Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

http://www.searchnu.com/406?tag=newtab

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

http://www.searchnu.com/406?tag=newtab

Unread postby reefscapes » April 28th, 2012, 12:41 pm

Hello,

I am new to this forum so please if I'm doing something wrong let me know. I have read through numerous posts regarding this malware issue and have rid most of it from my computer. but still have this come up when I open a new tab on firefox. Here is my log file from SystemLook...

SystemLook 30.07.11 by jpshortstuff
Log created at 10:27 on 28/04/2012 by Justin
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\Justin\Downloads\iLividSetupV1.exe --a---- 516136 bytes [17:17 26/04/2012] [17:17 26/04/2012] 580DD7ECEBEDFAF0C32B327DB9E92CF0

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll --a---- 1236408 bytes [15:33 19/08/2011] [10:36 09/08/2011] BA175AA6B7CCF43E0F9DB6B5F5E873D8
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe --a---- 1598392 bytes [15:33 19/08/2011] [10:36 09/08/2011] E4AB479025B918079DEE289A7CF66246
C:\Program Files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll --a---- 351232 bytes [17:18 26/04/2012] [14:38 02/08/2011] 4D9F92DF1AA8AA39F7645C27D6E7CB1A
C:\Program Files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 981 bytes [17:18 26/04/2012] [12:11 12/03/2012] B4E345F24F98FD5690FA1B2D7F5DC3BD
C:\Program Files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll --a---- 351744 bytes [17:18 26/04/2012] [12:11 12/03/2012] 1AC803089576DF214AB0D5B266963274
C:\Program Files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll --a---- 351744 bytes [17:18 26/04/2012] [12:11 12/03/2012] 4DD4BB84149826D6ED76090EBACA0091
C:\Program Files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 355840 bytes [17:18 26/04/2012] [12:09 12/03/2012] BB16A34A7E14048C4657FB24E723BA92
C:\Program Files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 351744 bytes [17:18 26/04/2012] [12:09 12/03/2012] FD5B2DCC9D0BDF339B330DDF9AE889F2
C:\Program Files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 351744 bytes [17:18 26/04/2012] [12:10 12/03/2012] B5087EBC621FA459653A233716F99248
C:\Program Files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 351744 bytes [17:18 26/04/2012] [12:10 12/03/2012] DF1B9DEDFC3F97B9E922522EF6E4CDF2
C:\Program Files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 351744 bytes [17:18 26/04/2012] [12:10 12/03/2012] 334C747E342546D01A65EDE11A92DF1E
C:\Program Files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll --a---- 351744 bytes [17:18 26/04/2012] [12:11 12/03/2012] C5F107775CF025C828ED5636486FA85F
C:\Program Files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll --a---- 351744 bytes [17:18 26/04/2012] [12:11 12/03/2012] B6208CA135BA5C8FAC464D93C45C7751
C:\Program Files\BearShare Applications\MediaBar\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 16184 bytes [17:18 26/04/2012] [06:50 25/10/2011] 74EA142FA2CF77FA2306892E2B45FA13

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\Users\Justin\AppData\Local\Ilivid Player d------ [17:19 26/04/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Program Files\BearShare Applications\MediaBar\Datamngr d------ [15:33 19/08/2011]
C:\Users\Justin\AppData\LocalLow\DataMngr d------ [15:36 19/08/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=2&qu={searchTerms}&ft=json"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
@="SearchQUIEHelper.UrlHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=2&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=2&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=406&qu={searchTerms}&ft=json"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bb52a5b_0]
@="{0.0.0.00000000}.{fa5907f9-7789-49b5-97dc-0e09295f7077}|\Device\HarddiskVolume2\Program Files\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bb52a5b_0]
@="{0.0.0.00000000}.{fa5907f9-7789-49b5-97dc-0e09295f7077}|\Device\HarddiskVolume2\Program Files\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\Datamngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\InprocServer32]
@="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32]
@="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\InprocServer32]
@="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32]
@="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\InprocServer32]
@="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DnsBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\0\win32]
@="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\HELPDIR]
@="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\0\win32]
@="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\HELPDIR]
@="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\0\win32]
@="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DnsBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\HELPDIR]
@="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D525F51-BF01-4F1D-8E29-3C04E0B3BDBE}]
"AppPath"="C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{972FECC0-87C6-4FEB-A561-DC94438E57F3}]
"AppPath"="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DBC2040622EA554F93391A2BD60905C]
"00000000000000000000000000000000"="C:\Users\Justin\AppData\Local\Temp\SetupDataMngr_BearShare.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3C5AAA84864EDB4C8FB098047BDEE96]
"938426F5D749AE64DB36DF48C7A16C1F"="C:\Users\Justin\AppData\Local\Temp\SetupDataMngr_BearShare.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3C5AAA84864EDB4C8FB098047BDEE96]
"00000000000000000000000000000000"="C:\Users\Justin\AppData\Local\Temp\SetupDataMngr_BearShare.exe"
[HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Datamngr]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
reefscapes
Member+
 
Posts: 14
Joined: April 27th, 2012, 7:13 pm

Re: http://www.searchnu.com/406?tag=newtab

Unread postby Gary R » April 28th, 2012, 3:34 pm

Back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 19182
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: http://www.searchnu.com/406?tag=newtab

Unread postby Gary R » April 28th, 2012, 3:37 pm

Let's not start jumping ahead of ourselves here. It's not a good idea to follow other people's fixes as a means to cure your own problems, even if your symptoms are similar there may be other mitigating factors that influence the course of action we need to take to remove your infection.

So, before we start removing your infection, let's start from the beginning and see what's on your computer, and what needs to be done to clean your machine.

First

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 19182
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: http://www.searchnu.com/406?tag=newtab

Unread postby reefscapes » April 28th, 2012, 6:33 pm

Yea, I realized that after reading a couple other posts. Hope it didn't jeopardize anything. Here are the files


OTL logfile created on: 4/28/2012 4:20:51 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Justin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 43.69% Memory free
6.18 Gb Paging File | 4.28 Gb Available in Paging File | 69.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.76 Gb Total Space | 57.08 Gb Free Space | 25.74% Space Free | Partition Type: NTFS
Drive D: | 11.12 Gb Total Space | 4.49 Gb Free Space | 40.39% Space Free | Partition Type: NTFS

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/28 16:19:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
PRC - [2012/04/19 18:56:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/04/12 08:54:01 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/30 10:20:26 | 000,065,608 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2012/03/30 10:20:21 | 005,572,168 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/03/29 12:43:58 | 020,670,304 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/02/24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/21 03:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/09/27 17:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
PRC - [2007/09/13 15:09:44 | 000,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
PRC - [2007/01/30 12:37:20 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/01/30 12:36:26 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/28 16:16:55 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/28 16:16:55 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/26 20:41:12 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/26 20:41:12 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/04/25 02:40:54 | 000,085,288 | ---- | M] () -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\RadioWMPCoreGecko11.dll
MOD - [2012/04/12 08:54:00 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/11 23:11:43 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\03720d4ccc7abcf2145cf3c01e94ddb9\WindowsFormsIntegration.ni.dll
MOD - [2012/04/11 23:09:32 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86f6e2383ca898849c321080b32b66f8\System.ServiceProcess.ni.dll
MOD - [2012/04/11 23:09:31 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll
MOD - [2012/04/11 23:03:10 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012/04/11 23:02:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012/04/11 23:02:42 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll
MOD - [2012/04/11 23:02:05 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll
MOD - [2012/03/30 10:20:25 | 000,104,008 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2012/03/30 10:15:15 | 000,548,000 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll
MOD - [2012/03/29 12:44:18 | 002,180,968 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\ThreatWork.dll
MOD - [2012/02/16 00:35:06 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll
MOD - [2012/02/16 00:33:36 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c12259751030b8fb693006bb6e7dd55f\System.IdentityModel.ni.dll
MOD - [2012/02/16 00:33:34 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a4b9d424cd4509b6b76fba81f347f561\System.Runtime.Serialization.ni.dll
MOD - [2012/02/16 00:33:30 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\696e2d9a6491947cd89ead8cc4cc658a\SMDiagnostics.ni.dll
MOD - [2012/02/16 00:33:29 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\effa6ad5369cea835146937a5635275b\System.ServiceModel.ni.dll
MOD - [2012/02/16 00:32:33 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll
MOD - [2012/02/16 00:32:26 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\0ef893bbf33d38a1f7a63b9cee2dabfe\System.Transactions.ni.dll
MOD - [2012/02/16 00:31:51 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\96b4cdba0397f94416df0fa211f73441\System.Security.ni.dll
MOD - [2012/02/16 00:31:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/16 00:30:15 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/16 00:29:29 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll
MOD - [2012/02/16 00:29:19 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012/02/16 00:28:42 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/02/16 00:28:32 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/11 23:35:19 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll
MOD - [2011/10/11 23:28:42 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/15 15:41:50 | 000,507,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MOD - [2011/07/15 15:41:49 | 000,569,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/03/29 22:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 22:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/09/27 17:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/04/26 16:19:08 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/30 10:20:26 | 000,065,608 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe -- (N360)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/30 12:37:20 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/04/02 17:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/07 11:36:22 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/07 11:36:22 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/19 22:26:48 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120427.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/19 22:26:47 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120427.033\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/15 17:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120427.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/10/15 20:46:42 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 17:09:26 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011/07/13 17:09:16 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2011/07/13 17:09:16 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/11 16:26:04 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/20 19:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/03/30 21:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\0502010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 20:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symefa.sys -- (SymEFA)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/01/27 00:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symds.sys -- (SymDS)
DRV - [2010/11/15 19:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\ironx86.sys -- (SymIRON)
DRV - [2009/01/05 19:04:16 | 000,534,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW147.sys -- (MRVW147) Marvell TOPDOG (TM) 802.11bgn Driver for Vista Native WIFI (CB8x/EC8x)
DRV - [2007/05/23 18:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/30 12:37:46 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 01:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2003/04/19 02:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 19:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com//web?src=ie ... =2&sr=0&q= {searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 75 F6 B5 8C 4D CC 01 [binary data]
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com//web?src=ie ... =2&sr=0&q= {searchTerms}
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q= {searchTerms}
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20120417,6902,0,28,0"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={EDC13F58-8BE7-47AF-BD7A-BA9008FFAB4E}&Version=3.6.5&Vintage=20120417&Defaultbrowserid=28&Productid=2627&Vendorid=5750&Offerid=6894&searchterm="
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/04/27 17:26:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/04/28 16:15:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/12 08:54:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/26 15:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2012/04/27 17:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions
[2012/04/27 17:34:30 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/04/26 20:50:13 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/03/07 14:42:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/01 09:13:48 | 000,002,468 | ---- | M] () -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\searchplugins\safesearch.xml
[2012/04/26 15:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/15 17:36:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/26 11:18:04 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2011/07/18 13:20:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/04/12 08:54:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/12 08:53:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/19 09:33:04 | 000,002,503 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/04/26 11:17:56 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/04/12 08:53:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/12 09:34:39 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\5.2.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30EFAFF0-65C2-4727-84D4-ED2138AC4E01}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1542435-0AC2-49D0-981C-1D8735184DEC}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Justin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Justin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/28 16:19:19 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2012/04/27 21:38:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/26 20:55:50 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\adaware
[2012/04/26 20:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/04/26 20:54:57 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys
[2012/04/26 20:54:53 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbtis.sys
[2012/04/26 20:54:43 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\FileTypeAssistant
[2012/04/26 20:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2012/04/26 20:52:24 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\I Want This
[2012/04/26 20:52:22 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys
[2012/04/26 20:52:20 | 000,221,784 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys
[2012/04/26 20:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/04/26 20:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\I Want This
[2012/04/26 20:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/04/26 20:50:38 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\adawarebp
[2012/04/26 20:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/04/26 20:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/04/26 20:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/04/26 20:48:28 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Ad-Aware Antivirus
[2012/04/26 20:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/26 20:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/26 20:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/04/26 20:40:53 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/26 20:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/26 20:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/26 20:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/26 20:34:03 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Malwarebytes
[2012/04/26 20:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/26 20:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/26 20:33:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/26 20:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/26 17:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012/04/26 16:42:08 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Google
[2012/04/26 16:42:07 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\CRE
[2012/04/26 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/04/26 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\uTorrent
[2012/04/26 16:04:49 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/26 11:20:29 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\vlc
[2012/04/26 11:19:35 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Ilivid Player
[2012/04/26 11:12:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\.swt
[2012/04/26 11:12:43 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Azureus
[2012/04/26 11:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/04/26 11:11:22 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Conduit
[2012/04/16 18:21:24 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\Debs
[2012/04/13 15:38:39 | 000,000,000 | ---D | C] -- C:\s4mk
[2012/04/13 15:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/13 14:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2012/04/13 14:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2012/04/12 22:09:29 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{26CDBD1F-43ED-40AC-988B-3751F8146DAD}
[2012/04/11 23:07:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/11 23:07:53 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/11 23:07:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/11 23:07:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/11 23:07:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/11 23:07:50 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/11 23:07:26 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/11 23:07:26 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/11 18:51:01 | 000,483,328 | ---- | C] (Simon Tatham) -- C:\Users\Justin\Desktop\PUTTY.EXE
[2012/03/31 16:57:11 | 000,000,000 | ---D | C] -- C:\iFaith
[2012/03/31 15:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/31 14:41:08 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\860OKMZO

========== Files - Modified Within 30 Days ==========

[2012/04/28 16:19:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2012/04/28 16:19:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/28 16:15:43 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/28 16:15:04 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 16:15:04 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 16:14:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/28 10:27:14 | 000,139,264 | ---- | M] () -- C:\Users\Justin\Desktop\SystemLook(2).exe
[2012/04/27 07:24:11 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/26 22:13:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/26 22:13:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/04/26 22:06:46 | 000,000,196 | ---- | M] () -- C:\Windows\wininit.ini
[2012/04/26 21:15:19 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 20:54:28 | 002,114,484 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502010.003\Cat.DB
[2012/04/26 20:45:24 | 000,001,079 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/26 20:45:24 | 000,001,055 | ---- | M] () -- C:\Users\Justin\Desktop\Spybot - Search & Destroy.lnk
[2012/04/26 20:40:36 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/26 20:26:53 | 000,000,711 | ---- | M] () -- C:\Users\Justin\Desktop\P90X.Xtreme.Workout.Series.COMPLETE PACK.DVDrip.Xvid-SCP - Shortcut.lnk
[2012/04/26 20:11:59 | 000,013,312 | ---- | M] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 16:41:47 | 000,000,776 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/26 16:41:47 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/04/26 16:35:27 | 000,247,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/26 16:19:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/26 16:19:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/26 16:08:58 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/26 16:08:58 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/26 16:02:43 | 000,002,556 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/04/24 19:32:16 | 000,000,134 | ---- | M] () -- C:\Users\Justin\Desktop\Windows Mobility Center - Shortcut.lnk
[2012/04/21 21:02:08 | 000,764,190 | ---- | M] () -- C:\Users\Justin\Desktop\fire2.mp4
[2012/04/21 16:01:23 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/16 15:34:33 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502010.003\isolate.ini
[2012/04/13 15:41:08 | 000,697,916 | ---- | M] () -- C:\s4mk.4
[2012/04/13 15:41:07 | 001,291,395 | ---- | M] () -- C:\s4mk.3
[2012/04/13 15:04:04 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/13 14:09:06 | 001,290,281 | ---- | M] () -- C:\s5vc.2
[2012/04/13 14:09:06 | 000,698,237 | ---- | M] () -- C:\s5vc.3
[2012/04/11 20:38:17 | 000,000,600 | ---- | M] () -- C:\Users\Justin\AppData\Local\PUTTY.RND
[2012/04/11 18:51:01 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\Justin\Desktop\PUTTY.EXE
[2012/04/11 12:58:23 | 001,290,773 | ---- | M] () -- C:\s108.2
[2012/04/11 12:58:23 | 000,698,126 | ---- | M] () -- C:\s108.3
[2012/04/11 12:15:26 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/01 10:08:14 | 000,000,628 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/03/31 15:34:13 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/31 15:34:13 | 000,001,854 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

========== Files Created - No Company Name ==========

[2012/04/28 10:27:12 | 000,139,264 | ---- | C] () -- C:\Users\Justin\Desktop\SystemLook(2).exe
[2012/04/27 07:24:36 | 000,002,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/04/26 22:13:35 | 000,000,946 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/26 22:13:28 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/04/26 22:13:28 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/04/26 22:06:46 | 000,000,196 | ---- | C] () -- C:\Windows\wininit.ini
[2012/04/26 20:55:16 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/26 20:45:24 | 000,001,079 | ---- | C] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/26 20:45:23 | 000,001,055 | ---- | C] () -- C:\Users\Justin\Desktop\Spybot - Search & Destroy.lnk
[2012/04/26 20:40:36 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/26 20:33:54 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 20:26:53 | 000,000,711 | ---- | C] () -- C:\Users\Justin\Desktop\P90X.Xtreme.Workout.Series.COMPLETE PACK.DVDrip.Xvid-SCP - Shortcut.lnk
[2012/04/26 17:09:09 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/04/26 17:09:09 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/04/26 17:09:09 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2012/04/26 16:41:47 | 000,000,776 | ---- | C] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/26 16:41:47 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/04/26 16:04:50 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/24 19:32:16 | 000,000,134 | ---- | C] () -- C:\Users\Justin\Desktop\Windows Mobility Center - Shortcut.lnk
[2012/04/21 21:02:08 | 000,764,190 | ---- | C] () -- C:\Users\Justin\Desktop\fire2.mp4
[2012/04/13 15:41:07 | 001,291,395 | ---- | C] () -- C:\s4mk.3
[2012/04/13 15:41:07 | 000,697,916 | ---- | C] () -- C:\s4mk.4
[2012/04/13 15:04:04 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/13 14:39:12 | 000,002,411 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2012/04/13 14:09:06 | 001,290,281 | ---- | C] () -- C:\s5vc.2
[2012/04/13 14:09:06 | 000,698,237 | ---- | C] () -- C:\s5vc.3
[2012/04/11 18:53:26 | 000,000,600 | ---- | C] () -- C:\Users\Justin\AppData\Local\PUTTY.RND
[2012/04/11 12:58:23 | 001,290,773 | ---- | C] () -- C:\s108.2
[2012/04/11 12:58:23 | 000,698,126 | ---- | C] () -- C:\s108.3
[2011/07/29 14:13:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/28 18:43:34 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2011/07/28 18:43:31 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2011/07/19 19:19:12 | 000,013,312 | ---- | C] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/18 23:17:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/07/18 20:05:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/07/18 20:05:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/15 09:15:40 | 000,001,356 | ---- | C] () -- C:\Users\Justin\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/04/27 07:15:38 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Ad-Aware Antivirus
[2012/04/26 15:56:18 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Azureus
[2011/07/15 12:08:57 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\BSD
[2012/03/21 16:32:01 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DiskAid
[2012/01/18 14:53:08 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\EurekaLog
[2011/10/15 16:59:12 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ID Vault
[2011/07/19 22:22:28 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\MusicNet
[2011/10/28 08:12:13 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\redsn0w
[2011/07/19 21:46:16 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Sammsoft
[2011/12/08 10:53:46 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Spotify
[2012/04/26 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent
[2011/07/20 14:00:19 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Windows Live Writer
[2012/04/27 07:24:11 | 000,000,946 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/28 10:49:51 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 4/28/2012 4:20:51 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Justin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 43.69% Memory free
6.18 Gb Paging File | 4.28 Gb Available in Paging File | 69.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.76 Gb Total Space | 57.08 Gb Free Space | 25.74% Space Free | Partition Type: NTFS
Drive D: | 11.12 Gb Total Space | 4.49 Gb Free Space | 40.39% Space Free | Partition Type: NTFS

Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5D5D2F07-7717-4B24-96CE-07B3DEB6153C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{86F4573D-E38E-4F99-9A16-C3AFE49D3F2A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B6E9FF-D16D-457F-845E-A27746C13E01}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2831CC7B-76B8-443B-8DC8-A41FB2FA9D9A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F5A325C-1E34-4471-8C86-3123BF731D3F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{53F6499A-F164-445E-9619-B206916B49B5}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{5D2B53B2-5FA5-4B06-B3D4-7698A985896F}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{5DFB2F27-B2AC-413C-A071-E8DA1C9C1103}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{8B4BD1E0-6DD4-464E-B6E8-6F81383139C6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9862307E-B572-4C5B-BD56-84A76CD63256}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{98E82C2E-CE97-4541-8646-8660CB82D9E9}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{A07FBEB4-992F-443C-9E7B-21ACE44FD4E2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A45FDF68-2D6F-4DAC-B207-9AFD7A99F458}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B951C9B1-D944-4555-82B8-E06214DC775B}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{CB3D8E5D-2174-4CD4-B1A1-CF7657BB7BB6}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{D04FE1E5-1BE6-478B-8F2C-3D95EB2860AA}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{D8D2E62C-712D-4187-B4BA-DECB8C86CF5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D978FF82-24F6-44E6-AF67-66A9F0E6D5F5}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{EAD94AAF-A0FF-46AB-BF3D-DAF1E3697A65}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{ED41575D-5E43-4050-A318-CFF646598DFA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F0200C6-9ACB-49F3-BC33-5BE9AA682D9F}" = MapSend Lite
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3BEBC95D-FDBA-480B-93E8-9B4E9E41733C}" = MapSend Topo 3D USA
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4044436C-3A01-4ECA-8FC9-AC8F3F838EDC}" = Audials TV
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{92A40DC2-0ECD-4602-A79E-1DC53545C6EE}" = eXplorist Wizard
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5AEB391-5F1F-4C54-91E5-3E36EF0BBAB9}" = Audials
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8DB119B6D49DA7A4E890B7645171B84CF2636FF5" = Windows Driver Package - Realtek Semiconductor Corp. (RTSTOR) USB (11/13/2008 6.0.6000.20112)
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"C41958BBA9FCBC002F1107F807E27B8DFFA50052" = Windows Driver Package - Intel System (10/19/2007 8.3.1.1005)
"Contour Storyteller 3.0.5" = Contour Storyteller
"DiskAid_is1" = DiskAid 5.09
"DriverHive_is1" = DriverHive
"EFA3C0DE51BCFDA9EFD689A3D2DC4630E23F1179" = Windows Driver Package - Intel hdc (08/05/2009 9.1.1.1016)
"F75E81F87F7279E57A54019223A1DF9551DC7A2C" = Windows Driver Package - Intel (iaStor) hdc (03/03/2010 9.6.0.1014)
"FF4068CEC11D6219B066C229D4CF19E1CA35C026" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ID Vault" = Constant Guard Protection Suite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"N360" = Norton Security Suite
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
reefscapes
Member+
 
Posts: 14
Joined: April 27th, 2012, 7:13 pm

Re: http://www.searchnu.com/406?tag=newtab

Unread postby Gary R » April 28th, 2012, 8:01 pm

It's 1.00am where I am, so I'll go through your logs in the morning (my time) and get back to you then.
User avatar
Gary R
Administrator
Administrator
 
Posts: 19182
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: http://www.searchnu.com/406?tag=newtab

Unread postby Gary R » April 29th, 2012, 2:23 am

OK, lets get started on cleaning your computer.

First

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Next

Removing Malware is never without risk, so I recommend you backup any personal files and folders that you can't afford to risk losing.

I don't expect us to have problems, but it only takes a short while to backup, so better to be safe than sorry.

Next

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

µTorrent


Use of P2P programs is the fastest way to get infected that I know.

Reboot your computer to complete its removal.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Users\Justin\Downloads\iLividSetupV1.exe
C:\Program Files\BearShare Applications
C:\Users\Justin\AppData\Local\Ilivid Player
C:\Users\Justin\AppData\LocalLow\DataMngr
ipconfig /flushdns /c

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}]
[-HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}]
[-HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bb52a5b_0]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bb52a5b_0]
@=-
[-HKEY_CURRENT_USER\Software\Datamngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D525F51-BF01-4F1D-8E29-3C04E0B3BDBE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{972FECC0-87C6-4FEB-A561-DC94438E57F3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DBC2040622EA554F93391A2BD60905C]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3C5AAA84864EDB4C8FB098047BDEE96]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3C5AAA84864EDB4C8FB098047BDEE96]
[-HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Datamngr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F5A325C-1E34-4471-8C86-3123BF731D3F}"=-
"{53F6499A-F164-445E-9619-B206916B49B5}"=-
"{5D2B53B2-5FA5-4B06-B3D4-7698A985896F}"=-
"{5DFB2F27-B2AC-413C-A071-E8DA1C9C1103}"=-
"{9862307E-B572-4C5B-BD56-84A76CD63256}"=-
"{CB3D8E5D-2174-4CD4-B1A1-CF7657BB7BB6}"=-
"{D978FF82-24F6-44E6-AF67-66A9F0E6D5F5}"=-
"{EAD94AAF-A0FF-46AB-BF3D-DAF1E3697A65}"=-

:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com//web?src=ie ... =2&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com//web?src=ie ... =2&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
[2012/04/27 17:34:30 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/04/26 11:18:04 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2011/08/19 09:33:04 | 000,002,503 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/04/26 11:17:56 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
[2012/04/26 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/04/26 16:40:47 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\uTorrent
[2012/04/26 11:19:35 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Ilivid Player
[2012/04/26 11:12:43 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Azureus
[2012/04/26 11:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/04/26 11:11:22 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Conduit
[2012/04/26 16:41:47 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

:Commands
[resethosts]
[emptytemp]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL fix log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 19182
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: http://www.searchnu.com/406?tag=newtab

Unread postby reefscapes » April 29th, 2012, 5:52 pm

the log file didn't contain any info other than saying it was registered I copied the results:

C:\Program Files\ContourStoryteller\Process.exe Win32/PrcView application
C:\_OTL\MovedFiles\04292012_100550\C_Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\04292012_100550\C_Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\04292012_100550\C_Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\04292012_100550\C_Program Files\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\04292012_100550\C_Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application
D:\Windows\System32\autochk.exe a variant of Win32/CompuTrace.A application
reefscapes
Member+
 
Posts: 14
Joined: April 27th, 2012, 7:13 pm

Re: http://www.searchnu.com/406?tag=newtab

Unread postby reefscapes » April 29th, 2012, 5:54 pm

OTL File

All processes killed
========== FILES ==========
File\Folder C:\Users\Justin\Downloads\iLividSetupV1.exe not found.
C:\Program Files\BearShare Applications\BearShare\Skins\html\videosview folder moved successfully.
C:\Program Files\BearShare Applications\BearShare\Skins\html\images folder moved successfully.
C:\Program Files\BearShare Applications\BearShare\Skins\html\colorsbubble\images folder moved successfully.
C:\Program Files\BearShare Applications\BearShare\Skins\html\colorsbubble folder moved successfully.
C:\Program Files\BearShare Applications\BearShare\Skins\html\cdripview folder moved successfully.
C:\Program Files\BearShare Applications\BearShare\Skins\html\artistsview\images folder moved successfully.
C:\Program Files\BearShare Applications\BearShare\Skins\html\artistsview folder moved successfully.
C:\Program Files\BearShare Applications\BearShare\Skins\html\albumsview\images folder moved successfully.
C:\Program Files\BearShare Applications\BearShare\Skins\html\albumsview folder moved successfully.
C:\Program Files\BearShare Applications\BearShare\Skins\html folder moved successfully.
C:\Program Files\BearShare Applications\BearShare\Skins folder moved successfully.
C:\Program Files\BearShare Applications\BearShare\HTML\Images folder moved successfully.
C:\Program Files\BearShare Applications\BearShare\HTML folder moved successfully.
C:\Program Files\BearShare Applications\BearShare folder moved successfully.
C:\Program Files\BearShare Applications folder moved successfully.
C:\Users\Justin\AppData\Local\Ilivid Player folder moved successfully.
C:\Users\Justin\AppData\LocalLow\DataMngr folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Justin\Desktop\cmd.bat deleted successfully.
C:\Users\Justin\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bb52a5b_0\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bb52a5b_0\\@ not found.
Registry key HKEY_CURRENT_USER\Software\Datamngr\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{841D5A49-E48D-413C-9C28-EB3D9081D705}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D525F51-BF01-4F1D-8E29-3C04E0B3BDBE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D525F51-BF01-4F1D-8E29-3C04E0B3BDBE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{972FECC0-87C6-4FEB-A561-DC94438E57F3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{972FECC0-87C6-4FEB-A561-DC94438E57F3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DBC2040622EA554F93391A2BD60905C\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3C5AAA84864EDB4C8FB098047BDEE96\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3C5AAA84864EDB4C8FB098047BDEE96\ not found.
Registry key HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Datamngr\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F5A325C-1E34-4471-8C86-3123BF731D3F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F5A325C-1E34-4471-8C86-3123BF731D3F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53F6499A-F164-445E-9619-B206916B49B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53F6499A-F164-445E-9619-B206916B49B5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D2B53B2-5FA5-4B06-B3D4-7698A985896F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D2B53B2-5FA5-4B06-B3D4-7698A985896F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5DFB2F27-B2AC-413C-A071-E8DA1C9C1103} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5DFB2F27-B2AC-413C-A071-E8DA1C9C1103}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9862307E-B572-4C5B-BD56-84A76CD63256} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9862307E-B572-4C5B-BD56-84A76CD63256}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB3D8E5D-2174-4CD4-B1A1-CF7657BB7BB6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB3D8E5D-2174-4CD4-B1A1-CF7657BB7BB6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D978FF82-24F6-44E6-AF67-66A9F0E6D5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D978FF82-24F6-44E6-AF67-66A9F0E6D5F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EAD94AAF-A0FF-46AB-BF3D-DAF1E3697A65} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAD94AAF-A0FF-46AB-BF3D-DAF1E3697A65}\ not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
HKU\S-1-5-21-3605859176-3889556994-3234996530-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry value HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_USERS\S-1-5-21-3605859176-3889556994-3234996530-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from keyword.URL
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\ifz2rahq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
Folder C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
File C:\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll not found.
Folder C:\Program Files\uTorrent\ not found.
Folder C:\Users\Justin\AppData\Roaming\uTorrent\ not found.
Folder C:\Users\Justin\AppData\Local\Ilivid Player\ not found.
C:\Users\Justin\AppData\Roaming\Azureus\torrents folder moved successfully.
C:\Users\Justin\AppData\Roaming\Azureus\tmp folder moved successfully.
C:\Users\Justin\AppData\Roaming\Azureus\shares folder moved successfully.
C:\Users\Justin\AppData\Roaming\Azureus\rss folder moved successfully.
C:\Users\Justin\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.
C:\Users\Justin\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.
C:\Users\Justin\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.
C:\Users\Justin\AppData\Roaming\Azureus\plugins folder moved successfully.
C:\Users\Justin\AppData\Roaming\Azureus\net folder moved successfully.
C:\Users\Justin\AppData\Roaming\Azureus\logs folder moved successfully.
C:\Users\Justin\AppData\Roaming\Azureus\dht folder moved successfully.
C:\Users\Justin\AppData\Roaming\Azureus\active folder moved successfully.
C:\Users\Justin\AppData\Roaming\Azureus folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Users\Justin\AppData\Local\Conduit folder moved successfully.
File C:\Users\Public\Desktop\µTorrent.lnk not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Justin
->Temp folder emptied: 40214213 bytes
->Temporary Internet Files folder emptied: 2499543 bytes
->FireFox cache emptied: 50804267 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5700 bytes
RecycleBin emptied: 10532688430 bytes

Total Files Cleaned = 10,134.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.2 log created on 04292012_105908

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
reefscapes
Member+
 
Posts: 14
Joined: April 27th, 2012, 7:13 pm

Re: http://www.searchnu.com/406?tag=newtab

Unread postby Gary R » April 30th, 2012, 1:31 am

OK looking good, just a couple of files to remove.

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Program Files\ContourStoryteller\Process.exe
D:\Windows\System32\autochk.exe


:Commands
[ClearAllRestorePoints]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

How is your computer running now ?
.
.
.
.
User avatar
Gary R
Administrator
Administrator
 
Posts: 19182
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: http://www.searchnu.com/406?tag=newtab

Unread postby reefscapes » April 30th, 2012, 9:57 am

Great! the "searchnu.com is gone! I got rid of Bearshare finally and utorrent will be missed but would rather not have viruses. I am running multiple malware programs adaware pro, spybot seach and destroy, Super Antivirus, windows defender and Norton 360. Which do you recommend? also I have been having problems deleting programs from control panel, programs. It says I don't have administrator rights which I should. programs like Itunes and others I've ran into this problem. I've gotten around it by booting safemode but any ideas? I must say you have been extremely helpful. I'm so glad I found this forum. It's nice to know that this is available. I will recommend it most definitely!!

========== FILES ==========
C:\Program Files\ContourStoryteller\Process.exe moved successfully.
D:\Windows\System32\autochk.exe moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.2 log created on 04302012_074742
reefscapes
Member+
 
Posts: 14
Joined: April 27th, 2012, 7:13 pm

Re: http://www.searchnu.com/406?tag=newtab

Unread postby Gary R » April 30th, 2012, 12:48 pm

Is your account Standard User ?

You shouldn't need Administrator permissions to uninstall programs in your account, however if there are multiple User Accounts on your computer, and the program you were trying to uninstall was made available to all Users on installation, then you may need to have Administrator permissions to remove it, since you would be making changes to other accounts.

If that is not the case, or you have an Administrator Account, let me know and we'll see if we can find out what the problem is.

As far as advice on security, I advise that you read .... Computer Security - a short guide to staying safer online .... which gives my recommendations for a safer machine.

Time to remove the tools we've been using to clean your computer.

Let's clear out OTL and the files and folders it created. This will also remove SystemLook.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).
User avatar
Gary R
Administrator
Administrator
 
Posts: 19182
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: http://www.searchnu.com/406?tag=newtab

Unread postby reefscapes » April 30th, 2012, 2:30 pm

Great! Yes, I only have one account and I am the administrator. I can delete some programs but get hung up on others. I will get an error that says "the system administrator has set policies to prevent this installation" Then i click ok and it says that " I do not have sufficient access to unintall "xxxxxx" contact system administrator.


On another note I would like your help on my desktop as well as I believe it is infected as well can I start from here?
reefscapes
Member+
 
Posts: 14
Joined: April 27th, 2012, 7:13 pm

Re: http://www.searchnu.com/406?tag=newtab

Unread postby Gary R » April 30th, 2012, 5:57 pm

I don't see any policy settings in your OTL log, which would usually indicate if any non-default policy settings were present.

We could reset your overall registry and file permissions to default, and this may resolve your problems, however the tool we'd use to do this is a relatively new one, and I can give no guarantee that it would be effective, or that using it may not have some unexpected side effect (I don't believe it will, but I can give no guarantee).

The alternative is for me to point you towards a forum that specialises in uninstaller problems (my speciality is malware removal).

Let me know how you'd like to proceed.

As for your Desktop, it will save confusion if you just start a new topic for it in the Malware Removal room. If I have time I'll try to have a look at it, but I'm a little busy at the moment, so it may be someone else who answers your topic.
User avatar
Gary R
Administrator
Administrator
 
Posts: 19182
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: http://www.searchnu.com/406?tag=newtab

Unread postby reefscapes » April 30th, 2012, 7:26 pm

yes that would be great if you could refer me to a uninstaller forum. Again, thanks for all your knowledge. I can see a noticeable difference!!!
reefscapes
Member+
 
Posts: 14
Joined: April 27th, 2012, 7:13 pm

Re: http://www.searchnu.com/406?tag=newtab

Unread postby Gary R » May 1st, 2012, 1:51 am

You're welcome, glad we could help. :)

Any of the following forums will probably be able to help you with your Uninstall problems (they are not in any order of preference), the quality of help at any of them is usually very good ....

http://forums.whatthetech.com/index.php?showforum=119
http://www.bleepingcomputer.com/forums/forum72.html
http://www.geekstogo.com/forum/forum/79 ... windows-7/
http://www.techsupportforum.com/forums/f217/
User avatar
Gary R
Administrator
Administrator
 
Posts: 19182
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware