923F-18435282777A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3014547E-122F-40CF-8A9B-4E2979F6F81C}" = lport=500 | protocol=17 | dir=in | name=ipsec (ike) |
"{36D4A733-1774-4307-A5F3-AC3DF89715C2}" = lport=135 | protocol=6 | dir=in | name=rpc endpoint mapper and dcom infrastructure |
"{394913F0-650B-4495-93FC-1206B80F4C2A}" = lport=4500 | protocol=17 | dir=in | name=ipsec (ike nat-t) |
"{45751480-31DF-4F3A-9863-818E887B8857}" = rport=10243 | protocol=6 | dir=out | app=system |
"{570817D8-A866-4B5A-8B1E-003AB0D8EA9A}" = lport=445 | protocol=6 | dir=in | app=system |
"{5FB2F973-84D7-4BF8-9A70-27165425765C}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F2E09BD-CEB7-44DD-8330-66A76B9E0341}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7F48B6A8-36EE-4CFF-A75B-03E1204D95C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A18D8F08-CC98-47DC-8BA3-F34237BBBC18}" = rport=445 | protocol=6 | dir=out | app=system |
"{A61739BB-EF4A-4D8F-B97E-90F679DD0A17}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AE1685F1-A20A-48F2-9A03-3C4326074F9A}" = lport=139 | protocol=6 | dir=in | app=system |
"{B5B545FF-B53A-477E-A411-C27590BEB209}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8ED19E8-5FE3-40DB-AE8A-D37A148E90F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C47E6460-B364-4F4E-8BD2-D2A22E91307F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C4D39CE8-9A11-4BEA-80E2-79D02F8D5D52}" = rport=137 | protocol=17 | dir=out | app=system |
"{D4BC824E-139C-44FB-9F54-AF8FA57FE698}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE05BFEF-7F17-49E7-9265-DEAE6A0418CE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E3AC53F7-C48D-4CB6-ACB8-2C859A725C56}" = rport=138 | protocol=17 | dir=out | app=system |
"{EE1CCD12-69B8-429E-A9DD-A0832DA21D05}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F70A8D39-0EEE-4DB6-930E-ABB8872B4431}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B617AA0-A92D-4B78-A689-F7B78833EAFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11BA14CD-6490-40A6-910F-9E1DDA41321D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16AE2ADF-E20B-49AF-8338-6B04AFCF8E6F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{24ECEAC9-0AD5-4ACB-96DB-8D6AB76382CA}" = protocol=6 | dir=out | app=system |
"{28B07CCF-1453-4987-95B3-F092A5B415E0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2DD8E3E3-43E8-4CC5-9F8B-B504218F7714}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2F5700BD-5A75-49BF-BE35-47575EFEAA14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3740156F-6823-4F97-9E28-558B70017F92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{39EF7BE8-0447-4C39-AB9D-210F19CAB808}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{42788FFA-1553-4F7B-B19F-C7E07142E94E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4996F088-F3DF-420E-8788-7E77175071A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E3B7F25-4DC6-4A90-AAF9-468475516418}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51A7966E-EB2D-4492-B40E-75F4956EB122}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52ADEDDD-1C0B-4310-BCFE-827930165946}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{655C6566-58AE-4E70-9A26-DABF8773E1D8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{6CC1B03E-D3C8-4CEC-8843-4B78F67B55B4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6D8921C0-21F4-40CD-B348-66BB265CA5B2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{72C0A4CF-37C0-4307-865A-884E098F14EE}" = protocol=6 | dir=in | app=c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe |
"{74240BE5-F506-4B4C-B899-08826CDD4A5E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{750A1714-5E36-4C3F-AF32-7DB914E897F4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{762FD751-CCE2-4FDA-847D-5014B03217B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E720242-15FE-4535-B145-5BCAF2689250}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{903793F0-6301-416A-9AA1-98F2BCFB8D3F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{98047A99-E27F-46ED-A444-31C03AF8C8BC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A2E20307-4386-4FB5-8A98-DC161BB1EC56}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{A6687123-91D3-4D1F-962B-BF9B53A76AD1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{AAAC8D7E-DD4D-4F5B-8ECA-1CBF9842E77C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B74AA5C1-1403-437B-A7AF-8BC1E9958E36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BC43EFF7-F311-40E9-ACBB-73C8E034AFEE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{C46630DF-1244-4674-8BB2-E6E4DE479027}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CB28355A-81D8-4078-B654-1E84E5858CA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3AC5648-C04A-47E7-98E9-B9D58C89C969}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{E3BBDE5A-AEAA-40A5-BEEB-0DB36D1F4859}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{E4822ED2-3F7A-40C9-A249-563348AC6BF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5F57A74-BFE5-4D7C-9966-4EBD409184D3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EC900C2C-1637-424D-BFCE-C4AC76077AD6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EFB6F435-0616-4114-8F49-64897A25E892}" = protocol=17 | dir=in | app=c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe |
"{F4965EC9-B2FA-4913-9907-F1033ED02C32}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F92EDE2C-3CDF-400A-8FC2-5ECFE174C3A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77C71BFE-2598-4DB5-8F7C-0CF81A16DA40}" = ArcSoft MediaImpression
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B683A28-2172-4CF1-B85D-41375E80652A}" = Acronis True Image WD Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3749996-2D35-4591-B06A-4F62F2A5E18E}" = Nero Kwik Media
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"AVG" = AVG 2012
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader
"I8kfanGUI" = I8kfanGUI V3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MVApplication1" = Memorex exPressit Label Design Studio
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"sp6" = Logitech SetPoint 6.32
"SpeedFan" = SpeedFan (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToAssist Express Expert" = GoToManage Expert 1.6.0.363

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2012 10:20:42 AM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 7/27/2012 10:21:37 AM | Computer Name = Allman-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000374 Fault offset: 0x000c380b Faulting process
id: 0x514 Faulting application start time: 0x01cd6c00d361883d Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 5f7972d4-d7f6-11e1-9042-001a6b26cc12

Error - 7/27/2012 10:24:08 AM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 7/27/2012 10:45:43 AM | Computer Name = Allman-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: jscript9.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c2b71 Exception code: 0xc0000005 Fault offset: 0x000ab1dd Faulting process
id: 0xcc4 Faulting application start time: 0x01cd6c036b31e9f9 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\System32\jscript9.dll
Report
Id: bd852709-d7f9-11e1-9042-001a6b26cc12

Error - 7/27/2012 11:16:07 AM | Computer Name = Allman-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c3300 Exception code: 0xc0000005 Fault offset: 0x0021d683 Faulting process
id: 0x1634 Faulting application start time: 0x01cd6c0691e94b68 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: fcc0ce98-d7fd-11e1-9042-001a6b26cc12

Error - 7/27/2012 11:17:28 AM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 7/27/2012 12:17:45 PM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 7/27/2012 12:20:44 PM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 7/27/2012 12:23:44 PM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 7/27/2012 12:24:44 PM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

[ Media Center Events ]
Error - 3/1/2012 10:04:36 PM | Computer Name = Allman-PC | Source = MCUpdate | ID = 0
Description = 9:04:36 PM - Error connecting to the internet. 9:04:36 PM - Unable
to contact server..

Error - 3/1/2012 10:04:46 PM | Computer Name = Allman-PC | Source = MCUpdate | ID = 0
Description = 9:04:42 PM - Error connecting to the internet. 9:04:42 PM - Unable
to contact server..

Error - 3/1/2012 11:04:53 PM | Computer Name = Allman-PC | Source = MCUpdate | ID = 0
Description = 10:04:53 PM - Error connecting to the internet. 10:04:53 PM - Unable
to contact server..

Error - 3/1/2012 11:04:59 PM | Computer Name = Allman-PC | Source = MCUpdate | ID = 0
Description = 10:04:58 PM - Error connecting to the internet. 10:04:58 PM - Unable
to contact server..

[ OSession Events ]
Error - 7/23/2012 7:36:08 PM | Computer Name = Allman-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35184
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/19/2012 5:47:51 AM | Computer Name = Allman-PC | Source = RasSstp | ID = 1
Description =

Error - 4/19/2012 5:48:27 AM | Computer Name = Allman-PC | Source = RasSstp | ID = 1
Description =

Error - 4/20/2012 3:38:23 AM | Computer Name = Allman-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.

Error - 4/20/2012 3:40:32 AM | Computer Name = Allman-PC | Source = SCardSvr | ID = 610
Description =

Error - 4/20/2012 8:08:13 AM | Computer Name = Allman-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 4/21/2012 9:19:27 AM | Computer Name = Allman-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR5.

Error - 4/21/2012 11:43:42 PM | Computer Name = Allman-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR5.

Error - 4/26/2012 3:59:49 AM | Computer Name = Allman-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.

Error - 4/26/2012 4:01:21 AM | Computer Name = Allman-PC | Source = SCardSvr | ID = 610
Description =

Error - 4/27/2012 5:37:06 PM | Computer Name = Allman-PC | Source = SCardSvr | ID = 610
Description =


< End of report >


F: Maybe a little.. However when I do a search the results are way off when I click on the link it like takes me to some off the wall page something that isnt related to what i was searching for. Hope that makes sense.

Thanks for the help so far. :)

Awaiting orders..
Charliea
Active Member
 
Posts: 13
Joined: July 25th, 2012, 11:31 pm

Re: Please help me remove searchnu

Unread postby pgmigg » July 28th, 2012, 10:07 am

Hello Charliea,
Part 2 of scan results.. Was too long for text box..
Probably you may done a great job but I don't know about it... unfortunately! ;)

At the end of my post I placed the sentence: "Please do not hesitate to divide the post into multiple if it is too long...". I will appreciate if you could make a few posts ( there are no limits) and reply with ALL logs you did not place yet , I asked before - this information is highly important to prepare the next set of instructions!
Please include in your next reply:
  1. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  2. Contents of the SystemLook.txt log file
  3. Contents of a OTL.txt log file
  4. Do you see any changes in computer behavior?


Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Please help me remove searchnu

Unread postby Charliea » July 28th, 2012, 10:32 am

Sorry I understand what you said. I posted evedrything in one reply and found out it was too long. So I cut the Part 2 out of the first one and sent it. It said sent so I proceeded to send Part 2. I guess it didnt actually send part 1 Below is the first part. Sorry about that.

A. No problems with instructions..

B. OTL Moved Files Results:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll not found.
========== REGISTRY ==========
Registry key hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\2b1e51d87b2d71a44bb42ddd5e894160\installproperties\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ilivid\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\windows searchqu toolbar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\ilivid\ not found.
Registry key hkey_local_machine\software\classes\ilivid\ not found.
Registry key hkey_local_machine\software\classes\installer\products\2b1e51d87b2d71a44bb42ddd5e894160\ not found.
Registry key hkey_local_machine\software\ilivid\ not found.
Registry key hkey_local_machine\software\ilivid\player\hosts\ilivid.com\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key hkey_current_user\software\datamngr_toolbar\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader.1\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key hkey_current_user\software\appdatalow\software\searchqutoolbar\ deleted successfully.
Registry key hkey_current_user\software\datamngr\ deleted successfully.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\bandoo\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key hkey_current_user\software\trolltech\ deleted successfully.
Registry key hkey_current_user\software\ilivid\ not found.
Registry key hkey_current_user\software\searchqutoolbar\ not found.
Registry key hkey_local_machine\software\datamngr\ not found.
Registry key hkey_local_machine\software\bandoo\ not found.
Registry key hkey_local_machine\software\classes\appid\bandoocore.exe\ not found.
Registry key hkey_local_machine\software\classes\appid\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key hkey_local_machine\software\classes\applications\ilividsetupv1.exe\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr\ not found.
Registry key hkey_local_machine\software\classes\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key hkey_local_machine\software\classes\interface\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key hkey_local_machine\software\classes\interface\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard.1\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard\ not found.
Registry key hkey_local_machine\software\classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_local_machine\software\microsoft\radar\heapleakdetection\diagnosedapplications\ilivid.exe\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasapi32\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasmancs\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\searchqumediabartb\ not found.
Registry key hkey_local_machine\software\classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry value hkey_current_user\software\microsoft\internet explorer\main\\start page deleted successfully.
Registry value hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\ilivid.exe not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\vlc\vlc.exe not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\installer\folders\\c:\programdata\microsoft\windows\start menu\programs\ilivid\ not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\datamngr not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
========== FILES ==========
File/Folder C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\searchquwebsearch.xml not found.
File/Folder C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\searchqutoolbar not found.
File/Folder C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Dad\AppData\Roaming\microsoft\windows\cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Dad\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[1].txt not found.
File/Folder C:\Users\Dad\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[2].txt not found.
File/Folder C:\Users\Dad\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[1].txt not found.
File/Folder C:\Users\Dad\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[2].txt not found.
File/Folder C:\Users\Dad\AppData\Roaming\microsoft\windows\cookies\low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Dad\AppData\Roaming\microsoft\windows\cookies\low\*@sweetim[1].txt not found.
File/Folder C:\Users\Dad\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Dad\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[3].txt not found.
C:\Users\Dad\AppData\Local\Ilivid Player folder moved successfully.
File/Folder C:\Users\Dad\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilividsetupv1.exe not found.
File/Folder C:\Users\Dad\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilivid[1].7z not found.
File/Folder C:\Users\Dad\AppData\Local\microsoft\windows\temporary internet files\content.ie5\setupdatamngr_searchqu[1].exe not found.
File/Folder C:\Users\Dad\AppData\Local\microsoft\windows\temporary internet files\content.ie5\sweetimsetup.exe not found.
File/Folder C:\Users\Dad\AppData\Local\microsoft\windows\temporary internet files\content.ie5\bandoov6[1].exe not found.
File/Folder C:\Users\Dad\AppData\Local\microsoft\windows\temporary internet files\low\content.ie5\searchqu_net[1].htm not found.
File/Folder C:\Users\Dad\AppData\Local\Temp\bandoofiles not found.
File/Folder C:\Users\Dad\AppData\Local\Temp\bandoov6.exe not found.
File/Folder C:\Users\Dad\AppData\Local\Temp\setupdatamngr_searchqu.exe not found.
File/Folder C:\Users\Dad\AppData\Local\Temp\sweetimreinstall not found.
File/Folder C:\Users\Dad\AppData\Local\Temp\sweetimreinstall\sweetimsetup.exe not found.
File/Folder C:\Users\Dad\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\Dad\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\Dad\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
C:\Users\Dad\appdata\locallow\searchquband folder moved successfully.
File/Folder C:\Users\Dad\appdata\locallow\searchqutoolbar not found.
File/Folder C:\Users\Dad\downloads\sweetimsetup.exe not found.
File/Folder C:\Users\Dad\downloads\ilividsetupv1.exe not found.
File\Folder c:\programdata\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\users\all users\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\program files\windows searchqu toolbar not found.
File\Folder c:\program files\windows ilivid toolbar not found.
File\Folder c:\program files\ilivid not found.
File\Folder c:\windows\prefetch\ilivid* not found.
File\Folder c:\windows\prefetch\searchqumediabar* not found.
File\Folder c:\windows\prefetch\setupdatamngr* not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dad\Desktop\cmd.bat deleted successfully.
C:\Users\Dad\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dad
->Temp folder emptied: 22016716 bytes
->Temporary Internet Files folder emptied: 286023849 bytes
->Java cache emptied: 15044083 bytes
->FireFox cache emptied: 77226441 bytes
->Google Chrome cache emptied: 40282200 bytes
->Flash cache emptied: 372624443 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Hannah
->Temp folder emptied: 3551707 bytes
->Temporary Internet Files folder emptied: 196825262 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 104294857 bytes
->Flash cache emptied: 67814 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34001144 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 236823211 bytes

Total Files Cleaned = 1,325.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07282012_032828

Files\Folders moved on Reboot...
C:\Users\Dad\AppData\Local\Temp\REG1E97.tmp moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVITBASP\viewtopic[1].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\Dad\AppData\Local\Temp\REG1E97.tmp not found!
File C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVITBASP\viewtopic[1].htm not found!

Registry entries deleted on Reboot...
Charliea
Active Member
 
Posts: 13
Joined: July 25th, 2012, 11:31 pm

Re: Please help me remove searchnu

Unread postby Charliea » July 28th, 2012, 10:34 am

D.SystemLook results:

SystemLook 30.07.11 by jpshortstuff
Log created at 03:39 on 28/07/2012 by Dad
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206120 bytes [17:44 20/01/2012] [17:44 20/01/2012] 976934130CD5C5DBD2DC977B298DF525
C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist --a---- 11408 bytes [18:57 09/10/2011] [18:57 09/10/2011] AB18CD2A656AE753C30E6276EC3DA0C2
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\G6JW7W1C\youtube.conduitapps[1].xml --a---- 13 bytes [23:59 23/07/2012] [23:59 23/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4ZTFIQ5\facebook.conduitapps[1].xml --a---- 13 bytes [23:59 23/07/2012] [23:59 23/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4ZTFIQ5\storage.conduit[1].xml --a---- 13 bytes [01:58 24/07/2012] [01:58 24/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Dad\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_US.xml --a---- 192 bytes [00:00 24/07/2012] [00:17 24/07/2012] F159884E3BCD46C383F9086F4BF788C1
C:\Users\Dad\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1613210_1606743_US.xml --a---- 190 bytes [01:58 24/07/2012] [02:08 24/07/2012] 5104B1E2708FE4D1777D6DAE57A1F211
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32BF9BE3\atlassolutions2_conduit[1].swf --a---- 2756 bytes [16:13 27/07/2012] [16:13 27/07/2012] 4672CCDCC217C1E66DEB31794BE8BFE1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3DZEOGS\atlassolutions2_conduit[1].swf --a---- 2756 bytes [03:44 26/07/2012] [03:44 26/07/2012] 4672CCDCC217C1E66DEB31794BE8BFE1

Searching for "*Searchnu*"
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\G6JW7W1C\www.searchnu[1].xml --a---- 13675 bytes [02:08 24/07/2012] [20:15 25/07/2012] 987E4E95BDBF930FA8F35A2C2F74AEC8
C:\Users\Dad\Favorites\MalWare Removal • View topic - Please help me remove searchnu.url --a---- 287 bytes [03:50 26/07/2012] [03:50 26/07/2012] 7EB6BCFB936564B4922AFB206497ECE2

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\QXF8Z6JZ\www.ilivid[1].xml --a---- 27352 bytes [02:02 24/07/2012] [02:02 24/07/2012] D549FF61E019A1C522251C29683B6DA1
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\TRBK6YO5\lp.ilivid[1].xml --a---- 13657 bytes [01:58 24/07/2012] [01:58 24/07/2012] 4E0C69B8DE178CFAD7DA2A418FC9D923
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2WCKPQO\157191_iLivid-download-play-468X60[1].gif --a---- 11529 bytes [16:35 27/07/2012] [16:35 27/07/2012] ED15F62C5DD9027F6AD0E74B06BD9EFC

Searching for "*IObit*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*Torrent*"
C:\Program Files\Common Files\Acronis\BackupScripts\bittorrent.xml --a---- 4704 bytes [16:40 22/06/2011] [16:40 22/06/2011] EC6B80328ED0A32AEC6DEE580B94234F
C:\Program Files\Common Files\Acronis\BackupScripts\utorrent.xml --a---- 5788 bytes [16:40 22/06/2011] [16:40 22/06/2011] BB6918D4319EA5B3B139F3CB7D28DE22
C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage --a---- 3072 bytes [04:58 26/07/2012] [04:58 26/07/2012] EAD5E6EADCE6D577E955877D82FD8D38
C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage-journal --a---- 3608 bytes [04:58 26/07/2012] [04:58 26/07/2012] A680A6DBD9A4A94DF19D73D873011A6F
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\QXF8Z6JZ\forum.utorrent[1].xml --a---- 13715 bytes [00:21 24/07/2012] [00:21 24/07/2012] AEC27BE5F16C6D807700E7BFF805E0A7
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\TRBK6YO5\bar.utorrent[1].xml --a---- 83 bytes [23:59 23/07/2012] [23:59 23/07/2012] F2D3DFCEB92C856F05A3DE828240EC9C
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4ZTFIQ5\www.utorrent[1].xml --a---- 13758 bytes [23:59 23/07/2012] [23:59 23/07/2012] 30DDAB0D940A6586920A1D418503040A
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Recent\Torrent downloaded from Demonoid.me.lnk --a---- 930 bytes [23:43 23/07/2012] [23:43 23/07/2012] F42D9D25F28991A4B3CFAB0E1DCF0CE4
C:\Users\Dad\Desktop\Charlies Files\Charlies Files\Adobe_CS3_Master_Collection_Corporate_ISO._Works_.3907426.TPB.torrent --a---- 34560 bytes [16:34 27/01/2012] [20:40 19/04/2011] 2EB436068BDF59DE656593BBE083A00C
C:\Users\Dad\Desktop\Charlies Files\Music\MP3\MP3-1\085 - High School Musical 3 - Now or Never [Torrent Tatty] (™ Hollywood).mp3 --a---- 8213272 bytes [16:43 27/01/2012] [03:14 24/08/2009] A5103F9405EA74E2510AE2C766267A37
C:\Users\Dad\Downloads\uTorrent.exe --a---- 895376 bytes [23:34 23/07/2012] [23:34 23/07/2012] 5A836FD41BD78AF1036C3F2FCEE3074E

Searching for "*trolltech*"
No files found.

Searching for "*Yontoo*"
C:\Program Files\Yontoo\YontooIEClient.dll --a---- 194928 bytes [23:22 23/07/2012] [18:37 16/05/2012] 4BF437CDDF8C692738CFA413231C9B3C

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
C:\Program Files\Conduit d------ [23:36 23/07/2012]
C:\Users\Dad\AppData\Local\Conduit d------ [23:36 23/07/2012]
C:\Users\Dad\AppData\LocalLow\Conduit d------ [23:36 23/07/2012]

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\07282012_032828\C_Users\Dad\AppData\locallow\searchquband d------ [02:02 24/07/2012]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\07282012_032828\C_Users\Dad\AppData\Local\Ilivid Player d------ [02:02 24/07/2012]

Searching for "*IObit*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Users\Dad\AppData\LocalLow\DataMngr d------ [02:02 24/07/2012]

Searching for "*Torrent*"
C:\Users\Dad\AppData\LocalLow\uTorrentControl2 d------ [23:36 23/07/2012]

Searching for "*trolltech*"
No folders found.

Searching for "*Yontoo*"
C:\Program Files\Yontoo d------ [23:22 23/07/2012]
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com d------ [23:22 23/07/2012]
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com d------ [23:22 23/07/2012]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E}]
"FaviconURL"="http://search.conduit.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Community Alerts]
"Path"="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\HomePage]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"="http://search.conduit.com?SearchSource=10&ctid=CT3196716"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"D4EDA1F8CAFEA5F43B64322C86F7FA05"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\D4EDA1F8CAFEA5F43B64322C86F7FA05]
"File"="iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"D4EDA1F8CAFEA5F43B64322C86F7FA05"="C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Conduit]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E}]
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716"
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E}]
"FaviconURL"="http://search.conduit.com/favicon.ico"

Searching for "Searchnu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\searchnu.com]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchnu.com]

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\ilivid.com]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\DOMStorage\ilivid.com]

Searching for "IObit"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46AFCA12-BB5F-445F-AF0E-57E62C7468F2}]
"AppPath"="C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBA30D9E-18AB-4969-8961-6D4245705CED}]
"AppPath"="C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS]

Searching for "Torrent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentControl2]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
"Extension"=".torrent"
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent]
@="1ClicktorrentFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent1]
@="1ClicktorrentFile1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\1ClicktorrentFile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\1ClicktorrentFile]
@="1Clicktorrent File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\1ClicktorrentFile1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\1ClicktorrentFile1]
@="1Clicktorrent File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
"Extension"=".torrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]
"AppPath"="C:\Program Files\uTorrent\uTorrent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A692FA47FB82BD113BA600313DEA14A1]
"82A386B927121FC48BD51473E50856A2"="C?\Program Files\Common Files\Acronis\BackupScripts\bittorrent.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B692FA47FB82BD113BA600313DEA14A1]
"82A386B927121FC48BD51473E50856A2"="C?\Program Files\Common Files\Acronis\BackupScripts\utorrent.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\AppDataLow\Software\uTorrentControl2]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
"Extension"=".torrent"
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\Applications\uTorrent.exe\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent]
"Extension"=".torrent"
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-app]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]

Searching for "trolltech"
No data found.

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
@="YontooIEClient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32]
@="C:\Program Files\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32]
@="C:\Program Files\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID]
@="YontooIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID]
@="YontooIEClient.Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32]
@="C:\Program Files\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID]
@="YontooIEClient.Layers.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\VersionIndependentProgID]
@="YontooIEClient.Layers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]
@="YontooIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]
@="C:\Program Files\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]
@="C:\Program Files\Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api\CurVer]
@="YontooIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers\CurVer]
@="YontooIEClient.Layers.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc]
"path"="C:\Users\Dad\AppData\Local\Temp\YontooLayers.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YontooSetup-S-11F0_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YontooSetup-S-11F0_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YontooSetup-S-1F4C_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YontooSetup-S-1F4C_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
@="Yontoo Layers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"InstallLocation"="C:\Program Files\Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"DisplayName"="Yontoo 1.10.02"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"Publisher"="Yontoo LLC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"URLInfoAbout"="http://www.yontoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"Contact"="support@yontoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
@="Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
"TizPath"="C:\Users\Dad\AppData\Local\Temp\YontooSetup-S.exe"

-= EOF =-
Charliea
Active Member
 
Posts: 13
Joined: July 25th, 2012, 11:31 pm

Re: Please help me remove searchnu

Unread postby Charliea » July 28th, 2012, 10:35 am

E. New OTL Scan Results:

OTL logfile created on: 7/28/2012 3:51:54 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dad\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 61.69% Memory free
4.99 Gb Paging File | 3.87 Gb Available in Paging File | 77.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 218.92 Gb Free Space | 73.47% Space Free | Partition Type: NTFS

Computer Name: ALLMAN-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/28 03:24:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
PRC - [2012/07/26 01:00:43 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\Dad\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/25 10:14:09 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Expert\363\g2ax_user_expert.exe
PRC - [2011/12/25 10:14:09 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Expert\363\g2ax_start.exe
PRC - [2011/12/25 10:14:09 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Expert\363\g2ax_comm_expert.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/06/22 12:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 12:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/06/22 12:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/23 18:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/02/16 12:58:12 | 000,856,064 | ---- | M] (Christian Diefer) -- C:\Program Files\I8kfanGUI\I8kfanGUI.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/12/26 02:41:29 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/12/26 02:41:29 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/12/26 02:41:29 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/12/26 02:41:29 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/12/26 02:41:29 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/12/26 02:41:29 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/12/26 02:41:29 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/12/26 02:41:29 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/12/26 02:41:28 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/12/26 02:41:28 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/12/26 02:41:28 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/12/26 02:41:27 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/12/26 02:41:25 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/12/26 02:41:25 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/12/26 02:41:24 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/12/26 02:41:24 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/12/26 02:41:24 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/12/26 02:41:24 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/12/26 02:41:23 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/12/26 02:41:22 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/12/26 02:41:22 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/12/26 02:41:22 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/12/26 02:41:21 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/12/26 02:41:21 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/12/26 02:41:21 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/12/26 02:41:21 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/12/26 02:41:20 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/12/26 02:41:20 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/12/26 02:41:20 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/12/26 02:41:20 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/12/26 02:41:19 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/12/26 02:41:18 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/12/26 02:41:18 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/12/26 02:41:17 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/12/22 01:58:48 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/18 02:14:20 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/22 12:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/08/12 20:47:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dad\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/12/20 13:10:16 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/12/20 13:10:12 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2011/12/20 13:10:11 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53)
DRV - [2011/12/20 13:10:09 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/09 17:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/03/06 11:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/16 05:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\Windows\System32\drivers\fanio.sys -- (fanio)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 D5 43 EB 93 6C CD 01 [binary data]
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresult ... =chrome&q={searchTerms}
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\SearchScopes\{6341569E-2D5F-4668-9D7C-1AB3D9C23C97}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=50E84244-9FC6-48C7-A493-3B3E9B5C88B0&apn_sauid=C1AF8BFB-8D2A-42C6-BCAC-EE725414C27A
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\SearchScopes\{A57FBB2D-AD3D-45A7-B21B-4DF179BC8A58}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.Retrogamer_4w.com/Plugin: C:\Program Files\Retrogamer_4wEI\Installr\1.bin\NP4wEISB.dll (Retrogamer)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dad\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dad\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/17 14:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 09:26:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 02:14:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/23 22:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2012/07/23 19:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/23 19:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/07/23 22:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions
[2011/12/20 13:11:43 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/12/20 13:14:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/22 03:54:21 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\gamesbar@oberon-media.com
[2012/07/23 19:22:11 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\OneClickDownload@OneClickDownload.com
[2012/07/23 19:22:19 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com
[2012/07/23 19:22:19 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com
[2012/07/26 01:11:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.charlie\extensions
[2012/06/27 13:12:07 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.charlie\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/05/23 23:51:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.charlie\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/05/23 23:51:23 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.charlie\extensions\en-US@dictionaries.addons.mozilla.org
[2012/07/23 22:03:35 | 000,002,519 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\searchplugins\Search_Results.xml
[2012/07/23 22:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/07/18 02:14:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/29 12:36:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/22 03:54:21 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober7151117.xml
[2012/07/23 22:03:35 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/12/29 12:36:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.pinstripeco.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.pinstripeco.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Retrogamer Installer Plugin Stub (Enabled) = C:\Program Files\Retrogamer_4wEI\Installr\1.bin\NP4wEISB.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dad\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/24 02:19:52 | 000,443,578 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15235 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000..\Run: [GoToAssist Express Expert] C:\Program Files\Citrix\GoToAssist Express Expert\363\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B44AA32-4E3A-4B0C-B36E-972416B69767}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4587C63-D925-4209-AB90-0E4554E042E9}: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b92a6d28-ac06-11e1-b7c3-001a6b26cc12}\Shell - "" = AutoRun
O33 - MountPoints2\{b92a6d28-ac06-11e1-b7c3-001a6b26cc12}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 03:28:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/28 03:24:42 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2012/07/27 22:13:18 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{68BBBEC2-8BF2-4087-8710-66A9DD0E0D29}
[2012/07/27 10:12:41 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{377B244C-5461-4246-9119-52A3C1FAA153}
[2012/07/27 10:12:22 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{424FB764-DA5F-430B-B9D0-EE834A796EFC}
[2012/07/27 10:03:12 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{4623B3B6-44A4-4BFA-BAE7-18F2DF886A31}
[2012/07/27 09:56:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/26 13:37:05 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{A1BB7F5A-161D-4353-B79F-498A5CDAB72D}
[2012/07/26 01:36:36 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{24A84871-FF35-4A2F-916F-6552E538BAF3}
[2012/07/26 01:36:23 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{5C3F4A25-D2E7-47A2-9179-85FF4B9291E3}
[2012/07/26 00:56:49 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/26 00:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/26 00:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/26 00:23:55 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/26 00:23:55 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/26 00:23:06 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/26 00:23:05 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/26 00:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/26 00:14:17 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\QuickScan
[2012/07/25 23:34:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dad\Desktop\dds.scr
[2012/07/25 13:35:38 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{A77D68F9-609F-4D3C-84E5-774ACCC6F2A0}
[2012/07/25 13:35:16 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{F321FCAD-FF1A-413A-8676-8F9B3AC4AF35}
[2012/07/25 00:23:26 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D6285447-177A-40F5-91BC-1233FED0E4CA}
[2012/07/24 12:22:55 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{B6839429-4311-4AA2-83CB-D8C53DE6649C}
[2012/07/24 12:22:42 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{AEA9869E-EE3B-4637-AA37-23CB8C6D76B2}
[2012/07/24 00:20:18 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{EDF7901D-5191-44B0-B721-9722E8C9F259}
[2012/07/24 00:20:06 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{598647B2-C269-477C-8AC5-47086B9F877A}
[2012/07/23 21:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/23 19:36:25 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\CRE
[2012/07/23 19:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/07/23 19:36:03 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Conduit
[2012/07/23 19:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/07/23 19:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012/07/23 19:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\wxDownload Fast
[2012/07/23 19:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/07/23 19:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\WxDFastUpdater
[2012/07/23 19:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/07/23 12:19:28 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{B6313C20-6E86-4388-8449-A65292DB8E02}
[2012/07/23 12:19:15 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{CE2601C9-B3DA-4CC2-BE17-A79238A54B3A}
[2012/07/23 12:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\RobotBoom_60EI
[2012/07/23 00:18:36 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{306C2CB3-E380-41B9-95FF-31648262D41E}
[2012/07/22 12:17:42 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{2199E04E-482F-4187-A58E-86FC94A3651F}
[2012/07/22 00:17:17 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{B1D1277E-BE7D-427A-B03E-2045C9162A14}
[2012/07/21 12:22:42 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Nero_AG
[2012/07/21 12:22:10 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Nero
[2012/07/21 12:21:47 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Nero
[2012/07/21 12:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/07/21 12:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012/07/21 12:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/07/21 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{4B400713-A274-4038-AA26-1F798210C616}
[2012/07/21 12:16:20 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{829D06E3-67F6-464F-9A4E-AFCC434CC630}
[2012/07/21 12:04:56 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2012/07/21 12:04:35 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2012/07/21 12:04:10 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2012/07/21 12:03:36 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012/07/21 12:03:04 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2012/07/21 12:02:20 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2012/07/21 12:01:13 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2012/07/21 11:59:42 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2012/07/21 11:58:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2012/07/21 11:57:57 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2012/07/21 11:57:28 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012/07/17 14:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/17 14:43:36 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{624A0B98-F388-4FB5-B920-F54A0AE52CA4}
[2012/07/17 14:43:13 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7F742AD6-2969-4B8B-92AB-177CDA3674E0}
[2012/07/16 07:47:21 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{79FB95C0-FCD4-4288-AF3B-9A461FE9F451}
[2012/07/15 19:46:50 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{65C39CD0-4F95-41AD-A83C-93F5CB598A75}
[2012/07/15 07:45:46 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{B86F3CBA-DC3D-4FB5-83D8-E1752855920D}
[2012/07/14 19:44:33 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{0311955A-011F-423B-A71B-81477B9F14A2}
[2012/07/14 07:44:08 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{1D235B01-C8BC-4B56-A1D7-0ED7C22ED457}
[2012/07/13 19:43:11 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D4935920-CF01-4E7E-A084-E3E766D82725}
[2012/07/13 07:41:58 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{493996EA-1EDF-4C4E-B05F-E4DB76AC2015}
[2012/07/13 07:41:47 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{C946B5CD-6B73-4619-88A2-CE16EB27A48E}
[2012/07/12 19:41:20 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{AEB28F79-47A4-4B0E-ABB3-C4880E1D04C1}
[2012/07/12 07:40:16 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{2EFB0560-1AF3-4824-B797-DC57E9136228}
[2012/07/11 19:39:15 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{BF68EB17-F548-4C52-BC59-68DEAA2B5E8E}
[2012/07/11 19:39:03 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7380E6E6-F55E-4BE8-A9E4-DD91615989D9}
[2012/07/11 07:38:33 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{C93E859A-E638-4E77-88CF-524B6ED1DCE9}
[2012/07/11 07:38:18 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{A2B0BDF8-6AB5-4772-BE8D-254BC2370C99}
[2012/07/10 19:37:47 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{59C38A7D-C6E7-4E89-BD1E-0731BE2BFC21}
[2012/07/10 19:37:36 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{5E680B55-E491-43E9-A36B-0737F18FE46B}
[2012/07/10 18:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012/07/10 18:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/07/10 07:37:05 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{2784A28E-A653-4AD1-9301-153A4C90FD29}
[2012/07/10 07:36:52 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{09087DC1-F399-45CA-8889-1C83AF3F2BB9}
[2012/07/09 19:36:09 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{F6E7394C-3453-4D12-B829-DD5B191EE0C2}
[2012/07/09 19:35:48 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{E084C7BA-26E1-4525-9974-D8D6B7BF0365}
[2012/07/09 07:34:55 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{4FB4BF7C-4B07-41A9-B41E-D9E1CAD61AE5}
[2012/07/09 07:34:44 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{5C80CF8B-BD9D-4F13-B4FE-1B4DDE5DAB92}
[2012/07/08 19:34:18 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7FA3F4F6-B43F-47DB-AE1F-E537B1704CC7}
[2012/07/08 07:33:54 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{AF67523D-9203-4A95-9716-4231BB128389}
[2012/07/08 07:33:43 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{23E0BACC-26DE-459F-B961-C69F8F0AAC83}
[2012/07/07 19:33:16 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D7568DB3-299B-416A-BE4D-05088BAA0F83}
[2012/07/07 07:32:52 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{2D782D66-4819-4D22-971D-2F2CE0F9D0BF}
[2012/07/06 19:31:52 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{F449525A-A119-4D29-9833-E425A079E502}
[2012/07/06 07:30:51 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{AE8A6991-961B-4D2A-AD06-21231FE900B4}
[2012/07/05 19:30:07 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{43783025-A08B-4420-8E12-49F8505C46B7}
[2012/07/05 07:29:41 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{724667D3-B62C-42F0-89FE-130450FD40DB}
[2012/07/04 19:28:45 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{1A9E4DA8-A451-4FDF-BF86-79B377D1F8A7}
[2012/07/04 19:28:31 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D6DD029E-474D-4A25-AB15-3C65AE8FAB23}
[2012/07/04 15:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/04 15:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/04 15:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/04 15:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/04 15:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/07/04 07:28:05 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{138A25DE-B9F3-42E9-9CB4-060BC53F10DA}
[2012/07/03 19:27:41 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D3D12D47-A4A4-4257-AAE4-495754F10A41}
[2012/07/03 07:26:52 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D6044834-AA31-4B8A-9408-80597DD3B5B6}
[2012/07/02 19:25:38 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{24BFDAF3-1F8A-41AA-B938-2F938C584995}
[2012/07/02 07:25:00 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{584CF7FB-FD14-4895-818C-142F702ECBD1}
[2012/07/01 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{960A6577-1403-4C16-BE05-FF1CE707E739}
[2012/07/01 07:23:31 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{9E04C4F8-2EEF-448D-B996-99CDEBE47B62}
[2012/07/01 07:23:20 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{460D4579-8CA8-4F99-A82F-399CA942738C}
[2012/06/30 19:22:36 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{631E9E3C-5CF0-4A38-AFE4-A14FF01FBEE6}
[2012/06/30 07:22:11 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7C9F22A1-850A-4EEE-AA07-7D036512149F}
[2012/06/30 07:21:57 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{FC457680-3701-4C1D-8975-E169B3748177}
[2012/06/29 19:19:41 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{2E6BA506-FAFE-4E57-8D61-01F2B4EDEE18}
[2012/06/29 07:19:09 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{08DA4092-BBF7-4637-9F32-12411A5BA7DD}
[2012/06/28 19:18:15 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{40A23E2F-EB5B-42EE-84C3-8CC7689CD130}
[2012/06/28 07:17:07 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7B62E1EB-1469-4ACC-A39E-7F64B9283F41}

========== Files - Modified Within 30 Days ==========

[2012/07/28 03:43:34 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 03:43:34 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 03:35:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/28 03:35:32 | 2011,787,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/28 03:25:50 | 000,139,264 | ---- | M] () -- C:\Users\Dad\Desktop\SystemLook.exe
[2012/07/28 03:24:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2012/07/28 03:21:55 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/28 03:21:55 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/27 18:32:07 | 102,332,425 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/07/27 18:31:19 | 000,248,307 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/07/27 11:06:06 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-162044061-3829153858-3278826119-1000UA.job
[2012/07/27 10:04:51 | 259,986,479 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/26 01:06:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-162044061-3829153858-3278826119-1000Core.job
[2012/07/26 00:56:58 | 000,002,303 | ---- | M] () -- C:\Users\Dad\Desktop\Google Chrome.lnk
[2012/07/26 00:22:42 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/26 00:22:42 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/25 23:34:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dad\Desktop\dds.scr
[2012/07/24 13:09:50 | 000,426,568 | ---- | M] () -- C:\Users\Dad\Desktop\BlackOpsII.pdf
[2012/07/24 02:48:22 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 02:19:52 | 000,443,578 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/23 01:36:08 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/07/21 12:20:30 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012/07/18 00:30:43 | 000,443,522 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120724-021952.backup
[2012/07/17 14:49:03 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/11 15:28:36 | 000,240,090 | ---- | M] () -- C:\Users\Dad\Desktop\labcorp.pdf
[2012/07/10 07:18:49 | 000,168,039 | ---- | M] () -- C:\Users\Dad\Desktop\wren.pdf
[2012/07/09 05:42:26 | 000,046,963 | ---- | M] () -- C:\Users\Dad\Desktop\log
[2012/07/05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/04 15:27:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/28 03:25:49 | 000,139,264 | ---- | C] () -- C:\Users\Dad\Desktop\SystemLook.exe
[2012/07/27 09:56:25 | 259,986,479 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/26 00:56:58 | 000,002,303 | ---- | C] () -- C:\Users\Dad\Desktop\Google Chrome.lnk
[2012/07/26 00:55:46 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-162044061-3829153858-3278826119-1000UA.job
[2012/07/26 00:55:42 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-162044061-3829153858-3278826119-1000Core.job
[2012/07/24 13:09:48 | 000,426,568 | ---- | C] () -- C:\Users\Dad\Desktop\BlackOpsII.pdf
[2012/07/21 12:20:30 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012/07/11 15:28:35 | 000,240,090 | ---- | C] () -- C:\Users\Dad\Desktop\labcorp.pdf
[2012/07/10 07:20:22 | 000,168,039 | ---- | C] () -- C:\Users\Dad\Desktop\wren.pdf
[2012/07/09 05:42:26 | 000,046,963 | ---- | C] () -- C:\Users\Dad\Desktop\log
[2012/07/04 15:27:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/23 23:35:09 | 000,000,507 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/04/23 23:28:59 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012/02/17 17:00:12 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/12/25 10:14:06 | 000,110,968 | ---- | C] () -- C:\Users\Dad\g2ax_expert_downloadhelper_win32_x86.exe
[2011/12/22 20:30:41 | 000,000,412 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\All CPU Meter_Settings.ini
[2011/12/22 14:44:36 | 000,000,447 | ---- | C] () -- C:\Program Files\1222201113443591.bat
[2011/12/21 03:36:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/08/12 20:33:21 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2010/08/12 20:33:21 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2010/08/12 20:33:21 | 001,503,232 | ---- | C] () -- C:\Windows\System32\nView.dll
[2010/08/12 20:33:21 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2010/08/12 20:33:21 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2010/08/12 20:33:21 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2010/08/12 20:33:21 | 000,158,240 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe

========== LOP Check ==========

[2012/07/23 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.minecraft
[2011/12/20 13:28:41 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acronis
[2012/02/16 22:08:56 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Amazon
[2011/12/22 03:56:20 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Arkadium
[2012/01/25 15:53:05 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\AVG2012
[2012/06/25 19:46:16 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Canneverbe Limited
[2012/02/17 05:02:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\DeepBurner Pro
[2012/04/19 05:48:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\FileZilla
[2012/06/13 20:05:56 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Foxit Software
[2012/06/25 20:34:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\FreeBurner
[2012/04/23 23:25:49 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\FreeCDRipper
[2012/03/10 13:49:05 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\ImgBurn
[2012/03/25 20:53:12 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Leadertech
[2011/12/22 15:04:50 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Net Meter Pro
[2011/12/22 14:50:50 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Oberon Media
[2012/07/26 00:14:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\QuickScan
[2011/12/26 02:41:38 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Skinux
[2012/05/03 21:38:00 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\TS3Client
[2012/03/06 03:19:07 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\ts3overlay
[2012/06/18 11:05:31 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\.minecraft
[2012/01/28 11:27:52 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\AVG2012
[2011/12/27 12:26:34 | 000,000,000 | ---D | M] -- C:\Users\Hannah\AppData\Roaming\Skinux
[2012/07/23 01:36:08 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2012/07/27 11:16:58 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3B3A302E

< End of report >
Charliea
Active Member
 
Posts: 13
Joined: July 25th, 2012, 11:31 pm

Re: Please help me remove searchnu

Unread postby Charliea » July 28th, 2012, 10:36 am

F. Extras Results:

OTL Extras logfile created on: 7/28/2012 3:51:54 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dad\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 61.69% Memory free
4.99 Gb Paging File | 3.87 Gb Available in Paging File | 77.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 218.92 Gb Free Space | 73.47% Space Free | Partition Type: NTFS

Computer Name: ALLMAN-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B6E6BF-DA5D-42E8-A6B1-51BCB03DB520}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0503CFEF-4D24-48B7-AB86-FD67A1BE9762}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{119BA3FE-C05C-4269-B361-307B470E76F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{14B369FF-BE3F-4DB6-9211-E95295AE0625}" = rport=139 | protocol=6 | dir=out | app=system |
"{190EE105-9F9E-4DFE-8E26-F0AFADB0C7E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25F642F7-F292-4392-8745-A6022CB67842}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3013F545-55BF-4947-923F-18435282777A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3014547E-122F-40CF-8A9B-4E2979F6F81C}" = lport=500 | protocol=17 | dir=in | name=ipsec (ike) |
"{36D4A733-1774-4307-A5F3-AC3DF89715C2}" = lport=135 | protocol=6 | dir=in | name=rpc endpoint mapper and dcom infrastructure |
"{394913F0-650B-4495-93FC-1206B80F4C2A}" = lport=4500 | protocol=17 | dir=in | name=ipsec (ike nat-t) |
"{45751480-31DF-4F3A-9863-818E887B8857}" = rport=10243 | protocol=6 | dir=out | app=system |
"{570817D8-A866-4B5A-8B1E-003AB0D8EA9A}" = lport=445 | protocol=6 | dir=in | app=system |
"{5FB2F973-84D7-4BF8-9A70-27165425765C}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F2E09BD-CEB7-44DD-8330-66A76B9E0341}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7F48B6A8-36EE-4CFF-A75B-03E1204D95C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A18D8F08-CC98-47DC-8BA3-F34237BBBC18}" = rport=445 | protocol=6 | dir=out | app=system |
"{A61739BB-EF4A-4D8F-B97E-90F679DD0A17}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AE1685F1-A20A-48F2-9A03-3C4326074F9A}" = lport=139 | protocol=6 | dir=in | app=system |
"{B5B545FF-B53A-477E-A411-C27590BEB209}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8ED19E8-5FE3-40DB-AE8A-D37A148E90F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C47E6460-B364-4F4E-8BD2-D2A22E91307F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C4D39CE8-9A11-4BEA-80E2-79D02F8D5D52}" = rport=137 | protocol=17 | dir=out | app=system |
"{D4BC824E-139C-44FB-9F54-AF8FA57FE698}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE05BFEF-7F17-49E7-9265-DEAE6A0418CE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E3AC53F7-C48D-4CB6-ACB8-2C859A725C56}" = rport=138 | protocol=17 | dir=out | app=system |
"{EE1CCD12-69B8-429E-A9DD-A0832DA21D05}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F70A8D39-0EEE-4DB6-930E-ABB8872B4431}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B617AA0-A92D-4B78-A689-F7B78833EAFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11BA14CD-6490-40A6-910F-9E1DDA41321D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16AE2ADF-E20B-49AF-8338-6B04AFCF8E6F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{24ECEAC9-0AD5-4ACB-96DB-8D6AB76382CA}" = protocol=6 | dir=out | app=system |
"{28B07CCF-1453-4987-95B3-F092A5B415E0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2DD8E3E3-43E8-4CC5-9F8B-B504218F7714}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2F5700BD-5A75-49BF-BE35-47575EFEAA14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3740156F-6823-4F97-9E28-558B70017F92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{39EF7BE8-0447-4C39-AB9D-210F19CAB808}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{42788FFA-1553-4F7B-B19F-C7E07142E94E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4996F088-F3DF-420E-8788-7E77175071A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E3B7F25-4DC6-4A90-AAF9-468475516418}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51A7966E-EB2D-4492-B40E-75F4956EB122}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52ADEDDD-1C0B-4310-BCFE-827930165946}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{655C6566-58AE-4E70-9A26-DABF8773E1D8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{6CC1B03E-D3C8-4CEC-8843-4B78F67B55B4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6D8921C0-21F4-40CD-B348-66BB265CA5B2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{72C0A4CF-37C0-4307-865A-884E098F14EE}" = protocol=6 | dir=in | app=c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe |
"{74240BE5-F506-4B4C-B899-08826CDD4A5E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{750A1714-5E36-4C3F-AF32-7DB914E897F4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{762FD751-CCE2-4FDA-847D-5014B03217B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E720242-15FE-4535-B145-5BCAF2689250}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{903793F0-6301-416A-9AA1-98F2BCFB8D3F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{98047A99-E27F-46ED-A444-31C03AF8C8BC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A2E20307-4386-4FB5-8A98-DC161BB1EC56}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{A6687123-91D3-4D1F-962B-BF9B53A76AD1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{AAAC8D7E-DD4D-4F5B-8ECA-1CBF9842E77C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B74AA5C1-1403-437B-A7AF-8BC1E9958E36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BC43EFF7-F311-40E9-ACBB-73C8E034AFEE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{C46630DF-1244-4674-8BB2-E6E4DE479027}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CB28355A-81D8-4078-B654-1E84E5858CA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3AC5648-C04A-47E7-98E9-B9D58C89C969}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{E3BBDE5A-AEAA-40A5-BEEB-0DB36D1F4859}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{E4822ED2-3F7A-40C9-A249-563348AC6BF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5F57A74-BFE5-4D7C-9966-4EBD409184D3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EC900C2C-1637-424D-BFCE-C4AC76077AD6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EFB6F435-0616-4114-8F49-64897A25E892}" = protocol=17 | dir=in | app=c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe |
"{F4965EC9-B2FA-4913-9907-F1033ED02C32}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F92EDE2C-3CDF-400A-8FC2-5ECFE174C3A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77C71BFE-2598-4DB5-8F7C-0CF81A16DA40}" = ArcSoft MediaImpression
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B683A28-2172-4CF1-B85D-41375E80652A}" = Acronis True Image WD Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3749996-2D35-4591-B06A-4F62F2A5E18E}" = Nero Kwik Media
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"AVG" = AVG 2012
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader_is1" = Foxit Reader
"I8kfanGUI" = I8kfanGUI V3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MVApplication1" = Memorex exPressit Label Design Studio
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"sp6" = Logitech SetPoint 6.32
"SpeedFan" = SpeedFan (remove only)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToAssist Express Expert" = GoToManage Expert 1.6.0.363

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2012 10:20:42 AM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 7/27/2012 10:21:37 AM | Computer Name = Allman-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000374 Fault offset: 0x000c380b Faulting process
id: 0x514 Faulting application start time: 0x01cd6c00d361883d Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 5f7972d4-d7f6-11e1-9042-001a6b26cc12

Error - 7/27/2012 10:24:08 AM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 7/27/2012 10:45:43 AM | Computer Name = Allman-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: jscript9.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c2b71 Exception code: 0xc0000005 Fault offset: 0x000ab1dd Faulting process
id: 0xcc4 Faulting application start time: 0x01cd6c036b31e9f9 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\System32\jscript9.dll
Report
Id: bd852709-d7f9-11e1-9042-001a6b26cc12

Error - 7/27/2012 11:16:07 AM | Computer Name = Allman-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 9.0.8112.16443, time
stamp: 0x4f4c3300 Exception code: 0xc0000005 Fault offset: 0x0021d683 Faulting process
id: 0x1634 Faulting application start time: 0x01cd6c0691e94b68 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: fcc0ce98-d7fd-11e1-9042-001a6b26cc12

Error - 7/27/2012 11:17:28 AM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 7/27/2012 12:17:45 PM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 7/27/2012 12:20:44 PM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 7/27/2012 12:23:44 PM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 7/27/2012 12:24:44 PM | Computer Name = Allman-PC | Source = SDWinSec.exe | ID = 0
Description =

[ Media Center Events ]
Error - 3/1/2012 10:04:36 PM | Computer Name = Allman-PC | Source = MCUpdate | ID = 0
Description = 9:04:36 PM - Error connecting to the internet. 9:04:36 PM - Unable
to contact server..

Error - 3/1/2012 10:04:46 PM | Computer Name = Allman-PC | Source = MCUpdate | ID = 0
Description = 9:04:42 PM - Error connecting to the internet. 9:04:42 PM - Unable
to contact server..

Error - 3/1/2012 11:04:53 PM | Computer Name = Allman-PC | Source = MCUpdate | ID = 0
Description = 10:04:53 PM - Error connecting to the internet. 10:04:53 PM - Unable
to contact server..

Error - 3/1/2012 11:04:59 PM | Computer Name = Allman-PC | Source = MCUpdate | ID = 0
Description = 10:04:58 PM - Error connecting to the internet. 10:04:58 PM - Unable
to contact server..

[ OSession Events ]
Error - 7/23/2012 7:36:08 PM | Computer Name = Allman-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35184
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/19/2012 5:47:51 AM | Computer Name = Allman-PC | Source = RasSstp | ID = 1
Description =

Error - 4/19/2012 5:48:27 AM | Computer Name = Allman-PC | Source = RasSstp | ID = 1
Description =

Error - 4/20/2012 3:38:23 AM | Computer Name = Allman-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.

Error - 4/20/2012 3:40:32 AM | Computer Name = Allman-PC | Source = SCardSvr | ID = 610
Description =

Error - 4/20/2012 8:08:13 AM | Computer Name = Allman-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 4/21/2012 9:19:27 AM | Computer Name = Allman-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR5.

Error - 4/21/2012 11:43:42 PM | Computer Name = Allman-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR5.

Error - 4/26/2012 3:59:49 AM | Computer Name = Allman-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = The Program Compatibility Assistant service failed to perform the
phase two initialization.

Error - 4/26/2012 4:01:21 AM | Computer Name = Allman-PC | Source = SCardSvr | ID = 610
Description =

Error - 4/27/2012 5:37:06 PM | Computer Name = Allman-PC | Source = SCardSvr | ID = 610
Description =


< End of report >
Charliea
Active Member
 
Posts: 13
Joined: July 25th, 2012, 11:31 pm

Re: Please help me remove searchnu

Unread postby pgmigg » July 28th, 2012, 3:31 pm

Hello Charliea,

Very nice! Thank you! :)

Let continue our treatment...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
    IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\SearchScopes\{6341569E-2D5F-4668-9D7C-1AB3D9C23C97}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=50E84244-9FC6-48C7-A493-3B3E9B5C88B0&apn_sauid=C1AF8BFB-8D2A-42C6-BCAC-EE725414C27A
    IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
    FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q="
    [2012/07/23 19:22:19 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com
    [2012/07/23 19:22:19 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com
    File not found (No name found) -- C:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
    CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
    O3 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
    [2012/07/27 22:13:18 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{68BBBEC2-8BF2-4087-8710-66A9DD0E0D29}
    [2012/07/27 10:12:41 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{377B244C-5461-4246-9119-52A3C1FAA153}
    [2012/07/27 10:12:22 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{424FB764-DA5F-430B-B9D0-EE834A796EFC}
    [2012/07/27 10:03:12 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{4623B3B6-44A4-4BFA-BAE7-18F2DF886A31}
    [2012/07/26 13:37:05 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{A1BB7F5A-161D-4353-B79F-498A5CDAB72D}
    [2012/07/26 01:36:36 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{24A84871-FF35-4A2F-916F-6552E538BAF3}
    [2012/07/26 01:36:23 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{5C3F4A25-D2E7-47A2-9179-85FF4B9291E3}
    [2012/07/25 13:35:38 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{A77D68F9-609F-4D3C-84E5-774ACCC6F2A0}
    [2012/07/25 13:35:16 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{F321FCAD-FF1A-413A-8676-8F9B3AC4AF35}
    [2012/07/25 00:23:26 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D6285447-177A-40F5-91BC-1233FED0E4CA}
    [2012/07/24 12:22:55 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{B6839429-4311-4AA2-83CB-D8C53DE6649C}
    [2012/07/24 12:22:42 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{AEA9869E-EE3B-4637-AA37-23CB8C6D76B2}
    [2012/07/24 00:20:18 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{EDF7901D-5191-44B0-B721-9722E8C9F259}
    [2012/07/24 00:20:06 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{598647B2-C269-477C-8AC5-47086B9F877A}
    [2012/07/23 12:19:28 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{B6313C20-6E86-4388-8449-A65292DB8E02}
    [2012/07/23 12:19:15 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{CE2601C9-B3DA-4CC2-BE17-A79238A54B3A}
    [2012/07/23 12:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\RobotBoom_60EI
    [2012/07/23 00:18:36 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{306C2CB3-E380-41B9-95FF-31648262D41E}
    [2012/07/22 12:17:42 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{2199E04E-482F-4187-A58E-86FC94A3651F}
    [2012/07/22 00:17:17 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{B1D1277E-BE7D-427A-B03E-2045C9162A14}
    [2012/07/21 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{4B400713-A274-4038-AA26-1F798210C616}
    [2012/07/21 12:16:20 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{829D06E3-67F6-464F-9A4E-AFCC434CC630}
    [2012/07/17 14:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/07/17 14:43:36 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{624A0B98-F388-4FB5-B920-F54A0AE52CA4}
    [2012/07/17 14:43:13 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7F742AD6-2969-4B8B-92AB-177CDA3674E0}
    [2012/07/16 07:47:21 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{79FB95C0-FCD4-4288-AF3B-9A461FE9F451}
    [2012/07/15 19:46:50 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{65C39CD0-4F95-41AD-A83C-93F5CB598A75}
    [2012/07/15 07:45:46 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{B86F3CBA-DC3D-4FB5-83D8-E1752855920D}
    [2012/07/14 19:44:33 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{0311955A-011F-423B-A71B-81477B9F14A2}
    [2012/07/14 07:44:08 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{1D235B01-C8BC-4B56-A1D7-0ED7C22ED457}
    [2012/07/13 19:43:11 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D4935920-CF01-4E7E-A084-E3E766D82725}
    [2012/07/13 07:41:58 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{493996EA-1EDF-4C4E-B05F-E4DB76AC2015}
    [2012/07/13 07:41:47 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{C946B5CD-6B73-4619-88A2-CE16EB27A48E}
    [2012/07/12 19:41:20 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{AEB28F79-47A4-4B0E-ABB3-C4880E1D04C1}
    [2012/07/12 07:40:16 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{2EFB0560-1AF3-4824-B797-DC57E9136228}
    [2012/07/11 19:39:15 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{BF68EB17-F548-4C52-BC59-68DEAA2B5E8E}
    [2012/07/11 19:39:03 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7380E6E6-F55E-4BE8-A9E4-DD91615989D9}
    [2012/07/11 07:38:33 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{C93E859A-E638-4E77-88CF-524B6ED1DCE9}
    [2012/07/11 07:38:18 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{A2B0BDF8-6AB5-4772-BE8D-254BC2370C99}
    [2012/07/10 19:37:47 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{59C38A7D-C6E7-4E89-BD1E-0731BE2BFC21}
    [2012/07/10 19:37:36 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{5E680B55-E491-43E9-A36B-0737F18FE46B}
    [2012/07/10 07:37:05 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{2784A28E-A653-4AD1-9301-153A4C90FD29}
    [2012/07/10 07:36:52 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{09087DC1-F399-45CA-8889-1C83AF3F2BB9}
    [2012/07/09 19:36:09 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{F6E7394C-3453-4D12-B829-DD5B191EE0C2}
    [2012/07/09 19:35:48 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{E084C7BA-26E1-4525-9974-D8D6B7BF0365}
    [2012/07/09 07:34:55 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{4FB4BF7C-4B07-41A9-B41E-D9E1CAD61AE5}
    [2012/07/09 07:34:44 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{5C80CF8B-BD9D-4F13-B4FE-1B4DDE5DAB92}
    [2012/07/08 19:34:18 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7FA3F4F6-B43F-47DB-AE1F-E537B1704CC7}
    [2012/07/08 07:33:54 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{AF67523D-9203-4A95-9716-4231BB128389}
    [2012/07/08 07:33:43 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{23E0BACC-26DE-459F-B961-C69F8F0AAC83}
    [2012/07/07 19:33:16 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D7568DB3-299B-416A-BE4D-05088BAA0F83}
    [2012/07/07 07:32:52 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{2D782D66-4819-4D22-971D-2F2CE0F9D0BF}
    [2012/07/06 19:31:52 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{F449525A-A119-4D29-9833-E425A079E502}
    [2012/07/06 07:30:51 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{AE8A6991-961B-4D2A-AD06-21231FE900B4}
    [2012/07/05 19:30:07 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{43783025-A08B-4420-8E12-49F8505C46B7}
    [2012/07/05 07:29:41 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{724667D3-B62C-42F0-89FE-130450FD40DB}
    [2012/07/04 19:28:45 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{1A9E4DA8-A451-4FDF-BF86-79B377D1F8A7}
    [2012/07/04 19:28:31 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D6DD029E-474D-4A25-AB15-3C65AE8FAB23}
    [2012/07/04 07:28:05 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{138A25DE-B9F3-42E9-9CB4-060BC53F10DA}
    [2012/07/03 19:27:41 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D3D12D47-A4A4-4257-AAE4-495754F10A41}
    [2012/07/03 07:26:52 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D6044834-AA31-4B8A-9408-80597DD3B5B6}
    [2012/07/02 19:25:38 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{24BFDAF3-1F8A-41AA-B938-2F938C584995}
    [2012/07/02 07:25:00 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{584CF7FB-FD14-4895-818C-142F702ECBD1}
    [2012/07/01 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{960A6577-1403-4C16-BE05-FF1CE707E739}
    [2012/07/01 07:23:31 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{9E04C4F8-2EEF-448D-B996-99CDEBE47B62}
    [2012/07/01 07:23:20 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{460D4579-8CA8-4F99-A82F-399CA942738C}
    [2012/06/30 19:22:36 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{631E9E3C-5CF0-4A38-AFE4-A14FF01FBEE6}
    [2012/06/30 07:22:11 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7C9F22A1-850A-4EEE-AA07-7D036512149F}
    [2012/06/30 07:21:57 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{FC457680-3701-4C1D-8975-E169B3748177}
    [2012/06/29 19:19:41 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{2E6BA506-FAFE-4E57-8D61-01F2B4EDEE18}
    [2012/06/29 07:19:09 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{08DA4092-BBF7-4637-9F32-12411A5BA7DD}
    [2012/06/28 19:18:15 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{40A23E2F-EB5B-42EE-84C3-8CC7689CD130}
    [2012/06/28 07:17:07 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7B62E1EB-1469-4ACC-A39E-7F64B9283F41}
    
    :Reg
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes]
    [-HKEY_CURRENT_USER\Software\Conduit]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E}]
    "URL"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E}]
    "FaviconURL"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\AppDataLow\Software\Conduit]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Conduit]
    [HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E}]
    "URL"=-
    [HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E}]
    "FaviconURL"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\searchnu.com]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchnu.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\ilivid.com]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\DOMStorage\ilivid.com]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46AFCA12-BB5F-445F-AF0E-57E62C7468F2}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBA30D9E-18AB-4969-8961-6D4245705CED}]
    "AppPath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS]
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentControl2]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
    [-HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
    [HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
    @="""
    [HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
    @=""
    [-HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
    [-HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
    [-HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
    [-HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
    [-HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
    [-HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\1ClicktorrentFile]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\1ClicktorrentFile1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A692FA47FB82BD113BA600313DEA14A1]
    "82A386B927121FC48BD51473E50856A2"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B692FA47FB82BD113BA600313DEA14A1]
    "82A386B927121FC48BD51473E50856A2"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\AppDataLow\Software\uTorrentControl2]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\Applications\uTorrent.exe]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]
    [HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\btdna\DefaultIcon]
    @=""
    [HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\btdna\shell\open\command]
    @=""
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\Applications\uTorrent.exe]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\Applications\uTorrent.exe\shell\open\command]
    [HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\btdna\DefaultIcon]
    @=""
    [HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\btdna\shell\open\command]
    @=""
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-app]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-skin]
    [-HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\VersionIndependentProgID]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc]
    "path"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YontooSetup-S-11F0_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YontooSetup-S-11F0_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YontooSetup-S-1F4C_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YontooSetup-S-1F4C_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
    "URLInfoAbout"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
    "Contact"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
    "TizPath"=-
    
    :Files
    C:\Program Files\Yontoo
    C:\Program Files\Conduit
    C:\Users\Dad\AppData\Local\Conduit
    C:\Users\Dad\AppData\LocalLow\Conduit 
    C:\Users\Dad\AppData\LocalLow\DataMngr
    c:\users\dad\appdata\local\Ilivid Player
    c:\programdata\boost_interprocess
    C:\Users\Dad\AppData\LocalLow\uTorrentControl2C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\G6JW7W1C\youtube.conduitapps[1].xml
    C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4ZTFIQ5\facebook.conduitapps[1].xml
    C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4ZTFIQ5\storage.conduit[1].xml
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32BF9BE3\atlassolutions2_conduit[1].swf
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3DZEOGS\atlassolutions2_conduit[1].swf 
    C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\G6JW7W1C\www.searchnu[1].xml
    C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\QXF8Z6JZ\www.ilivid[1].xml
    C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\TRBK6YO5\lp.ilivid[1].xml
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2WCKPQO\157191_iLivid-download-play-468X60[1].gif
    C:\Program Files\Common Files\Acronis\BackupScripts\bittorrent.xml
    C:\Program Files\Common Files\Acronis\BackupScripts\utorrent.xml
    C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage
    C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage-journal
    C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\QXF8Z6JZ\forum.utorrent[1].xml
    C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\TRBK6YO5\bar.utorrent[1].xml
    C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4ZTFIQ5\www.utorrent[1].xml
    C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Recent\Torrent downloaded from Demonoid.me.lnk
    C:\Users\Dad\Desktop\Charlies Files\Charlies Files\Adobe_CS3_Master_Collection_Corporate_ISO._Works_.3907426.TPB.torrent 
    C:\Users\Dad\Downloads\uTorrent.exe
    C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com
    C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com
    @C:\ProgramData\TEMP:3B3A302E
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [resethosts]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Edit Chrome Search Engine
  1. Launch Google Chrome, type the following address into the address bar and press Enter:
    Code: Select all
    chrome://chrome/settings/
  2. Click on Manage Search Engines
  3. Highlight Google and select the option for Make Default.
  4. Delete any entries that relate to Seachnu or dts.search-results.
  5. Restart Chrome and see if you are still directed to Searchnu.

Then please try to make a few searches with Google Crhome and If Chrome is still redirecting you then first use the instructions here to change your home page to something like google.com or some other clean site. Then reboot your system and see if Chrome is still being redirected.

If it's still being redirected after changing your home page then please uninstall Chrome, then download and install a clean copy. Please let me know if this resolves the issues.

Step 3.
SystemLook
You should still have SystemLook.exe on your desktop.
  1. Right click on SystemLook.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *Conduit*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *datamngr*
    *Torrent*
    *Yontoo*
    
    :folderfind
    *Conduit*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *datamngr*
    *Torrent*
    *Yontoo*
    
    :Regfind
    Conduit
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    Torrent
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 5.
Fresh OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file will open.
    • OTL.txt <-- Will be opened, maximized
    • Please post the contents of OTL.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Contents of a OTL.txt log file after Fresh OTL scan
  5. Status of redirection from Google Chrome.
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Please help me remove searchnu

Unread postby Charliea » July 28th, 2012, 10:42 pm

After this scan(fix) on reboot I received a blue screen of death and it rebooted several times and kept rebooting so I powered it all the way down and cold booted it and it stayed up this time. Not sure if that is a concern at this point.

OTL Scan Results:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry value HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6341569E-2D5F-4668-9D7C-1AB3D9C23C97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6341569E-2D5F-4668-9D7C-1AB3D9C23C97}\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3467F71-3720-4525-8627-25C49A75794E}\ not found.
Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=139&systemid=406&sr=0&q=" removed from keyword.URL
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com\META-INF folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com\META-INF folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com folder moved successfully.
File C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files\Yontoo\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
Registry value HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}\ not found.
C:\Users\Dad\AppData\Local\{68BBBEC2-8BF2-4087-8710-66A9DD0E0D29} folder moved successfully.
C:\Users\Dad\AppData\Local\{377B244C-5461-4246-9119-52A3C1FAA153} folder moved successfully.
C:\Users\Dad\AppData\Local\{424FB764-DA5F-430B-B9D0-EE834A796EFC} folder moved successfully.
C:\Users\Dad\AppData\Local\{4623B3B6-44A4-4BFA-BAE7-18F2DF886A31} folder moved successfully.
C:\Users\Dad\AppData\Local\{A1BB7F5A-161D-4353-B79F-498A5CDAB72D} folder moved successfully.
C:\Users\Dad\AppData\Local\{24A84871-FF35-4A2F-916F-6552E538BAF3} folder moved successfully.
C:\Users\Dad\AppData\Local\{5C3F4A25-D2E7-47A2-9179-85FF4B9291E3} folder moved successfully.
C:\Users\Dad\AppData\Local\{A77D68F9-609F-4D3C-84E5-774ACCC6F2A0} folder moved successfully.
C:\Users\Dad\AppData\Local\{F321FCAD-FF1A-413A-8676-8F9B3AC4AF35} folder moved successfully.
C:\Users\Dad\AppData\Local\{D6285447-177A-40F5-91BC-1233FED0E4CA} folder moved successfully.
C:\Users\Dad\AppData\Local\{B6839429-4311-4AA2-83CB-D8C53DE6649C} folder moved successfully.
C:\Users\Dad\AppData\Local\{AEA9869E-EE3B-4637-AA37-23CB8C6D76B2} folder moved successfully.
C:\Users\Dad\AppData\Local\{EDF7901D-5191-44B0-B721-9722E8C9F259} folder moved successfully.
C:\Users\Dad\AppData\Local\{598647B2-C269-477C-8AC5-47086B9F877A} folder moved successfully.
C:\Users\Dad\AppData\Local\{B6313C20-6E86-4388-8449-A65292DB8E02} folder moved successfully.
C:\Users\Dad\AppData\Local\{CE2601C9-B3DA-4CC2-BE17-A79238A54B3A} folder moved successfully.
C:\Program Files\RobotBoom_60EI\Installr\2.bin folder moved successfully.
C:\Program Files\RobotBoom_60EI\Installr\1.bin folder moved successfully.
C:\Program Files\RobotBoom_60EI\Installr folder moved successfully.
C:\Program Files\RobotBoom_60EI folder moved successfully.
C:\Users\Dad\AppData\Local\{306C2CB3-E380-41B9-95FF-31648262D41E} folder moved successfully.
C:\Users\Dad\AppData\Local\{2199E04E-482F-4187-A58E-86FC94A3651F} folder moved successfully.
C:\Users\Dad\AppData\Local\{B1D1277E-BE7D-427A-B03E-2045C9162A14} folder moved successfully.
C:\Users\Dad\AppData\Local\{4B400713-A274-4038-AA26-1F798210C616} folder moved successfully.
C:\Users\Dad\AppData\Local\{829D06E3-67F6-464F-9A4E-AFCC434CC630} folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG folder moved successfully.
C:\Users\Dad\AppData\Local\{624A0B98-F388-4FB5-B920-F54A0AE52CA4} folder moved successfully.
C:\Users\Dad\AppData\Local\{7F742AD6-2969-4B8B-92AB-177CDA3674E0} folder moved successfully.
C:\Users\Dad\AppData\Local\{79FB95C0-FCD4-4288-AF3B-9A461FE9F451} folder moved successfully.
C:\Users\Dad\AppData\Local\{65C39CD0-4F95-41AD-A83C-93F5CB598A75} folder moved successfully.
C:\Users\Dad\AppData\Local\{B86F3CBA-DC3D-4FB5-83D8-E1752855920D} folder moved successfully.
C:\Users\Dad\AppData\Local\{0311955A-011F-423B-A71B-81477B9F14A2} folder moved successfully.
C:\Users\Dad\AppData\Local\{1D235B01-C8BC-4B56-A1D7-0ED7C22ED457} folder moved successfully.
C:\Users\Dad\AppData\Local\{D4935920-CF01-4E7E-A084-E3E766D82725} folder moved successfully.
C:\Users\Dad\AppData\Local\{493996EA-1EDF-4C4E-B05F-E4DB76AC2015} folder moved successfully.
C:\Users\Dad\AppData\Local\{C946B5CD-6B73-4619-88A2-CE16EB27A48E} folder moved successfully.
C:\Users\Dad\AppData\Local\{AEB28F79-47A4-4B0E-ABB3-C4880E1D04C1} folder moved successfully.
C:\Users\Dad\AppData\Local\{2EFB0560-1AF3-4824-B797-DC57E9136228} folder moved successfully.
C:\Users\Dad\AppData\Local\{BF68EB17-F548-4C52-BC59-68DEAA2B5E8E} folder moved successfully.
C:\Users\Dad\AppData\Local\{7380E6E6-F55E-4BE8-A9E4-DD91615989D9} folder moved successfully.
C:\Users\Dad\AppData\Local\{C93E859A-E638-4E77-88CF-524B6ED1DCE9} folder moved successfully.
C:\Users\Dad\AppData\Local\{A2B0BDF8-6AB5-4772-BE8D-254BC2370C99} folder moved successfully.
C:\Users\Dad\AppData\Local\{59C38A7D-C6E7-4E89-BD1E-0731BE2BFC21} folder moved successfully.
C:\Users\Dad\AppData\Local\{5E680B55-E491-43E9-A36B-0737F18FE46B} folder moved successfully.
C:\Users\Dad\AppData\Local\{2784A28E-A653-4AD1-9301-153A4C90FD29} folder moved successfully.
C:\Users\Dad\AppData\Local\{09087DC1-F399-45CA-8889-1C83AF3F2BB9} folder moved successfully.
C:\Users\Dad\AppData\Local\{F6E7394C-3453-4D12-B829-DD5B191EE0C2} folder moved successfully.
C:\Users\Dad\AppData\Local\{E084C7BA-26E1-4525-9974-D8D6B7BF0365} folder moved successfully.
C:\Users\Dad\AppData\Local\{4FB4BF7C-4B07-41A9-B41E-D9E1CAD61AE5} folder moved successfully.
C:\Users\Dad\AppData\Local\{5C80CF8B-BD9D-4F13-B4FE-1B4DDE5DAB92} folder moved successfully.
C:\Users\Dad\AppData\Local\{7FA3F4F6-B43F-47DB-AE1F-E537B1704CC7} folder moved successfully.
C:\Users\Dad\AppData\Local\{AF67523D-9203-4A95-9716-4231BB128389} folder moved successfully.
C:\Users\Dad\AppData\Local\{23E0BACC-26DE-459F-B961-C69F8F0AAC83} folder moved successfully.
C:\Users\Dad\AppData\Local\{D7568DB3-299B-416A-BE4D-05088BAA0F83} folder moved successfully.
C:\Users\Dad\AppData\Local\{2D782D66-4819-4D22-971D-2F2CE0F9D0BF} folder moved successfully.
C:\Users\Dad\AppData\Local\{F449525A-A119-4D29-9833-E425A079E502} folder moved successfully.
C:\Users\Dad\AppData\Local\{AE8A6991-961B-4D2A-AD06-21231FE900B4} folder moved successfully.
C:\Users\Dad\AppData\Local\{43783025-A08B-4420-8E12-49F8505C46B7} folder moved successfully.
C:\Users\Dad\AppData\Local\{724667D3-B62C-42F0-89FE-130450FD40DB} folder moved successfully.
C:\Users\Dad\AppData\Local\{1A9E4DA8-A451-4FDF-BF86-79B377D1F8A7} folder moved successfully.
C:\Users\Dad\AppData\Local\{D6DD029E-474D-4A25-AB15-3C65AE8FAB23} folder moved successfully.
C:\Users\Dad\AppData\Local\{138A25DE-B9F3-42E9-9CB4-060BC53F10DA} folder moved successfully.
C:\Users\Dad\AppData\Local\{D3D12D47-A4A4-4257-AAE4-495754F10A41} folder moved successfully.
C:\Users\Dad\AppData\Local\{D6044834-AA31-4B8A-9408-80597DD3B5B6} folder moved successfully.
C:\Users\Dad\AppData\Local\{24BFDAF3-1F8A-41AA-B938-2F938C584995} folder moved successfully.
C:\Users\Dad\AppData\Local\{584CF7FB-FD14-4895-818C-142F702ECBD1} folder moved successfully.
C:\Users\Dad\AppData\Local\{960A6577-1403-4C16-BE05-FF1CE707E739} folder moved successfully.
C:\Users\Dad\AppData\Local\{9E04C4F8-2EEF-448D-B996-99CDEBE47B62} folder moved successfully.
C:\Users\Dad\AppData\Local\{460D4579-8CA8-4F99-A82F-399CA942738C} folder moved successfully.
C:\Users\Dad\AppData\Local\{631E9E3C-5CF0-4A38-AFE4-A14FF01FBEE6} folder moved successfully.
C:\Users\Dad\AppData\Local\{7C9F22A1-850A-4EEE-AA07-7D036512149F} folder moved successfully.
C:\Users\Dad\AppData\Local\{FC457680-3701-4C1D-8975-E169B3748177} folder moved successfully.
C:\Users\Dad\AppData\Local\{2E6BA506-FAFE-4E57-8D61-01F2B4EDEE18} folder moved successfully.
C:\Users\Dad\AppData\Local\{08DA4092-BBF7-4637-9F32-12411A5BA7DD} folder moved successfully.
C:\Users\Dad\AppData\Local\{40A23E2F-EB5B-42EE-84C3-8CC7689CD130} folder moved successfully.
C:\Users\Dad\AppData\Local\{7B62E1EB-1469-4ACC-A39E-7F64B9283F41} folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Conduit\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E} not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\AppDataLow\Software\Conduit\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Conduit\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E} not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E3467F71-3720-4525-8627-25C49A75794E} not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\searchnu.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchnu.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\ilivid.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\DOMStorage\ilivid.com\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46AFCA12-BB5F-445F-AF0E-57E62C7468F2}\\AppPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBA30D9E-18AB-4969-8961-6D4245705CED}\\AppPath deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentControl2\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\ deleted successfully.
HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon\\@|""" /E : value set successfully!
HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command\\@|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\1ClicktorrentFile\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\1ClicktorrentFile1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A692FA47FB82BD113BA600313DEA14A1\\82A386B927121FC48BD51473E50856A2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B692FA47FB82BD113BA600313DEA14A1\\82A386B927121FC48BD51473E50856A2 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\AppDataLow\Software\uTorrentControl2\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Internet Explorer\DOMStorage\utorrent.com\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\Applications\uTorrent.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command\ not found.
HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\btdna\DefaultIcon\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\btdna\shell\open\command\\@|"" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\Applications\uTorrent.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\Applications\uTorrent.exe\shell\open\command\ not found.
HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\btdna\DefaultIcon\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\btdna\shell\open\command\\@|"" /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-app\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-appinst\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-key\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrent-skin\ not found.
Registry key HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\bittorrent\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.bittorrent\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\all-bittorrent.com\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\bittorrent\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.bittorrent\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\VersionIndependentProgID\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc\\path deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YontooSetup-S-11F0_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YontooSetup-S-11F0_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YontooSetup-S-1F4C_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YontooSetup-S-1F4C_RASMANCS\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\\InstallLocation deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\\DisplayName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\\Publisher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\\URLInfoAbout deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\\Contact deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\\TizPath deleted successfully.
========== FILES ==========
C:\Program Files\Yontoo folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Users\Dad\AppData\Local\Conduit folder moved successfully.
C:\Users\Dad\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
C:\Users\Dad\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Users\Dad\AppData\LocalLow\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Users\Dad\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Users\Dad\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Users\Dad\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Users\Dad\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Users\Dad\AppData\LocalLow\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Users\Dad\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\Users\Dad\AppData\LocalLow\Conduit folder moved successfully.
C:\Users\Dad\AppData\LocalLow\DataMngr folder moved successfully.
File\Folder c:\users\dad\appdata\local\Ilivid Player not found.
c:\programdata\boost_interprocess\3EFE15542E69CD01 folder moved successfully.
c:\programdata\boost_interprocess folder moved successfully.
File\Folder C:\Users\Dad\AppData\LocalLow\uTorrentControl2C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\G6JW7W1C\youtube.conduitapps[1].xml not found.
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4ZTFIQ5\facebook.conduitapps[1].xml moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4ZTFIQ5\storage.conduit[1].xml moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32BF9BE3\atlassolutions2_conduit[1].swf moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3DZEOGS\atlassolutions2_conduit[1].swf moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\G6JW7W1C\www.searchnu[1].xml moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\QXF8Z6JZ\www.ilivid[1].xml moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\TRBK6YO5\lp.ilivid[1].xml moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2WCKPQO\157191_iLivid-download-play-468X60[1].gif moved successfully.
C:\Program Files\Common Files\Acronis\BackupScripts\bittorrent.xml moved successfully.
C:\Program Files\Common Files\Acronis\BackupScripts\utorrent.xml moved successfully.
C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage moved successfully.
C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage-journal moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\QXF8Z6JZ\forum.utorrent[1].xml moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\TRBK6YO5\bar.utorrent[1].xml moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4ZTFIQ5\www.utorrent[1].xml moved successfully.
C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Recent\Torrent downloaded from Demonoid.me.lnk moved successfully.
C:\Users\Dad\Desktop\Charlies Files\Charlies Files\Adobe_CS3_Master_Collection_Corporate_ISO._Works_.3907426.TPB.torrent moved successfully.
C:\Users\Dad\Downloads\uTorrent.exe moved successfully.
File\Folder C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com not found.
File\Folder C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com not found.
ADS C:\ProgramData\TEMP:3B3A302E deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dad\Desktop\Malware Fix Files\cmd.bat deleted successfully.
C:\Users\Dad\Desktop\Malware Fix Files\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dad
->Temp folder emptied: 1574442 bytes
->Temporary Internet Files folder emptied: 4893723 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55198196 bytes
->Google Chrome cache emptied: 192368684 bytes
->Flash cache emptied: 2872 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Hannah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 208 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 242.00 mb


[EMPTYFLASH]

User: All Users

User: Dad
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Hannah
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Dad
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Hannah
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 07282012_212708

Files\Folders moved on Reboot...
C:\Users\Dad\AppData\Local\Temp\REG7938.tmp moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNUQ3ZX7\viewtopic[1].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\Dad\AppData\Local\Temp\REG7938.tmp not found!
File C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNUQ3ZX7\viewtopic[1].htm not found!

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File\Folder C:\Users\Dad\AppData\Local\Temp\REG7938.tmp not found!
File\Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File\Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNUQ3ZX7\viewtopic[1].htm not found!

PendingFileRenameOperations files...
File C:\Users\Dad\AppData\Local\Temp\REG7938.tmp not found!
File C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNUQ3ZX7\viewtopic[1].htm not found!

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File\Folder C:\Users\Dad\AppData\Local\Temp\REG7938.tmp not found!
File\Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File\Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNUQ3ZX7\viewtopic[1].htm not found!

PendingFileRenameOperations files...
File C:\Users\Dad\AppData\Local\Temp\REG7938.tmp not found!
File C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNUQ3ZX7\viewtopic[1].htm not found!

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File\Folder C:\Users\Dad\AppData\Local\Temp\REG7938.tmp not found!
File\Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File\Folder C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNUQ3ZX7\viewtopic[1].htm not found!

PendingFileRenameOperations files...
File C:\Users\Dad\AppData\Local\Temp\REG7938.tmp not found!
File C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNUQ3ZX7\viewtopic[1].htm not found!

Registry entries deleted on Reboot...


More to come...
Charliea
Active Member
 
Posts: 13
Joined: July 25th, 2012, 11:31 pm

Re: Please help me remove searchnu

Unread postby Charliea » July 28th, 2012, 10:47 pm

I dited chrome search engines and did find a dts.search-results set google as default. I removed it restarted chrome and serached for CNN but when i clicked on the link it took me to a porn like site. So I went back in and took out the other search engines except for Googel. (yahoo, and two bing ones i believe). On another note google search doesnt work at all in FireFox I cant go to any website in FF with the word google I keep getting "server cant be found" error.

SystemLook Results:

SystemLook 30.07.11 by jpshortstuff
Log created at 22:30 on 28/07/2012 by Dad
Administrator - Elevation successful

========== filefind ==========

Searching for "*Conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206120 bytes [17:44 20/01/2012] [17:44 20/01/2012] 976934130CD5C5DBD2DC977B298DF525
C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist --a---- 11408 bytes [18:57 09/10/2011] [18:57 09/10/2011] AB18CD2A656AE753C30E6276EC3DA0C2
C:\Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\G6JW7W1C\youtube.conduitapps[1].xml --a---- 13 bytes [23:59 23/07/2012] [23:59 23/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4ZTFIQ5\facebook.conduitapps[1].xml --a---- 13 bytes [23:59 23/07/2012] [23:59 23/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4ZTFIQ5\storage.conduit[1].xml --a---- 13 bytes [01:58 24/07/2012] [01:58 24/07/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_US.xml --a---- 192 bytes [00:00 24/07/2012] [00:17 24/07/2012] F159884E3BCD46C383F9086F4BF788C1
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1613210_1606743_US.xml --a---- 190 bytes [01:58 24/07/2012] [02:08 24/07/2012] 5104B1E2708FE4D1777D6DAE57A1F211
C:\_OTL\MovedFiles\07282012_212708\C_Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32BF9BE3\atlassolutions2_conduit[1].swf --a---- 2756 bytes [16:13 27/07/2012] [16:13 27/07/2012] 4672CCDCC217C1E66DEB31794BE8BFE1
C:\_OTL\MovedFiles\07282012_212708\C_Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3DZEOGS\atlassolutions2_conduit[1].swf --a---- 2756 bytes [03:44 26/07/2012] [03:44 26/07/2012] 4672CCDCC217C1E66DEB31794BE8BFE1

Searching for "*Searchnu*"
C:\Users\Dad\Favorites\MalWare Removal • View topic - Please help me remove searchnu.url --a---- 287 bytes [03:50 26/07/2012] [03:50 26/07/2012] 7EB6BCFB936564B4922AFB206497ECE2
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\G6JW7W1C\www.searchnu[1].xml --a---- 13675 bytes [02:08 24/07/2012] [20:15 25/07/2012] 987E4E95BDBF930FA8F35A2C2F74AEC8

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\QXF8Z6JZ\www.ilivid[1].xml --a---- 27352 bytes [02:02 24/07/2012] [02:02 24/07/2012] D549FF61E019A1C522251C29683B6DA1
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\TRBK6YO5\lp.ilivid[1].xml --a---- 13657 bytes [01:58 24/07/2012] [01:58 24/07/2012] 4E0C69B8DE178CFAD7DA2A418FC9D923
C:\_OTL\MovedFiles\07282012_212708\C_Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2WCKPQO\157191_iLivid-download-play-468X60[1].gif --a---- 11529 bytes [16:35 27/07/2012] [16:35 27/07/2012] ED15F62C5DD9027F6AD0E74B06BD9EFC

Searching for "*datamngr*"
No files found.

Searching for "*Torrent*"
C:\Users\Dad\Desktop\Charlies Files\Music\MP3\MP3-1\085 - High School Musical 3 - Now or Never [Torrent Tatty] (™ Hollywood).mp3 --a---- 8213272 bytes [16:43 27/01/2012] [03:14 24/08/2009] A5103F9405EA74E2510AE2C766267A37
C:\_OTL\MovedFiles\07282012_212708\C_Program Files\Common Files\Acronis\BackupScripts\bittorrent.xml --a---- 4704 bytes [16:40 22/06/2011] [16:40 22/06/2011] EC6B80328ED0A32AEC6DEE580B94234F
C:\_OTL\MovedFiles\07282012_212708\C_Program Files\Common Files\Acronis\BackupScripts\utorrent.xml --a---- 5788 bytes [16:40 22/06/2011] [16:40 22/06/2011] BB6918D4319EA5B3B139F3CB7D28DE22
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage --a---- 3072 bytes [04:58 26/07/2012] [04:58 26/07/2012] EAD5E6EADCE6D577E955877D82FD8D38
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage-journal --a---- 3608 bytes [04:58 26/07/2012] [04:58 26/07/2012] A680A6DBD9A4A94DF19D73D873011A6F
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\QXF8Z6JZ\forum.utorrent[1].xml --a---- 13715 bytes [00:21 24/07/2012] [00:21 24/07/2012] AEC27BE5F16C6D807700E7BFF805E0A7
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\TRBK6YO5\bar.utorrent[1].xml --a---- 83 bytes [23:59 23/07/2012] [23:59 23/07/2012] F2D3DFCEB92C856F05A3DE828240EC9C
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Local\Microsoft\Internet Explorer\DOMStore\X4ZTFIQ5\www.utorrent[1].xml --a---- 13758 bytes [23:59 23/07/2012] [23:59 23/07/2012] 30DDAB0D940A6586920A1D418503040A
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Roaming\Microsoft\Windows\Recent\Torrent downloaded from Demonoid.me.lnk --a---- 930 bytes [23:43 23/07/2012] [23:43 23/07/2012] F42D9D25F28991A4B3CFAB0E1DCF0CE4
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\Desktop\Charlies Files\Charlies Files\Adobe_CS3_Master_Collection_Corporate_ISO._Works_.3907426.TPB.torrent --a---- 34560 bytes [16:34 27/01/2012] [20:40 19/04/2011] 2EB436068BDF59DE656593BBE083A00C
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\Downloads\uTorrent.exe --a---- 895376 bytes [23:34 23/07/2012] [23:34 23/07/2012] 5A836FD41BD78AF1036C3F2FCEE3074E

Searching for "*Yontoo*"
C:\_OTL\MovedFiles\07282012_212708\C_Program Files\Yontoo\YontooIEClient.dll --a---- 194928 bytes [23:22 23/07/2012] [18:37 16/05/2012] 4BF437CDDF8C692738CFA413231C9B3C

========== folderfind ==========

Searching for "*Conduit*"
C:\_OTL\MovedFiles\07282012_212708\C_Program Files\Conduit d------ [23:36 23/07/2012]
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Local\Conduit d------ [23:36 23/07/2012]
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\LocalLow\Conduit d------ [23:36 23/07/2012]

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\07282012_032828\C_Users\Dad\AppData\locallow\searchquband d------ [02:02 24/07/2012]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\07282012_032828\C_Users\Dad\AppData\Local\Ilivid Player d------ [02:02 24/07/2012]

Searching for "*datamngr*"
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\LocalLow\DataMngr d------ [02:02 24/07/2012]

Searching for "*Torrent*"
C:\Users\Dad\AppData\LocalLow\uTorrentControl2 d------ [23:36 23/07/2012]

Searching for "*Yontoo*"
C:\_OTL\MovedFiles\07282012_212708\C_Program Files\Yontoo d------ [23:22 23/07/2012]
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\plugin@yontoo.com d------ [23:22 23/07/2012]
C:\_OTL\MovedFiles\07282012_212708\C_Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com d------ [23:22 23/07/2012]

========== Regfind ==========

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"D4EDA1F8CAFEA5F43B64322C86F7FA05"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\D4EDA1F8CAFEA5F43B64322C86F7FA05]
"File"="iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"D4EDA1F8CAFEA5F43B64322C86F7FA05"="C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "Torrent"
[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-162044061-3829153858-3278826119-1000_Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
@="YontooIEClient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32]
@="C:\Program Files\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
@="Yontoo Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32]
@="C:\Program Files\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID]
@="YontooIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID]
@="YontooIEClient.Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]
@="YontooIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]
@="C:\Program Files\Yontoo\YontooIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]
@="C:\Program Files\Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
@="Yontoo"

-= EOF =-


More on the way....
Charliea
Active Member
 
Posts: 13
Joined: July 25th, 2012, 11:31 pm

Re: Please help me remove searchnu

Unread postby Charliea » July 28th, 2012, 11:04 pm

I looked everywhere on the OTL screen and did not see a "Include 64bit scans"

Fresh OTL Scan:

OTL logfile created on: 7/28/2012 10:51:34 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dad\Desktop\Malware Fix Files
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 22.06% Memory free
4.99 Gb Paging File | 2.61 Gb Available in Paging File | 52.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 217.88 Gb Free Space | 73.12% Space Free | Partition Type: NTFS

Computer Name: ALLMAN-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/28 03:24:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\Malware Fix Files\OTL.exe
PRC - [2012/07/26 01:00:43 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\Dad\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/25 10:14:09 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Expert\363\g2ax_user_expert.exe
PRC - [2011/12/25 10:14:09 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Expert\363\g2ax_start.exe
PRC - [2011/12/25 10:14:09 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Express Expert\363\g2ax_comm_expert.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/06/22 12:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 12:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/06/22 12:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/23 18:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2011/02/18 01:39:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/02/16 12:58:12 | 000,856,064 | ---- | M] (Christian Diefer) -- C:\Program Files\I8kfanGUI\I8kfanGUI.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/12/26 02:41:29 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/12/26 02:41:29 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/12/26 02:41:29 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/12/26 02:41:29 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/12/26 02:41:29 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/12/26 02:41:29 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/12/26 02:41:29 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/12/26 02:41:29 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/12/26 02:41:28 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/12/26 02:41:28 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/12/26 02:41:28 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/12/26 02:41:27 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/12/26 02:41:25 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/12/26 02:41:25 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/12/26 02:41:24 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/12/26 02:41:24 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/12/26 02:41:24 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/12/26 02:41:24 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/12/26 02:41:23 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/12/26 02:41:22 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/12/26 02:41:22 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/12/26 02:41:22 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/12/26 02:41:21 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/12/26 02:41:21 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/12/26 02:41:21 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/12/26 02:41:21 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/12/26 02:41:20 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/12/26 02:41:20 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/12/26 02:41:20 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/12/26 02:41:20 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/12/26 02:41:19 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/12/26 02:41:18 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/12/26 02:41:18 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/12/26 02:41:17 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/12/22 01:58:48 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/18 02:14:20 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/22 12:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/08/12 20:47:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dad\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/12/20 13:10:16 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/12/20 13:10:12 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2011/12/20 13:10:11 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53)
DRV - [2011/12/20 13:10:09 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/09 17:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/03/06 11:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/16 05:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\Windows\System32\drivers\fanio.sys -- (fanio)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 D5 43 EB 93 6C CD 01 [binary data]
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresult ... =chrome&q={searchTerms}
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\..\SearchScopes\{A57FBB2D-AD3D-45A7-B21B-4DF179BC8A58}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.defaultengine: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.Retrogamer_4w.com/Plugin: C:\Program Files\Retrogamer_4wEI\Installr\1.bin\NP4wEISB.dll (Retrogamer)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dad\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dad\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/17 14:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 09:26:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 02:14:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/23 22:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2012/07/23 19:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/28 21:27:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/07/28 21:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions
[2011/12/20 13:11:43 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/12/20 13:14:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/22 03:54:21 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\gamesbar@oberon-media.com
[2012/07/23 19:22:11 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\extensions\OneClickDownload@OneClickDownload.com
[2012/07/26 01:11:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.charlie\extensions
[2012/06/27 13:12:07 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.charlie\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/05/23 23:51:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.charlie\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/05/23 23:51:23 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.charlie\extensions\en-US@dictionaries.addons.mozilla.org
[2012/07/23 22:03:35 | 000,002,519 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9z7877qi.default\searchplugins\Search_Results.xml
[2012/07/23 22:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/07/18 02:14:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/29 12:36:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/22 03:54:21 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober7151117.xml
[2012/07/23 22:03:35 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/12/29 12:36:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.facebook.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.facebook.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Retrogamer Installer Plugin Stub (Enabled) = C:\Program Files\Retrogamer_4wEI\Installr\1.bin\NP4wEISB.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dad\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/28 21:29:07 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Reg Error: Value error.) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000..\Run: [GoToAssist Express Expert] C:\Program Files\Citrix\GoToAssist Express Expert\363\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-162044061-3829153858-3278826119-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B44AA32-4E3A-4B0C-B36E-972416B69767}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4587C63-D925-4209-AB90-0E4554E042E9}: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b92a6d28-ac06-11e1-b7c3-001a6b26cc12}\Shell - "" = AutoRun
O33 - MountPoints2\{b92a6d28-ac06-11e1-b7c3-001a6b26cc12}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 22:14:42 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{CA69F5F5-99D8-492E-8AEB-49510AC08D91}
[2012/07/28 22:14:29 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{21C09D2A-DEAC-42ED-A584-5B2A12710C19}
[2012/07/28 10:13:58 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{90AF7F47-D68A-474C-BDAE-432F9C4AFA5B}
[2012/07/28 10:13:47 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{2374E3D2-EDA7-4219-A433-EA0E54D9623F}
[2012/07/28 03:57:37 | 000,000,000 | ---D | C] -- C:\Users\Dad\Desktop\Malware Fix Files
[2012/07/28 03:28:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/27 09:56:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/26 00:56:49 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/26 00:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/26 00:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/26 00:23:55 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/26 00:23:55 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/26 00:23:06 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/26 00:23:05 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/26 00:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/26 00:14:17 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\QuickScan
[2012/07/23 19:36:25 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\CRE
[2012/07/23 19:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012/07/23 19:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\wxDownload Fast
[2012/07/23 19:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/07/23 19:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\WxDFastUpdater
[2012/07/23 19:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/07/21 12:22:42 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Nero_AG
[2012/07/21 12:22:10 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Nero
[2012/07/21 12:21:47 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Nero
[2012/07/21 12:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/07/21 12:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012/07/21 12:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/07/21 12:04:56 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2012/07/21 12:04:35 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2012/07/21 12:04:10 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2012/07/21 12:03:36 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012/07/21 12:03:04 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2012/07/21 12:02:20 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2012/07/21 12:01:13 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2012/07/21 11:59:42 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2012/07/21 11:58:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2012/07/21 11:57:57 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2012/07/21 11:57:28 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012/07/10 18:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012/07/10 18:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/07/04 15:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/04 15:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/04 15:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/04 15:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/04 15:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/07/28 21:54:44 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 21:54:44 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 21:46:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/28 21:46:36 | 2011,787,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/28 21:36:27 | 271,152,175 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/28 21:29:07 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/07/28 21:06:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-162044061-3829153858-3278826119-1000UA.job
[2012/07/28 18:26:27 | 102,391,247 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/07/28 03:21:55 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/28 03:21:55 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/27 18:31:19 | 000,248,307 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/07/26 01:06:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-162044061-3829153858-3278826119-1000Core.job
[2012/07/26 00:56:58 | 000,002,303 | ---- | M] () -- C:\Users\Dad\Desktop\Google Chrome.lnk
[2012/07/26 00:22:42 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/26 00:22:42 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/24 13:09:50 | 000,426,568 | ---- | M] () -- C:\Users\Dad\Desktop\BlackOpsII.pdf
[2012/07/24 02:48:22 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 01:36:08 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/07/21 12:20:30 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012/07/18 00:30:43 | 000,443,522 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120724-021952.backup
[2012/07/17 14:49:03 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/11 15:28:36 | 000,240,090 | ---- | M] () -- C:\Users\Dad\Desktop\labcorp.pdf
[2012/07/10 07:18:49 | 000,168,039 | ---- | M] () -- C:\Users\Dad\Desktop\wren.pdf
[2012/07/09 05:42:26 | 000,046,963 | ---- | M] () -- C:\Users\Dad\Desktop\log
[2012/07/05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/04 15:27:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/27 09:56:25 | 271,152,175 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/26 00:56:58 | 000,002,303 | ---- | C] () -- C:\Users\Dad\Desktop\Google Chrome.lnk
[2012/07/26 00:55:46 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-162044061-3829153858-3278826119-1000UA.job
[2012/07/26 00:55:42 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-162044061-3829153858-3278826119-1000Core.job
[2012/07/24 13:09:48 | 000,426,568 | ---- | C] () -- C:\Users\Dad\Desktop\BlackOpsII.pdf
[2012/07/21 12:20:30 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012/07/11 15:28:35 | 000,240,090 | ---- | C] () -- C:\Users\Dad\Desktop\labcorp.pdf
[2012/07/10 07:20:22 | 000,168,039 | ---- | C] () -- C:\Users\Dad\Desktop\wren.pdf
[2012/07/09 05:42:26 | 000,046,963 | ---- | C] () -- C:\Users\Dad\Desktop\log
[2012/07/04 15:27:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/23 23:35:09 | 000,000,507 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/04/23 23:28:59 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012/02/17 17:00:12 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/12/25 10:14:06 | 000,110,968 | ---- | C] () -- C:\Users\Dad\g2ax_expert_downloadhelper_win32_x86.exe
[2011/12/22 20:30:41 | 000,000,412 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\All CPU Meter_Settings.ini
[2011/12/22 14:44:36 | 000,000,447 | ---- | C] () -- C:\Program Files\1222201113443591.bat
[2011/12/21 03:36:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/08/12 20:33:21 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2010/08/12 20:33:21 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2010/08/12 20:33:21 | 001,503,232 | ---- | C] () -- C:\Windows\System32\nView.dll
[2010/08/12 20:33:21 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2010/08/12 20:33:21 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2010/08/12 20:33:21 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2010/08/12 20:33:21 | 000,158,240 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe

< End of report >
Charliea
Active Member
 
Posts: 13
Joined: July 25th, 2012, 11:31 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware