Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

How do I delet http://www.searchnu.com/406

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

How do I delet http://www.searchnu.com/406

Unread postby Michael75065 » May 5th, 2012, 7:32 pm

My google chrome has been taken over and How do I delet http://xxx.searchnu.com/406

Need help ASAP. I am brand new on here and email is xxxxxxxxxxxxxx






I ran a OTL scan can some help us: OTL logfile created on: 5/5/2012 7:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Michael\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 52.89% Memory free
5.49 Gb Paging File | 3.69 Gb Available in Paging File | 67.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 159.55 Gb Free Space | 72.27% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/05 19:06:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/12 08:12:01 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012/01/09 13:04:32 | 004,791,640 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe
PRC - [2012/01/04 15:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/29 22:29:04 | 000,497,496 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/12/29 16:43:30 | 000,620,376 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/12/14 07:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/12/14 07:59:19 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2011/12/14 07:41:55 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011/12/12 13:12:16 | 010,448,384 | ---- | M] (The Weather Channel) -- C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2011/10/28 23:12:57 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/04 04:55:50 | 005,420,408 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mikogo 4\mikogo-host.exe
PRC - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/05 12:04:34 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/27 16:51:38 | 000,200,152 | ---- | M] () -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/12 11:27:18 | 005,470,208 | ---- | M] (hMailServer) -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/27 22:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 22:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 22:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 22:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 22:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/11 20:50:26 | 001,880,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d0ae88ebdc709e940fbd0c6bafcab13c\System.Deployment.ni.dll
MOD - [2012/04/11 13:31:22 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
MOD - [2012/04/11 13:30:43 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
MOD - [2012/04/11 13:30:03 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
MOD - [2012/04/11 13:29:26 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
MOD - [2012/04/11 13:29:01 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
MOD - [2012/02/23 10:47:23 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\8dd565cc0b374e1eec73cf7eaba91e92\UIAutomationProvider.ni.dll
MOD - [2012/02/23 10:44:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MOD - [2012/02/23 10:43:38 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
MOD - [2012/02/23 10:34:54 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/21 04:43:36 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
MOD - [2012/02/21 04:41:34 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/21 04:41:24 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012/02/21 04:41:11 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012/02/21 04:40:07 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/21 04:39:44 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2011/12/29 16:43:50 | 008,901,976 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\WebUI.dll
MOD - [2011/12/29 16:43:48 | 000,882,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\Scan.dll
MOD - [2011/11/10 19:24:30 | 000,599,896 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\DiskMap.dll
MOD - [2011/10/19 22:19:24 | 000,564,712 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\sqlite3.dll
MOD - [2011/10/19 22:18:48 | 000,058,712 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\NtfsData.dll
MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/08/04 04:55:50 | 005,420,408 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mikogo 4\mikogo-host.exe
MOD - [2011/04/27 16:51:38 | 000,200,152 | ---- | M] () -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2011/02/04 18:38:10 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/09/30 18:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/30 10:01:47 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/29 22:29:04 | 000,497,496 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/12/14 07:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/26 00:50:59 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Michael\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010/12/12 11:27:18 | 005,470,208 | ---- | M] (hMailServer) [Auto | Running] -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe -- (hMailServer)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/06 14:49:28 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/07/04 07:36:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/07/04 07:36:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/07/04 07:35:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/07/04 07:32:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/07/04 07:32:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/04/29 17:30:52 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/04/29 17:30:52 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/04/29 14:01:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502010.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502010.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502010.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502010.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502010.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502010.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/10/02 01:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/21 05:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 06:03:40 | 000,245,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2012/05/05 04:52:09 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120504.033\ex64.sys -- (NAVEX15)
DRV - [2012/05/05 04:52:09 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120504.033\eng64.sys -- (NAVENG)
DRV - [2012/04/27 20:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120505.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/13 09:59:45 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/02 19:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/04 06:41:38 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/07/11 14:40:30 | 000,020,336 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2011/03/23 00:58:10 | 000,021,328 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 00:58:06 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27360910f055l0344z135t4912x531
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKLM\..\URLSearchHook: {90eee664-34b1-422a-a782-779af65cdf6d} - No CLSID value found
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZon1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110502090318796&tb_oid=02-05-2011&tb_mrud=02-05-2011
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IETB
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\URLSearchHook: {90eee664-34b1-422a-a782-779af65cdf6d} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0169E633-8781-F882-9BC7-7B014AE4DE4E}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111015&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{087E85A4-2E94-42CE-AEB2-021C0C7DC6B2}: "URL" = http://search.toolbars.alexa.com/?src={referrer:source}&q={searchTerms}
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110502090318796&tb_oid=02-05-2011&tb_mrud=02-05-2011
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=19766
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101703&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=F3&apn_dtid=YYYYYYYYUS&apn_uid=7A2D5C1E-CEBA-484B-B390-E78940947C67&apn_sauid=D01926E1-6E50-4862-939D-ED35E7B7490D
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=vmn&type=vmn-ada-vmntbcleaner-1_0-ya-ch-rp&q={searchTerms}
IE - HKCU\..\SearchScopes\{547CD6BD-C8E8-404E-B8E8-096DAC8B5A15}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_enUS399&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=WkyJP-x2T1a6lmZErSNo4zI-yCA?q={searchTerms}
IE - HKCU\..\SearchScopes\{73ccfd25-abe2-4bdf-ac5d-28a470a4d234}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_enUS399
IE - HKCU\..\SearchScopes\{895EA87F-FF34-4161-AD5E-69E356D6222D}: "URL" = http://search.avg.com/route/?d=4e498d21&v=7.7.26.1&i=27&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{A5350CA8-00EF-4ECB-49C8-1AC91895C705}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376
IE - HKCU\..\SearchScopes\{B730E2FB-931E-C117-652C-C429D0471E60}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{B951D59B-6DF5-4921-B999-AFAE3ED5CAE3}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=685749&p={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80533&lng=en
IE - HKCU\..\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=BBY2-SRS&o=41647948&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=7S&apn_dtid=YYYYYYYYUS&apn_uid=E37EFA02-771B-43EE-90DA-5F0ADAE2512B&apn_sauid=F8EA2C33-95BD-410F-865B-695763081CFE
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb110/?search={searchTerms}&loc=IB_DS&a=6R88bDVWel&i=26
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch.co/?tmp=toolbar_FLVTube_results&prt=flvtubetb01ff&clid=7b9775a2a22544cead2c44b4dd36888b&subid=6632_movies&Keywords={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=8"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {27E679CC-6AAB-4B2A-BB87-096FE4178464}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {22689c12-9fe2-45cc-b2fc-6021044866d7}:3.2.3.3
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.659.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {15312e9a-4905-48da-aae4-15b24bdc2a24}:1.0.5
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.6
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: vinceturk@gmail.com:2.7.0.788
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.2.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.1.1.1
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.6
FF - prefs.js..extensions.enabledItems: {72938f90-8d8a-11de-8a39-0800200c9a66}:1.3.5
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.6
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {15a82062-5139-4855-9706-130a8a4be80c}:1.0.2
FF - prefs.js..extensions.enabledItems: {15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}:1.0.4
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.7
FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1.1
FF - prefs.js..extensions.enabledItems: {45e16761-660c-41a4-984f-56986fba2137}:1.0
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9
FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.1
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mkg030&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/04/13 09:37:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/05/05 18:44:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/13 09:37:24 | 000,000,000 | ---D | M]

[2010/09/28 20:10:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2011/12/31 10:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ox0to7ja.default\extensions
[2011/12/28 11:54:50 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ox0to7ja.default\extensions\ffxtlbr@incredibar.com
[2011/12/31 10:00:18 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ox0to7ja.default\extensions\textlinks@epicplay.com
[2011/08/28 05:14:13 | 000,002,342 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ox0to7ja.default\searchplugins\aol-search.xml
[2011/02/01 19:05:08 | 000,002,333 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ox0to7ja.default\searchplugins\askcom.xml
[2011/01/24 03:54:21 | 000,001,919 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ox0to7ja.default\searchplugins\bing-zugo.xml
[2011/08/15 13:35:44 | 000,000,919 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ox0to7ja.default\searchplugins\conduit.xml
[2011/03/10 21:57:14 | 000,001,218 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ox0to7ja.default\searchplugins\kikin-search.xml
[2011/03/10 21:17:53 | 000,009,932 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ox0to7ja.default\searchplugins\mywebsearch.xml
[2011/03/12 23:07:13 | 000,003,368 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ox0to7ja.default\searchplugins\search-results.xml
[2010/10/03 01:59:09 | 000,001,484 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ox0to7ja.default\searchplugins\start-searcher.xml
[2012/03/10 12:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/15 18:06:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/03/10 12:10:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: WinZip Courier (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.0_0\wzwmcgc.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: WinZip Courier = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: EpicPlay = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\plccnhhjonaiagjelpfkclblmlppjcik\

O1 HOSTS File: ([2011/02/23 00:19:06 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
O2 - BHO: (no name) - {B8D60EBB-5565-4392-957B-7164BA087AD4} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90EEE664-34B1-422A-A782-779AF65CDF6D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZon1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [Mikogo] C:\Users\Michael\AppData\Roaming\Mikogo 4\mikogo-host.exe ()
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8:64bit: - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - Reg Error: Value error. File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F22113B-2D8F-447C-B4EA-53D3643AB84E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~4\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/05 14:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/05 14:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/04 17:48:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\vlc
[2012/05/04 17:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar
[2012/04/29 23:40:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\PokerStars.NET
[2012/04/29 23:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2012/04/29 23:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2012/04/16 15:47:55 | 000,023,896 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2012/04/15 01:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SendBlaster 2
[2012/04/15 01:03:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SendBlaster
[2012/04/13 11:36:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2408CEC0-B073-4626-BC31-20BADBC07887}
[2012/04/11 12:59:40 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/11 12:59:40 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 12:59:35 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/11 12:59:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 12:59:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/11 12:59:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 12:59:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/11 12:59:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 12:59:28 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/11 12:59:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 12:59:26 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/11 12:54:36 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/11 12:54:34 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/11 12:54:33 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/11 03:17:41 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/11 03:17:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/11 03:17:19 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/10 20:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Email Extractor 14
[2012/04/10 20:13:19 | 000,000,000 | ---D | C] -- C:\emailextractor14
[2012/04/10 14:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Lencom
[2012/04/08 19:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/04/08 19:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/04/08 07:52:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lencom Software Inc
[2012/04/08 07:51:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Lencom
[2012/04/08 07:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LencomShare
[2012/04/08 07:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lencom Software Inc
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/05 19:21:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/05 19:02:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 19:02:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 18:46:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348538974-2952609512-521419079-1002UA.job
[2012/05/05 18:44:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/05 18:44:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/05 18:43:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/05 18:43:47 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/05 14:30:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/05 02:47:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348538974-2952609512-521419079-1002Core.job
[2012/05/05 01:42:53 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.pet peeve 3.odt#
[2012/05/04 21:42:19 | 000,024,931 | ---- | M] () -- C:\Users\Michael\Documents\Video Tips.odt
[2012/05/04 21:42:18 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.Video Tips.odt#
[2012/05/04 21:36:12 | 000,023,463 | ---- | M] () -- C:\Users\Michael\Documents\pet peeve 3.odt
[2012/05/04 19:35:03 | 000,010,034 | ---- | M] () -- C:\Users\Michael\Documents\37 Ways to Promote Your Website.odt
[2012/05/04 19:35:03 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.37 Ways to Promote Your Website.odt#
[2012/05/04 19:27:29 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.looking for 1 good business2.odt#
[2012/05/04 19:24:12 | 000,028,022 | ---- | M] () -- C:\Users\Michael\Documents\looking for 1 good business2.odt
[2012/05/04 18:20:12 | 000,012,829 | ---- | M] () -- C:\Users\Michael\Documents\Michael ladd information.odt
[2012/05/04 18:20:12 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.Michael ladd information.odt#
[2012/05/04 17:58:11 | 000,016,309 | ---- | M] () -- C:\Users\Michael\Documents\SuccesswithMichael blog requirements.odt
[2012/05/04 17:25:07 | 000,038,273 | ---- | M] () -- C:\Users\Michael\Documents\Mikes address book.odt
[2012/05/04 17:25:06 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.Mikes address book.odt#
[2012/05/02 22:27:16 | 000,002,413 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2012/05/01 16:27:28 | 000,012,945 | ---- | M] () -- C:\Users\Michael\Documents\reseller ad 1.odt
[2012/05/01 16:27:27 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.reseller ad 1.odt#
[2012/05/01 16:20:09 | 000,020,076 | ---- | M] () -- C:\Users\Michael\Documents\SEO Business.odt
[2012/05/01 16:20:08 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.SEO Business.odt#
[2012/05/01 15:49:44 | 000,031,278 | ---- | M] () -- C:\Users\Michael\Documents\The Google Penguin Update.odt
[2012/05/01 15:49:43 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.The Google Penguin Update.odt#
[2012/05/01 15:42:32 | 000,014,442 | ---- | M] () -- C:\Users\Michael\Documents\look for a business ad.odt
[2012/05/01 04:10:29 | 000,002,106 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/01 04:06:38 | 000,660,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/01 04:06:38 | 000,121,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/01 03:59:06 | 000,796,892 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/01 03:58:23 | 001,892,112 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502010.003\Cat.DB
[2012/05/01 01:02:42 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.What a Mentor should be, should do.odt#
[2012/04/29 23:40:21 | 000,001,121 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2012/04/29 23:40:16 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012/04/28 23:32:18 | 000,016,681 | ---- | M] () -- C:\Users\Michael\Documents\welcome aboard letter1.odt
[2012/04/28 23:32:17 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.welcome aboard letter1.odt#
[2012/04/27 23:50:25 | 007,429,716 | ---- | M] () -- C:\Users\Michael\Documents\Desktop.zip
[2012/04/27 17:45:40 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.Success with Michael Dream Team.odt#
[2012/04/26 00:52:19 | 000,039,173 | ---- | M] () -- C:\Users\Michael\Documents\AA- Special Cut (8-15 cm).jpg
[2012/04/24 15:45:25 | 000,011,026 | ---- | M] () -- C:\Users\Michael\Documents\Michael ladd information.Zip
[2012/04/24 12:22:14 | 000,002,502 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/04/22 14:41:27 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.what I need to do do to fix my blog.odt#
[2012/04/22 14:40:47 | 000,000,000 | ---- | M] () -- C:\Users\Michael\Documents\New WinZip Zipx File.zipx
[2012/04/22 06:47:45 | 000,019,164 | ---- | M] () -- C:\Users\Michael\Documents\network marketing VT closing letter2.odt
[2012/04/22 05:24:47 | 000,016,526 | ---- | M] () -- C:\Users\Michael\Documents\network marketing VT closing letter.odt
[2012/04/22 04:13:49 | 000,021,585 | ---- | M] () -- C:\Users\Michael\Documents\My biggest pet peeve2.odt
[2012/04/22 04:13:48 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.My biggest pet peeve2.odt#
[2012/04/22 03:29:02 | 000,019,412 | ---- | M] () -- C:\Users\Michael\Documents\What is your BIGGEST MLM pet peeve.odt
[2012/04/22 03:29:01 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.What is your BIGGEST MLM pet peeve.odt#
[2012/04/21 12:44:43 | 000,011,254 | ---- | M] () -- C:\Users\Michael\Documents\Michael ladd informational page.1.odt
[2012/04/19 19:10:06 | 000,025,069 | ---- | M] () -- C:\Users\Michael\Documents\Network marketing VT ad.odt
[2012/04/19 19:10:05 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.Network marketing VT ad.odt#
[2012/04/19 18:28:48 | 000,024,860 | ---- | M] () -- C:\Users\Michael\Documents\12 Second Commute.2.odt
[2012/04/19 18:28:47 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.12 Second Commute.2.odt#
[2012/04/19 04:46:05 | 000,081,644 | ---- | M] () -- C:\Users\Michael\Documents\Account summary started at green pack amazing in 9 months.jpg
[2012/04/18 11:40:58 | 000,017,097 | ---- | M] () -- C:\Users\Michael\Documents\blog info.odt
[2012/04/18 11:40:57 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.blog info.odt#
[2012/04/18 08:13:44 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.ATTRACTION MARKETING THERORY IS DEAD!!.odt#
[2012/04/17 14:05:01 | 000,016,045 | ---- | M] () -- C:\Users\Michael\Documents\craigslist ad.odt
[2012/04/17 14:05:01 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.craigslist ad.odt#
[2012/04/17 12:11:33 | 000,011,397 | ---- | M] () -- C:\Users\Michael\Documents\banner ads and widgets.odt
[2012/04/17 12:11:33 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.banner ads and widgets.odt#
[2012/04/16 17:34:33 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502010.003\isolate.ini
[2012/04/16 11:42:33 | 000,520,143 | ---- | M] () -- C:\Users\Michael\Documents\NewbieReport.pdf
[2012/04/15 17:25:27 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.Success with Michael Dream Team.00.odt#
[2012/04/15 01:04:22 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\SendBlaster 2.lnk
[2012/04/15 00:41:02 | 000,020,753 | ---- | M] () -- C:\Users\Michael\Documents\ATTRACTION MARKETING THERORY IS DEAD!!.odt
[2012/04/14 04:51:26 | 000,013,006 | ---- | M] () -- C:\Users\Michael\Documents\Just wanted say hi to everyone!!!.odt
[2012/04/14 04:33:24 | 000,010,386 | ---- | M] () -- C:\Users\Michael\Documents\banner ads.odt
[2012/04/14 04:10:27 | 000,038,175 | ---- | M] () -- C:\Users\Michael\Documents\sargent.gif
[2012/04/14 04:08:36 | 000,132,673 | ---- | M] () -- C:\Users\Michael\Documents\Info-Product-Cheatsheet.pdf
[2012/04/13 19:55:50 | 000,039,519 | ---- | M] () -- C:\Users\Michael\Documents\pdhighlights_022108.pdf
[2012/04/13 18:23:17 | 000,028,207 | ---- | M] () -- C:\Users\Michael\Documents\How To Optimize Twitter.odt
[2012/04/13 18:23:16 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.How To Optimize Twitter.odt#
[2012/04/13 10:25:24 | 000,020,768 | ---- | M] () -- C:\Users\Michael\Documents\networkmarketingvt jason sales letter.odt
[2012/04/12 10:39:39 | 000,009,904 | ---- | M] () -- C:\Users\Michael\Documents\cheap computer.odt
[2012/04/12 00:03:39 | 000,000,256 | ---- | M] () -- C:\Users\Michael\Documents\50TechBoostConveriob.508.zip
[2012/04/11 23:51:00 | 000,293,038 | ---- | M] () -- C:\Users\Michael\Documents\50 Techniques to Boost Conversions.pdf
[2012/04/11 23:25:02 | 000,381,375 | ---- | M] () -- C:\Users\Michael\Documents\100 Ways to Increase Sales-signed.pdf
[2012/04/11 22:36:38 | 000,344,644 | ---- | M] () -- C:\Users\Michael\Documents\100 Ways to Increase Sales.pdf
[2012/04/11 19:39:44 | 000,000,256 | ---- | M] () -- C:\Users\Michael\Documents\100TechIncreaseSales.5750.zip
[2012/04/11 13:18:31 | 000,797,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/10 20:15:24 | 000,001,884 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Email Extractor 14.lnk
[2012/04/10 20:15:04 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\Email Extractor 14.lnk
[2012/04/10 07:44:32 | 000,000,119 | -H-- | M] () -- C:\Users\Michael\Documents\.~lock.Government impact on Wayne county from Ball St..odt#
[2012/04/08 20:48:26 | 000,018,255 | ---- | M] () -- C:\Users\Michael\Documents\Government impact on Wayne county from Ball St..odt
[2012/04/08 19:29:25 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/08 07:52:03 | 000,003,103 | ---- | M] () -- C:\Users\Michael\Desktop\Fast Email Extractor.lnk
[2012/04/06 15:07:28 | 000,023,038 | ---- | M] () -- C:\Users\Michael\Documents\HOW TO DRIVE TRAFFIC TO YOUR WEBSITE.odt
[2012/04/06 05:33:33 | 000,000,256 | ---- | M] () -- C:\Users\Michael\Documents\gurulistbuster.zip
[2012/04/06 04:27:31 | 000,204,800 | ---- | M] () -- C:\License.ndb
[2012/04/05 20:32:53 | 000,060,304 | ---- | M] () -- C:\Users\Michael\g2mdlhlpx.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/05 14:30:37 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/05 01:42:53 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.pet peeve 3.odt#
[2012/05/04 21:42:18 | 000,024,931 | ---- | C] () -- C:\Users\Michael\Documents\Video Tips.odt
[2012/05/04 21:42:18 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.Video Tips.odt#
[2012/05/04 21:36:11 | 000,023,463 | ---- | C] () -- C:\Users\Michael\Documents\pet peeve 3.odt
[2012/05/04 19:35:03 | 000,010,034 | ---- | C] () -- C:\Users\Michael\Documents\37 Ways to Promote Your Website.odt
[2012/05/04 19:35:03 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.37 Ways to Promote Your Website.odt#
[2012/05/04 19:27:29 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.looking for 1 good business2.odt#
[2012/05/04 18:16:42 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.Michael ladd information.odt#
[2012/05/04 17:58:08 | 000,016,309 | ---- | C] () -- C:\Users\Michael\Documents\SuccesswithMichael blog requirements.odt
[2012/05/01 16:27:27 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.reseller ad 1.odt#
[2012/05/01 16:27:22 | 000,012,945 | ---- | C] () -- C:\Users\Michael\Documents\reseller ad 1.odt
[2012/05/01 15:45:54 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.The Google Penguin Update.odt#
[2012/05/01 15:45:45 | 000,031,278 | ---- | C] () -- C:\Users\Michael\Documents\The Google Penguin Update.odt
[2012/05/01 01:02:42 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.What a Mentor should be, should do.odt#
[2012/04/29 23:40:20 | 000,001,121 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2012/04/29 23:40:16 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012/04/28 23:15:30 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.welcome aboard letter1.odt#
[2012/04/27 23:47:44 | 007,429,716 | ---- | C] () -- C:\Users\Michael\Documents\Desktop.zip
[2012/04/27 17:45:40 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.Success with Michael Dream Team.odt#
[2012/04/26 00:52:14 | 000,039,173 | ---- | C] () -- C:\Users\Michael\Documents\AA- Special Cut (8-15 cm).jpg
[2012/04/24 15:45:24 | 000,011,026 | ---- | C] () -- C:\Users\Michael\Documents\Michael ladd information.Zip
[2012/04/23 23:40:40 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.Mikes address book.odt#
[2012/04/22 14:41:27 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.what I need to do do to fix my blog.odt#
[2012/04/22 14:40:47 | 000,000,000 | ---- | C] () -- C:\Users\Michael\Documents\New WinZip Zipx File.zipx
[2012/04/22 04:13:48 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.My biggest pet peeve2.odt#
[2012/04/22 04:13:47 | 000,021,585 | ---- | C] () -- C:\Users\Michael\Documents\My biggest pet peeve2.odt
[2012/04/21 12:47:30 | 000,012,829 | ---- | C] () -- C:\Users\Michael\Documents\Michael ladd information.odt
[2012/04/19 11:27:11 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.What is your BIGGEST MLM pet peeve.odt#
[2012/04/19 11:27:09 | 000,019,412 | ---- | C] () -- C:\Users\Michael\Documents\What is your BIGGEST MLM pet peeve.odt
[2012/04/19 04:46:01 | 000,081,644 | ---- | C] () -- C:\Users\Michael\Documents\Account summary started at green pack amazing in 9 months.jpg
[2012/04/18 11:40:57 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.blog info.odt#
[2012/04/18 11:40:55 | 000,017,097 | ---- | C] () -- C:\Users\Michael\Documents\blog info.odt
[2012/04/18 08:13:44 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.ATTRACTION MARKETING THERORY IS DEAD!!.odt#
[2012/04/17 12:06:10 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.12 Second Commute.2.odt#
[2012/04/17 10:20:57 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.craigslist ad.odt#
[2012/04/17 10:20:56 | 000,016,045 | ---- | C] () -- C:\Users\Michael\Documents\craigslist ad.odt
[2012/04/16 11:40:20 | 000,520,143 | ---- | C] () -- C:\Users\Michael\Documents\NewbieReport.pdf
[2012/04/15 18:38:23 | 000,020,076 | ---- | C] () -- C:\Users\Michael\Documents\SEO Business.odt
[2012/04/15 18:38:23 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.SEO Business.odt#
[2012/04/15 17:25:27 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.Success with Michael Dream Team.00.odt#
[2012/04/15 01:04:21 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\SendBlaster 2.lnk
[2012/04/14 05:09:55 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.banner ads and widgets.odt#
[2012/04/14 05:09:53 | 000,011,397 | ---- | C] () -- C:\Users\Michael\Documents\banner ads and widgets.odt
[2012/04/14 04:33:20 | 000,010,386 | ---- | C] () -- C:\Users\Michael\Documents\banner ads.odt
[2012/04/14 04:11:03 | 000,038,175 | ---- | C] () -- C:\Users\Michael\Documents\sargent.gif
[2012/04/14 04:09:01 | 000,132,673 | ---- | C] () -- C:\Users\Michael\Documents\Info-Product-Cheatsheet.pdf
[2012/04/13 19:56:05 | 000,039,519 | ---- | C] () -- C:\Users\Michael\Documents\pdhighlights_022108.pdf
[2012/04/13 14:34:41 | 000,013,006 | ---- | C] () -- C:\Users\Michael\Documents\Just wanted say hi to everyone!!!.odt
[2012/04/12 10:39:37 | 000,009,904 | ---- | C] () -- C:\Users\Michael\Documents\cheap computer.odt
[2012/04/12 00:03:39 | 000,000,256 | ---- | C] () -- C:\Users\Michael\Documents\50TechBoostConveriob.508.zip
[2012/04/11 23:51:00 | 000,293,038 | ---- | C] () -- C:\Users\Michael\Documents\50 Techniques to Boost Conversions.pdf
[2012/04/11 23:25:02 | 000,381,375 | ---- | C] () -- C:\Users\Michael\Documents\100 Ways to Increase Sales-signed.pdf
[2012/04/11 22:36:38 | 000,344,644 | ---- | C] () -- C:\Users\Michael\Documents\100 Ways to Increase Sales.pdf
[2012/04/11 19:39:44 | 000,000,256 | ---- | C] () -- C:\Users\Michael\Documents\100TechIncreaseSales.5750.zip
[2012/04/10 20:14:50 | 000,001,884 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Email Extractor 14.lnk
[2012/04/10 20:14:38 | 000,001,890 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Email Extractor 14.lnk
[2012/04/10 20:14:27 | 000,001,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Email Extractor 14.lnk
[2012/04/10 20:14:12 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\Email Extractor 14.lnk
[2012/04/10 07:44:32 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.Government impact on Wayne county from Ball St..odt#
[2012/04/08 20:07:57 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.Network marketing VT ad.odt#
[2012/04/08 19:29:25 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/08 08:54:38 | 000,019,164 | ---- | C] () -- C:\Users\Michael\Documents\network marketing VT closing letter2.odt
[2012/04/08 07:52:03 | 000,003,103 | ---- | C] () -- C:\Users\Michael\Desktop\Fast Email Extractor.lnk
[2012/04/08 06:19:58 | 000,000,119 | -H-- | C] () -- C:\Users\Michael\Documents\.~lock.How To Optimize Twitter.odt#
[2012/04/08 06:15:24 | 000,028,207 | ---- | C] () -- C:\Users\Michael\Documents\How To Optimize Twitter.odt
[2012/04/06 11:04:16 | 000,018,255 | ---- | C] () -- C:\Users\Michael\Documents\Government impact on Wayne county from Ball St..odt
[2012/04/06 07:54:22 | 000,204,800 | ---- | C] () -- C:\License.ndb
[2012/04/06 05:47:51 | 000,020,768 | ---- | C] () -- C:\Users\Michael\Documents\networkmarketingvt jason sales letter.odt
[2012/04/06 05:33:33 | 000,000,256 | ---- | C] () -- C:\Users\Michael\Documents\gurulistbuster.zip
[2012/02/22 21:45:27 | 000,499,712 | ---- | C] () -- C:\Windows\iwexec.exe
[2012/01/05 12:54:30 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{8F4FA273-E3C8-4379-82D6-4B37C215296F}
[2012/01/01 08:43:28 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{5B199633-5790-4156-9DB8-91B1861FD4B1}
[2011/12/04 18:52:19 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{61FA6757-64A0-473F-B3DD-E91E120278C2}
[2011/11/30 12:50:41 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{74D569DA-462C-4E75-B114-CDBAB32DF4A6}
[2011/11/23 14:38:42 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{24ED2A40-43DF-47A0-93D2-B40365293498}
[2011/11/13 00:27:39 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{22F0008B-26AA-474C-B2DD-33660B2D0D2A}
[2011/11/07 07:14:50 | 000,099,436 | ---- | C] () -- C:\Program Files (x86)\Common Files\Engines.lnl
[2011/10/14 10:07:04 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2011/08/06 02:26:11 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{E8E823D0-ABD6-4602-B52F-10D49B8D9A71}
[2011/08/06 02:23:59 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{1C0F097F-E94E-457C-A2EC-054CBD7A3CAE}
[2011/08/06 02:22:00 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{48F6DCD9-1E91-43C0-91AE-1260C8643615}
[2011/08/02 13:23:47 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\{4DAD9F01-6A31-404E-B45C-46F94E50162F}
[2011/05/27 13:33:21 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\bibstats
[2011/05/25 17:35:20 | 000,000,316 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2011/02/27 01:01:49 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/01/25 23:45:00 | 000,796,892 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/08 02:14:20 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\coder.dll
[2010/11/08 23:52:34 | 000,000,239 | ---- | C] () -- C:\Windows\Trellian.ini
[2010/10/06 15:24:31 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\ftm31.dat
[2010/09/28 20:50:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:B63300D1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >
Last edited by NonSuch on May 10th, 2012, 5:40 pm, edited 2 times in total.
Reason: Disabled link and removed users email address
Michael75065
Banned Member
 
Posts: 1
Joined: May 5th, 2012, 7:12 pm
Advertisement
Register to Remove

Re: How do I delet http://www.searchnu.com/406

Unread postby diver79 » May 6th, 2012, 2:05 pm

Hi and welcome to MalwareRemoval.com, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems.

Before we start please note the following important guidelines.
  • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
  • Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP?
How to backup your data - Vista/Win7

Please read the following article and post the correct logs

HOW TO GET HELP IN THIS FORUM - everyone must read this.

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: How do I delet http://www.searchnu.com/406

Unread postby diver79 » May 8th, 2012, 1:09 pm

Do you still need help Michael?
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: How do I delet http://www.searchnu.com/406

Unread postby NonSuch » May 10th, 2012, 5:42 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware