Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Searchnu.com/421

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Searchnu.com/421

Unread postby BrianE » November 23rd, 2012, 5:19 pm

Hi,

I hope you can help me.

I downloaded a free CD burner and I think I got infected with searchnu.com/421 virus. I have tried to get rid of it but I am sure it is still lurking somewhere. Internet Explorer has become impossible to use although firefox is working ok. Also my DVD drives won't now recognise games software although they will play music cd's.

Below are my logs and I hope you can help.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455
Run by Brian at 21:09:39 on 2012-11-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1862 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\PROGRA~1\MAGIX\PC_Live\MxTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\CleanMem\mini_monitor.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bt.yahoo.com
uWindow Title = Windows Internet Explorer provided by BT Yahoo!
uDefault_Page_URL = hxxp://bt.yahoo.com
uProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
dURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [Facebook Update] "c:\users\brian\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\users\brian\appdata\roaming\microsoft\windows\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutorun = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveAutorun = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{26CC7E6B-96F6-4DB9-8199-CCA633A40145} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{CC7FA823-D2A9-4804-9968-8B38BBE6D5A4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CE49CF07-3232-4BF0-9463-B6B266D027B0} : DHCPNameServer = 192.168.1.254 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\f0k51vbq.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://bt.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\citrix\ica client\npicaN.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\brian\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\brian\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\brian\program files\dna\plugins\npbtdna.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - ExtSQL: 2012-11-22 08:25; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\mcafee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [2012-2-11 14208]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-9 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-14 554048]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-11-7 65848]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2010-7-11 3333808]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-6-29 66776]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-14 206784]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-25 390528]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-4 272216]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-11-7 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-11-7 166840]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-25 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-9 95200]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 167784]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-14 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-14 200816]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-14 168368]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-14 166320]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-2-24 90112]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-9-13 361472]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-11-7 976728]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-4-8 2666880]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-14 60480]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-14 230224]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-14 61912]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-14 360792]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-2-24 27632]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\system32\appdrvrem01.exe svc --> c:\windows\system32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;c:\program files\magix\pc_check_tuning_2012\MXSAS.exe [2011-8-24 187168]
S3 AllShare;SAMSUNG AllShare Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2010-7-16 6638080]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-12-5 83472]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-8-2 36608]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-3-19 30192]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-9-27 146872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-14 92192]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-9-26 23096]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2008-9-26 3768]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2012-4-2 798208]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2008-7-4 288768]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-3-20 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-3-20 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-3-20 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-3-20 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-3-20 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-3-20 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-3-20 115752]
S3 SaiHFF04;SaiHFF04;c:\windows\system32\drivers\SaiHFF04.sys [2007-5-1 132232]
S3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\system32\drivers\SaiIFF04.sys [2007-5-1 16256]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2100-02-08 15:03:54 53248 ----a-w- c:\program files\ACMonitor_X73.exe
2012-11-23 19:07:12 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e872d817-d539-407d-bc4b-1a83ffe6cb11}\mpengine.dll
2012-11-23 18:01:38 -------- d-----w- c:\users\brian\appdata\local\ElevatedDiagnostics
2012-11-22 16:56:41 -------- d-----w- c:\users\brian\appdata\local\Macromedia
2012-11-22 16:25:46 -------- d-----w- c:\users\brian\appdata\roaming\ParetoLogic
2012-11-22 16:25:34 -------- d-----w- c:\programdata\ParetoLogic
2012-11-21 20:31:50 -------- d-----w- c:\users\brian\appdata\roaming\HCReport
2012-11-21 16:44:31 -------- d-----w- c:\program files\common files\Symantec Shared
2012-11-21 16:44:15 -------- d-----w- c:\programdata\Norton
2012-11-21 16:40:38 -------- d-----w- c:\users\brian\appdata\local\IsolatedStorage
2012-11-21 13:52:48 -------- d-----w- C:\$RECYCLE.BIN
2012-11-21 13:03:37 98816 ----a-w- c:\windows\sed.exe
2012-11-21 13:03:37 256000 ----a-w- c:\windows\PEV.exe
2012-11-21 13:03:37 208896 ----a-w- c:\windows\MBR.exe
2012-11-20 13:39:10 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-11-19 21:35:36 -------- d-----w- c:\program files\Enigma Software Group
2012-11-19 21:33:52 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-11-19 20:38:31 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2012-11-19 20:38:31 15360 ----a-w- c:\windows\system32\inetfr.DLL
2012-11-19 20:38:31 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2012-11-19 20:38:31 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2012-11-19 20:38:30 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2012-11-19 20:38:30 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2012-11-19 20:38:30 -------- d-----w- c:\users\brian\appdata\roaming\FreeBurner
2012-11-19 20:38:15 -------- d-----w- c:\program files\Free Easy CD DVD Burner
2012-11-19 20:14:34 -------- d-----w- c:\users\brian\appdata\local\{8CD79430-C3C0-4654-A288-99CF94A24410}
2012-11-18 20:59:43 -------- d-----w- c:\users\brian\appdata\local\{0A6AD83D-8879-4F5C-8686-91D31AB7F193}
2012-11-15 20:57:57 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 20:57:34 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 16:29:48 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-10-26 08:20:19 -------- d-----w- c:\program files\common files\xing shared
.
==================== Find3M ====================
.
2012-11-22 16:56:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-22 16:56:29 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 21:15:04 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 21:15:00 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 21:14:50 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-10 21:14:50 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-10 21:14:46 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 21:14:44 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-10 21:14:42 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 21:14:28 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 21:14:22 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-10 21:14:22 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-10 21:14:16 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 21:14:16 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29:41 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29:41 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 13:15:52 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-29 19:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2001-05-08 15:36:42 114688 ----a-w- c:\program files\lxarscan.dll
.
============= FINISH: 21:10:18.02 ===============
BrianE
Regular Member
 
Posts: 15
Joined: November 23rd, 2012, 5:07 pm
Advertisement
Register to Remove

Re: Searchnu.com/421

Unread postby askey127 » November 24th, 2012, 8:42 am

Hi BrianE,
You will need to read and follow these instructions carefully in the sequence given.
I would recommend you Uninstall Rapport before we begin.
It may seriously effect any attempts to fix your machine.

Uninstall instructions for Rapport are available from this page:
http://www.trusteer.com/support/uninstalling-rapport-windows-vista-and-windows-7
You may want to print that out the page before trying to Uninstall.

After removing Trusteer Rapport, please reboot the machine.

You may want to print out the instructions on this page as well. Your call.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
----------------------------------------------
Preliminary Removals with an OTL Custom Fix
Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename Fix.txt
SQW7-Vista_x32.TXT
Make sure that Fix.txt is the exact filename used, and that you can find it on your desktop.

----------------------------------------------
Perform a Custom Fix with OTL
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to highlight the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button in OTL.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *sweetim*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *sweetim*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    sweetie
    sweetim
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

so we are looking for the log from OTL, and the report from SystemLook
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Searchnu.com/421

Unread postby BrianE » November 24th, 2012, 1:32 pm

Hi askey127,

I have got to the Run Fox part and did that and a lot of activity occurred, but after a while the box disappeared and I went back to a blank desktop. There is hard drive activity going on but my computer seems to have hung.

What should I do now?
BrianE
Regular Member
 
Posts: 15
Joined: November 23rd, 2012, 5:07 pm

Re: Searchnu.com/421

Unread postby askey127 » November 24th, 2012, 3:16 pm

If you interrupted it, you need to perform the Run Fix again exactly by the instructions.
It will normally blank the desktop while it removes garbage from your machine.
Please wait until it finishes and either reboots or asks you to reboot.
Then continue with posting the log and performing the SystemLook instruction.

Please be patient about these things and don't assume anything is wrong for at least 30 minutes.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Searchnu.com/421

Unread postby BrianE » November 24th, 2012, 4:28 pm

Hi,

i replied on my daughter's alptop so didn't interrupt it. It's been the same for about 3 hours now so I'll run it again.
BrianE
Regular Member
 
Posts: 15
Joined: November 23rd, 2012, 5:07 pm

Re: Searchnu.com/421

Unread postby BrianE » November 24th, 2012, 7:08 pm

Hi Askey127,

I ran OTL again and this time it hung with a blank desktop for over an hour. IT starts running ok with the OTL window showing but then after a while that disappears and goes to a blank desktop. The first time I left it for 3 hours and then rebooted and the second time for an hour.

Attached is the text file that I got on re-booting.

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I have also run SystemLook and attach a copy of the log that that produced.

SystemLook 30.07.11 by jpshortstuff
Log created at 22:02 on 24/11/2012 by Brian
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\softupdate\Searchqu Toolbar.png --a---- 2109 bytes [16:50 17/07/2012] [16:50 17/07/2012] 122FDA50163376EEAE81935758B31D19
C:\Users\All Users\MAGIX\PC_Check_Tuning_2012\softupdate\Searchqu Toolbar.png --a---- 2109 bytes [16:50 17/07/2012] [16:50 17/07/2012] 122FDA50163376EEAE81935758B31D19

Searching for "*iLivid*"
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\softupdate\iLivid.png --a---- 2917 bytes [16:50 17/07/2012] [16:50 17/07/2012] DFDEE0A06C666121D13E0934772DFC13
C:\Users\All Users\MAGIX\PC_Check_Tuning_2012\softupdate\iLivid.png --a---- 2917 bytes [16:50 17/07/2012] [16:50 17/07/2012] DFDEE0A06C666121D13E0934772DFC13

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*sweetim*"
C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Cookies\Low\lorraine@sweetim[1].txt --a---- 1269 bytes [17:15 08/05/2008] [17:15 08/05/2008] 7673DE0AFD429E04F497A1D2D85E47A9
C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Cookies\Low\teresa@sweetim[2].txt --a---- 321 bytes [22:38 17/12/2008] [22:38 17/12/2008] 5C50A3142C763626BE38CC41B7BDECBB

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\Users\Teresa\AppData\LocalLow\searchqutoolbar d------ [21:31 26/07/2012]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\11242012_170522\c_program files\iLivid d------ [21:03 14/07/2012]
C:\_OTL\MovedFiles\11242012_170522\C_Users\Brian\AppData\Local\Ilivid Player d------ [21:04 14/07/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Users\Brian\AppData\LocalLow\DataMngr d------ [21:04 14/07/2012]

Searching for "*trolltech*"
No folders found.

Searching for "*sweetim*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=2111304430204803&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

Searching for "sweetie"
No data found.

Searching for "sweetim"
No data found.

-= EOF =-


I'm going to run the OTL scan again and leave my computer switched on overnight and see if it does anything different. I'll update you tomorrow morning UK time.

Thanks
BrianE
Regular Member
 
Posts: 15
Joined: November 23rd, 2012, 5:07 pm

Re: Searchnu.com/421

Unread postby BrianE » November 24th, 2012, 7:23 pm

Hi askey127,

Clearly by threatening my computer that it was going to have to stay awake all night did the trick. I ran OTL again and it worked straightaway and here is the log that it gave me.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll not found.
========== REGISTRY ==========
Registry key hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\2b1e51d87b2d71a44bb42ddd5e894160\installproperties\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ilivid\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\windows searchqu toolbar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\ilivid\ not found.
Registry key hkey_local_machine\software\classes\ilivid\ not found.
Registry key hkey_local_machine\software\classes\installer\products\2b1e51d87b2d71a44bb42ddd5e894160\ not found.
Registry key hkey_local_machine\software\ilivid\ not found.
Registry key hkey_local_machine\software\ilivid\player\hosts\ilivid.com\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key hkey_current_user\software\datamngr_toolbar\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader.1\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key hkey_current_user\software\appdatalow\software\searchqutoolbar\ not found.
Registry key hkey_current_user\software\datamngr\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\bandoo\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key hkey_current_user\software\trolltech\ not found.
Registry key hkey_current_user\software\ilivid\ not found.
Registry key hkey_current_user\software\searchqutoolbar\ not found.
Registry key hkey_local_machine\software\datamngr\ not found.
Registry key hkey_local_machine\software\bandoo\ not found.
Registry key hkey_local_machine\software\classes\appid\bandoocore.exe\ not found.
Registry key hkey_local_machine\software\classes\appid\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key hkey_local_machine\software\classes\applications\ilividsetupv1.exe\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr\ not found.
Registry key hkey_local_machine\software\classes\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key hkey_local_machine\software\classes\interface\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key hkey_local_machine\software\classes\interface\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard.1\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard\ not found.
Registry key hkey_local_machine\software\classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_local_machine\software\microsoft\radar\heapleakdetection\diagnosedapplications\ilivid.exe\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasapi32\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasmancs\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\searchqumediabartb\ not found.
Registry key hkey_local_machine\software\classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry value hkey_current_user\software\microsoft\internet explorer\main\\start page deleted successfully.
Registry value hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\ilivid.exe not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\vlc\vlc.exe not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\installer\folders\\c:\programdata\microsoft\windows\start menu\programs\ilivid\ not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\datamngr not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry key hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
========== FILES ==========
File/Folder C:\Users\Brian\AppData\Roaming\mozilla\firefox\profiles\searchquwebsearch.xml not found.
File/Folder C:\Users\Brian\AppData\Roaming\mozilla\firefox\profiles\searchqutoolbar not found.
File/Folder C:\Users\Brian\AppData\Roaming\mozilla\firefox\profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[1].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[2].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[1].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[2].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@sweetim[1].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\Brian\AppData\Local\ilivid player not found.
File/Folder C:\Users\Brian\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilividsetupv1.exe not found.
File/Folder C:\Users\Brian\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilivid[1].7z not found.
File/Folder C:\Users\Brian\AppData\Local\microsoft\windows\temporary internet files\content.ie5\setupdatamngr_searchqu[1].exe not found.
File/Folder C:\Users\Brian\AppData\Local\microsoft\windows\temporary internet files\content.ie5\sweetimsetup.exe not found.
File/Folder C:\Users\Brian\AppData\Local\microsoft\windows\temporary internet files\content.ie5\bandoov6[1].exe not found.
File/Folder C:\Users\Brian\AppData\Local\microsoft\windows\temporary internet files\low\content.ie5\searchqu_net[1].htm not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\bandoofiles not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\bandoov6.exe not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\setupdatamngr_searchqu.exe not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\sweetimreinstall not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\sweetimreinstall\sweetimsetup.exe not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\Brian\appdata\locallow\searchquband not found.
File/Folder C:\Users\Brian\appdata\locallow\searchqutoolbar not found.
File/Folder C:\Users\Brian\downloads\sweetimsetup.exe not found.
File/Folder C:\Users\Brian\downloads\ilividsetupv1.exe not found.
File\Folder c:\programdata\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\users\all users\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\program files\windows searchqu toolbar not found.
File\Folder c:\program files\windows ilivid toolbar not found.
File\Folder c:\program files\ilivid not found.
File\Folder c:\windows\prefetch\ilivid* not found.
File\Folder c:\windows\prefetch\searchqumediabar* not found.
File\Folder c:\windows\prefetch\setupdatamngr* not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Brian\Desktop\cmd.bat deleted successfully.
C:\Users\Brian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brian
->Temp folder emptied: 3949645 bytes
->Temporary Internet Files folder emptied: 1046451 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3495905 bytes
->Flash cache emptied: 962 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lorraine
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC.000
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC.001
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC.002
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC.003
->Temp folder emptied: 0 bytes

User: Teresa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 29897825 bytes
->Java cache emptied: 22582690 bytes
->FireFox cache emptied: 5369911 bytes
->Flash cache emptied: 91973 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC.000
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC.001
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC.002
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC.003
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 1460900 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5040 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11242012_231122

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
BrianE
Regular Member
 
Posts: 15
Joined: November 23rd, 2012, 5:07 pm

Re: Searchnu.com/421

Unread postby askey127 » November 25th, 2012, 12:04 pm

OK, Good !
Now please make that run again with SystemLook and post what it shows as its log.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Searchnu.com/421

Unread postby BrianE » November 25th, 2012, 2:51 pm

Hi askey127,

Here is the OTLlog:-

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll not found.
========== REGISTRY ==========
Registry key hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\2b1e51d87b2d71a44bb42ddd5e894160\installproperties\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ilivid\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\windows searchqu toolbar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\ilivid\ not found.
Registry key hkey_local_machine\software\classes\ilivid\ not found.
Registry key hkey_local_machine\software\classes\installer\products\2b1e51d87b2d71a44bb42ddd5e894160\ not found.
Registry key hkey_local_machine\software\ilivid\ not found.
Registry key hkey_local_machine\software\ilivid\player\hosts\ilivid.com\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key hkey_current_user\software\datamngr_toolbar\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader.1\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key hkey_current_user\software\appdatalow\software\searchqutoolbar\ not found.
Registry key hkey_current_user\software\datamngr\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\bandoo\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key hkey_current_user\software\trolltech\ not found.
Registry key hkey_current_user\software\ilivid\ not found.
Registry key hkey_current_user\software\searchqutoolbar\ not found.
Registry key hkey_local_machine\software\datamngr\ not found.
Registry key hkey_local_machine\software\bandoo\ not found.
Registry key hkey_local_machine\software\classes\appid\bandoocore.exe\ not found.
Registry key hkey_local_machine\software\classes\appid\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key hkey_local_machine\software\classes\applications\ilividsetupv1.exe\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr\ not found.
Registry key hkey_local_machine\software\classes\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key hkey_local_machine\software\classes\interface\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key hkey_local_machine\software\classes\interface\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard.1\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard\ not found.
Registry key hkey_local_machine\software\classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_local_machine\software\microsoft\radar\heapleakdetection\diagnosedapplications\ilivid.exe\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasapi32\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasmancs\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\searchqumediabartb\ not found.
Registry key hkey_local_machine\software\classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry value hkey_current_user\software\microsoft\internet explorer\main\\start page not found.
Registry value hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\ilivid.exe not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\vlc\vlc.exe not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\installer\folders\\c:\programdata\microsoft\windows\start menu\programs\ilivid\ not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\datamngr not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry key hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
========== FILES ==========
File/Folder C:\Users\Brian\AppData\Roaming\mozilla\firefox\profiles\searchquwebsearch.xml not found.
File/Folder C:\Users\Brian\AppData\Roaming\mozilla\firefox\profiles\searchqutoolbar not found.
File/Folder C:\Users\Brian\AppData\Roaming\mozilla\firefox\profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[1].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[2].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[1].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[2].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@sweetim[1].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Brian\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\Brian\AppData\Local\ilivid player not found.
File/Folder C:\Users\Brian\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilividsetupv1.exe not found.
File/Folder C:\Users\Brian\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilivid[1].7z not found.
File/Folder C:\Users\Brian\AppData\Local\microsoft\windows\temporary internet files\content.ie5\setupdatamngr_searchqu[1].exe not found.
File/Folder C:\Users\Brian\AppData\Local\microsoft\windows\temporary internet files\content.ie5\sweetimsetup.exe not found.
File/Folder C:\Users\Brian\AppData\Local\microsoft\windows\temporary internet files\content.ie5\bandoov6[1].exe not found.
File/Folder C:\Users\Brian\AppData\Local\microsoft\windows\temporary internet files\low\content.ie5\searchqu_net[1].htm not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\bandoofiles not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\bandoov6.exe not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\setupdatamngr_searchqu.exe not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\sweetimreinstall not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\sweetimreinstall\sweetimsetup.exe not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\Brian\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\Brian\appdata\locallow\searchquband not found.
File/Folder C:\Users\Brian\appdata\locallow\searchqutoolbar not found.
File/Folder C:\Users\Brian\downloads\sweetimsetup.exe not found.
File/Folder C:\Users\Brian\downloads\ilividsetupv1.exe not found.
File\Folder c:\programdata\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\users\all users\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\program files\windows searchqu toolbar not found.
File\Folder c:\program files\windows ilivid toolbar not found.
File\Folder c:\program files\ilivid not found.
File\Folder c:\windows\prefetch\ilivid* not found.
File\Folder c:\windows\prefetch\searchqumediabar* not found.
File\Folder c:\windows\prefetch\setupdatamngr* not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Brian\Desktop\cmd.bat deleted successfully.
C:\Users\Brian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brian
->Temp folder emptied: 6602436 bytes
->Temporary Internet Files folder emptied: 724342 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4766893 bytes
->Flash cache emptied: 846 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lorraine
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC.000
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC.001
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC.002
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC.003
->Temp folder emptied: 0 bytes

User: Teresa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC.000
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC.001
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC.002
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC.003
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1180 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11252012_180032

Files\Folders moved on Reboot...
File\Folder C:\Users\Brian\AppData\Local\Temp\~DF42AE.tmp not found!
File\Folder C:\Users\Brian\AppData\Local\Temp\~DF42B4.tmp not found!
File\Folder C:\Users\Brian\AppData\Local\Temp\~DF42EC.tmp not found!
File\Folder C:\Users\Brian\AppData\Local\Temp\~DF42F6.tmp not found!
File\Folder C:\Users\Brian\AppData\Local\Temp\~DF432E.tmp not found!
File\Folder C:\Users\Brian\AppData\Local\Temp\~DF4334.tmp not found!
C:\Users\Brian\AppData\Local\Temp\~DFED7.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


And here is the Systemlook log:-

SystemLook 30.07.11 by jpshortstuff
Log created at 18:30 on 25/11/2012 by Brian
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\softupdate\Searchqu Toolbar.png --a---- 2109 bytes [16:50 17/07/2012] [16:50 17/07/2012] 122FDA50163376EEAE81935758B31D19
C:\Users\All Users\MAGIX\PC_Check_Tuning_2012\softupdate\Searchqu Toolbar.png --a---- 2109 bytes [16:50 17/07/2012] [16:50 17/07/2012] 122FDA50163376EEAE81935758B31D19

Searching for "*iLivid*"
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\softupdate\iLivid.png --a---- 2917 bytes [16:50 17/07/2012] [16:50 17/07/2012] DFDEE0A06C666121D13E0934772DFC13
C:\Users\All Users\MAGIX\PC_Check_Tuning_2012\softupdate\iLivid.png --a---- 2917 bytes [16:50 17/07/2012] [16:50 17/07/2012] DFDEE0A06C666121D13E0934772DFC13

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*sweetim*"
C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Cookies\Low\lorraine@sweetim[1].txt --a---- 1269 bytes [17:15 08/05/2008] [17:15 08/05/2008] 7673DE0AFD429E04F497A1D2D85E47A9
C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Cookies\Low\teresa@sweetim[2].txt --a---- 321 bytes [22:38 17/12/2008] [22:38 17/12/2008] 5C50A3142C763626BE38CC41B7BDECBB

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\Users\Teresa\AppData\LocalLow\searchqutoolbar d------ [21:31 26/07/2012]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\11242012_170522\c_program files\iLivid d------ [21:03 14/07/2012]
C:\_OTL\MovedFiles\11242012_170522\C_Users\Brian\AppData\Local\Ilivid Player d------ [21:04 14/07/2012]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Users\Brian\AppData\LocalLow\DataMngr d------ [21:04 14/07/2012]

Searching for "*trolltech*"
No folders found.

Searching for "*sweetim*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=2111304430204803&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe|Name=Search-Results Toolbar DTX Broker|Edge=FALSE|"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

Searching for "sweetie"
No data found.

Searching for "sweetim"
No data found.

-= EOF =-


Thanks.
BrianE
Regular Member
 
Posts: 15
Joined: November 23rd, 2012, 5:07 pm

Re: Searchnu.com/421

Unread postby askey127 » November 25th, 2012, 3:58 pm

BrianE,
Looks like a free program called Magix is feeding your machine with all this trash.
I would Uninstall Magix (may be called PC Check Tuning 2012 ?) immediately.
Was this delivered with the free CD burner?
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Magix ...anything
PC Check Tuning 2012

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"=""
    "{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"=""
    "{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"=""
    "{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"=""
    
    :Files
    C:\Users\Brian\AppData\LocalLow\DataMngr
    C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Cookies\Low\lorraine@sweetim[1].txt
    C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Cookies\Low\teresa@sweetim[2].txt
    C:\Users\Teresa\AppData\LocalLow\searchqutoolbar
    C:\ProgramData\MAGIX\PC_Check_Tuning_2012
    C:\Users\All Users\MAGIX\PC_Check_Tuning_2012
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
---------------------------------------------
  • Double-click SystemLook.exe to run it again.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Searchqu*
    *iLivid*
    
    :folderfind
    *Searchqu*
    *datamngr*
    
    :regfind
    Searchqu
    datamngr
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt


Let me know if you were able to Uninstall Magix ..whatever it is, and then we will be looking for the Fix report from OTL, and the new Systemlook report.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Searchnu.com/421

Unread postby BrianE » November 25th, 2012, 5:18 pm

Hi,

I've uninstalled Magix but I don't think that caused the problem. I bought it from PC World (a big computer retailer in UK) and it is just a programme to help clean up your PC. Defragmenting, folder cleaning and that sort of stuff.

Attached are the OTL and Systemlook logs:-

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}"|"" /E : value set successfully!
========== FILES ==========
C:\Users\Brian\AppData\LocalLow\DataMngr folder moved successfully.
C:\Users\Lorraine\AppData\Roaming\Microsoft\Windows\Cookies\Low\lorraine@sweetim[1].txt moved successfully.
C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Cookies\Low\teresa@sweetim[2].txt moved successfully.
C:\Users\Teresa\AppData\LocalLow\searchqutoolbar folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\winsettings\en folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\winsettings folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\startup\personallist folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\startup\feedback folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\startup\deactivated folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\startup folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\softupdate folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\report folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\performanceindex folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\News Feed Info folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\mypc\personallist folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\mypc\feedback folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\mypc folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\logfiles folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\eusing\backup folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\eusing folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012\driverupdate folder moved successfully.
C:\ProgramData\MAGIX\PC_Check_Tuning_2012 folder moved successfully.
File\Folder C:\Users\All Users\MAGIX\PC_Check_Tuning_2012 not found.

OTL by OldTimer - Version 3.2.69.0 log created on 11252012_204022

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




SystemLook 30.07.11 by jpshortstuff
Log created at 21:00 on 25/11/2012 by Brian
Administrator - Elevation successful

========== filefind ==========

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\11252012_204022\C_ProgramData\MAGIX\PC_Check_Tuning_2012\softupdate\Searchqu Toolbar.png --a---- 2109 bytes [16:50 17/07/2012] [16:50 17/07/2012] 122FDA50163376EEAE81935758B31D19

Searching for "*iLivid*"
C:\_OTL\MovedFiles\11252012_204022\C_ProgramData\MAGIX\PC_Check_Tuning_2012\softupdate\iLivid.png --a---- 2917 bytes [16:50 17/07/2012] [16:50 17/07/2012] DFDEE0A06C666121D13E0934772DFC13

========== folderfind ==========

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\11252012_204022\C_Users\Teresa\AppData\LocalLow\searchqutoolbar d------ [21:31 26/07/2012]

Searching for "*datamngr*"
C:\_OTL\MovedFiles\11252012_204022\C_Users\Brian\AppData\LocalLow\DataMngr d------ [21:04 14/07/2012]

========== regfind ==========

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=2111304430204803&qu={searchTerms}&ft=json"

Searching for "datamngr"
No data found.

-= EOF =-


Thanks
BrianE
Regular Member
 
Posts: 15
Joined: November 23rd, 2012, 5:07 pm

Re: Searchnu.com/421

Unread postby askey127 » November 25th, 2012, 6:04 pm

BrianE,
If Magix is only dutifully looking for software updates for searchqu and iLivid in total innocence, you may be right.
Or, they may be associated, to pay for the Magix program being "free". :D
Happens all the time. Doesn't make it ethical.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    "SuggestionsURL_JSON"=""
    
    :Commands
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
----------------------------------------------
Would you see whether you can find a file on your desktop named Extras.txt ? (Same location as OTL.exe)
If you can, would you please open it with Notepad and post the contents.
If you can't find it, please let me know.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Searchnu.com/421

Unread postby BrianE » November 26th, 2012, 2:40 pm

Hi askey127,

Attached is the latest OTL log:-

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\\"SuggestionsURL_JSON"|"" /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 11262012_181741


As regards the Extras.txt log I couldn't see anything on my desktop so I did a search and found the attached which looks as though it was created on 23rd Nov.


OTL Extras logfile created on: 23/11/2012 19:10:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brian\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 55.27% Memory free
6.20 Gb Paging File | 3.80 Gb Available in Paging File | 61.23% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.96 Gb Total Space | 56.26 Gb Free Space | 19.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.34 Gb Free Space | 63.35% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{185D5BEF-7B87-47A8-AD7B-97D50AE25D2B}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{277A73BC-64F5-4FDF-98B8-5D5E3D82EF30}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A2669FE-EA9F-4B99-987F-0F83ED29DEE2}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{72E97602-B6A2-49F5-BE5C-17141AB42022}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{862DC519-E263-4799-9660-1BF63BA9CFE1}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{8AF8B73B-2B84-407F-8FEC-B22A5D8C3488}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A6441B71-DF18-41B0-A9E4-2A83C7574BB8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AF4E21-C6BE-4F5F-801B-D75812B3DC4D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{07783D12-D433-447D-8F29-DC4C99F68C90}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{081DBD2B-84EC-4C00-8E02-D971D3DA5FE4}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{09862888-F7A8-4C03-97A3-B77E8F275E2F}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{0C90B80C-5FD1-46F2-A133-4552DEF489B4}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{0CA0B270-FBAC-4B9E-AAF9-96F2F6E84C53}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\srtool~1\dtuser.exe |
"{12F52054-FA8B-484A-BED9-80AFA4D107AD}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{14850FF1-1679-43F6-9905-64DDE1942872}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{168D2F5E-C41F-4C57-8126-26EA17FFB9FA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{16FC5410-33BB-40F5-A212-14067769B53C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{175E4C19-E188-416E-B62B-08E1B5C94DD9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2012\fm.exe |
"{17F52D37-7170-4BA7-819B-6E1E1B6DE868}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{182D9DF0-E7D5-4187-A94E-1A2C63E248B5}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{1D0DFC15-D3E1-4571-95B8-47B1070DE669}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{1EE52DFF-CD33-4C6A-AA28-0233A3157E26}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{210155F5-7FE1-4DFD-AD24-8FC1B6198B56}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{2470DFF1-0B5B-40AF-98CB-56F6E644F339}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2012\fm.exe |
"{24BA249F-1146-4F07-AE4D-0DF290E4A032}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{24E18844-67DB-40A5-9DB9-311BB4E11930}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{2AA98B49-69D2-49A7-B792-C6F6E9FE431F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{2B49253D-D1C4-40FB-BB8B-8DE7EE53E206}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\f1 2012 dev diary 2\smp.exe |
"{2C4F1AED-647D-4A62-8787-BEA1FD925A78}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{30E4D21F-97C2-443E-9CA8-99D2B6952681}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{3197F0B3-39F6-4F5A-96EE-E2328A59B990}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{327D77E9-63BF-4C76-AFB7-FA568867CEA2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3581AC6C-E591-475A-8578-25502D475A0C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcfpswx.exe |
"{38EA5A2B-5485-4814-8D2B-1C7C5BE636BD}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{399B3B2E-4BB1-4A91-83E8-C1BACF515E87}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{39DB3D1C-7A26-4485-9CE8-701E5F6D9DED}" = protocol=6 | dir=in | app=c:\windows\system32\dlcfcoms.exe |
"{3B52D01A-5B80-4346-8C33-96641F720E71}" = protocol=17 | dir=in | app=c:\windows\system32\dlcfcoms.exe |
"{3C6AA5B9-4053-4AB8-91AA-D6D5E4090297}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{40E0F727-582D-4B52-86D7-5B4598E293D5}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{4120D43C-6A34-4A0B-8069-5896F617B14F}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{418EA766-DBF2-4E80-B258-C6F0FB02104A}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{44C27A11-DF3C-471F-9301-BFD52156D93B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{46BB6718-F086-489E-BE4F-81E46C245BBD}" = protocol=6 | dir=in | app=c:\program files\cyanide\pro cycling manager - season 2010\pcm.exe |
"{4C23680F-5A69-4F94-A2E2-4E7B61788636}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{4C2C4BC4-A435-4FDD-8E29-7F95C2996CFF}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{4C2CE195-EA4D-4357-85C6-223BC1D1CC0E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4C8500DD-D08C-42AB-93BA-C65D07C87BCE}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{4D2466BC-4F0D-4C48-9149-4E07AAE8275C}" = protocol=17 | dir=in | app=c:\windows\system32\dlcfcoms.exe |
"{4DF2BE61-2EA4-4860-90BE-650CE3EB8303}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{50597CF2-4C69-4751-AF8A-64A3A9EDB197}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{50E0E93F-D063-4BBA-806E-32FE60CDBEDC}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{517342FA-81BF-4251-B990-E76CEF58E2ED}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{5647BFA0-F1C0-460C-9665-C72C6A4B973C}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\srtool~1\dtuser.exe |
"{566EB69F-AB0E-4A46-8B63-79D527DB324A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
"{5BC21A90-C40D-48FF-969B-601E20DAFB1A}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{5C669EE9-343A-4C02-BCDE-48BB7DAFDC28}" = protocol=17 | dir=in | app=c:\program files\kservice\kservice.exe |
"{5E16FFFC-72B7-4F76-9A3C-CA12FDD6A6F8}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{60B88C78-AA43-4B86-8E94-04EEC5D30E18}" = protocol=6 | dir=in | app=c:\windows\kdx\khost.exe |
"{61231401-213C-447F-8BAB-B03EAF0E8D79}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{653FEAF2-5EA7-4D65-9E89-D73953AB67C6}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{682E5E5E-F8AC-466C-A826-82605AA0208F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{683DCE23-D301-4D12-A8AF-E11067AF464C}" = protocol=6 | dir=in | app=c:\program files\codemasters\f1 2011\f1_2011.exe |
"{68C33E12-1F68-4C9B-8496-DEADED8586D4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{6920733F-1A1D-4075-B55A-77D0E149B72C}" = protocol=6 | dir=in | app=c:\program files\cyanide\pro cycling manager - season 2010\autorun\exe\autorun.exe |
"{73232D1A-E8E0-4A80-8C34-CAB8F0083C42}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{757D298D-3898-4D41-A56A-C9ED408318FA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcfpswx.exe |
"{7BF3F41A-5FDD-4AE8-8769-CB4ABC2A6091}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{7CB05C57-CCA9-4BDF-B44D-6F111385151D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7E5052A0-AFBE-4CA9-BFF5-A04A2D461688}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7F5A983D-E08B-410A-89C2-8A18BB42124D}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{81D99DF9-5A64-48AC-B55C-C7812171DFAB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{82D365E5-D676-4A8E-847F-CE52EB34D7E6}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{8583F374-EF85-403E-B07F-52679CC7991D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{89288707-F042-4A91-A375-7002FA5483AA}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{89D02047-F795-446D-8654-DEF8A2B57120}" = protocol=6 | dir=in | app=c:\windows\system32\dlcfcoms.exe |
"{8C9B3EED-6D4A-4453-AC56-BA952B39C16F}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{91CD9784-535B-4B27-98C1-C26FAE294CC5}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
"{93082AF2-9715-4DF4-9CC1-8DE43C7BC71C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9DD066EB-A17D-4B83-AB25-D967BE2683DB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A13B8773-7ACD-4EB6-A90A-DBE5025E9184}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{A3A55D99-2938-4D2B-87F6-D8F1D988863E}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{AAD18729-802D-45A6-A09C-A2D184F56DD1}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{ACD08637-B388-48B6-8F8D-C7D1D8AEA59B}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{AD3AC686-2206-463D-9C45-0553470B1839}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{AE3D9A62-623F-4534-9BB7-EFCA168A1469}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcfpswx.exe |
"{AEFDB106-DE27-4D2A-8C4F-60F9F81E63BC}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{B0FBD1CF-1A49-408B-8861-DC24101E6AE7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\wargame launch trailer\smp.exe |
"{B28B756C-AB41-47FE-AA3D-4D26C2BE062A}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{B42AACE7-5BC3-4E4F-A056-B5D859684F4C}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{B52F7B5F-A303-4D0C-9706-C449C55C20C4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B67CD785-5BBB-4242-91B9-6EB365DA1BB5}" = protocol=17 | dir=in | app=c:\program files\cyanide\pro cycling manager - season 2010\autorun\exe\autorun.exe |
"{BB48B221-B777-4CFB-9FF3-21168A09F51D}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{BBAE7C1F-A1CE-4710-A8C8-32DC0F9D6C7B}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{BF44E738-06AF-47A5-9EE2-14B13B4BB83E}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{C145B621-5DCD-4690-BA8E-1212F41F6BF6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{C1BB52F0-6303-40D0-AC73-361C4E00A1C3}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{C256A3CC-42B4-4EB7-81A9-F7D8AF0691ED}" = protocol=17 | dir=in | app=c:\program files\cyanide\pro cycling manager - season 2010\pcm.exe |
"{C2EC2E04-5E8C-4F98-BAE0-AB5F3BB70F7A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{C4B00D55-10E3-4AF1-AEEF-4C6E4E0EBC56}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C7257113-4E2A-4F60-AB6B-A333C0B2CE05}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA60A525-F192-4F09-A819-58DC35A8B074}" = protocol=6 | dir=in | app=c:\program files\kservice\kservice.exe |
"{CB0FF069-8B37-409F-B53B-3E329067E27A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dlcfpswx.exe |
"{CB164A96-A49D-49B0-9DC5-2FFEFF4B8B36}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{CF6BBD84-DC84-4E13-B243-654279FCBD11}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\wargame launch trailer\smp.exe |
"{D3773C49-A2B0-4863-AE52-BDD9468636F6}" = protocol=17 | dir=in | app=c:\program files\codemasters\f1 2011\f1_2011.exe |
"{D8825B9D-24B5-4F80-BFFF-7E42E3D9276F}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{DDDD8C57-D109-4AEB-B59D-76AE351CED58}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\f1 2012 dev diary 2\smp.exe |
"{DF4B6EE0-5BF3-45F1-83EA-D66C81DF3337}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E17D2497-F5B6-42B4-9FAA-6D76643BE34A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3A966F1-A41D-42D1-842C-6C4D5145CB7A}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{E514891F-6EC1-428C-97C0-D04FF4965C61}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{E9CFFC53-3C80-49A8-9C55-7D848C57F2AB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{EB7E3614-4372-4367-93F5-CB64939C91FA}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EE5FB885-A75B-4A18-81A9-C79AE7A8305E}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{EF72ACA0-91E6-459B-8ACE-5F3B350FECEC}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{F0806FFD-FD3C-4AA1-BAA8-F458B74074FA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{F57FB2C2-CE60-42FB-B032-571693756656}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{F61D4D5E-1433-4979-AC42-D599F32F6C49}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{FAB9C37C-6C15-4E40-824B-51A5FD3DFC49}" = dir=in | app=c:\users\brian\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{FC316557-42F0-43ED-9D2A-BCEDA5A4619C}" = protocol=17 | dir=in | app=c:\windows\kdx\khost.exe |
"{FC7C4117-44E6-4941-B859-BEAC9BEAD455}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{FE1ECAB7-CB29-4A51-9921-171E08969C32}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{FF47DC01-6DAD-49DE-A50F-6DBA2AE1F268}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"TCP Query User{311C276B-5EB3-45A9-B4A2-95E6DD43776D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{48F51BAA-5B4A-42DD-8D82-B9EA5AA847C0}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe |
"TCP Query User{51BBBC4C-62F4-4500-9742-F77D4838EB01}C:\program files\microsoft games\links 2003\linksmmiii.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\links 2003\linksmmiii.exe |
"TCP Query User{5DB68038-E3CC-499A-8A0A-BE8795F9EA0B}C:\program files\ea games\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\mohaa\mohaa.exe |
"TCP Query User{61350A12-5E54-4241-B454-4D9C5D652ADA}C:\program files\ea games\mohaa\moh_breakthrough.exe" = protocol=6 | dir=in | app=c:\program files\ea games\mohaa\moh_breakthrough.exe |
"TCP Query User{650BF0F2-6611-4168-A78A-88FE4B473BD8}C:\program files\raptr\raptrbt.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptrbt.exe |
"TCP Query User{65BA197F-C2D3-4574-B4B4-B5D160E17169}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"TCP Query User{A82EBA83-BEBC-49FB-90D7-603B10F2DF1C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{B1C917F3-9E04-417D-A954-E2836AEDC240}C:\users\brian\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\brian\program files\dna\btdna.exe |
"TCP Query User{BD263444-0189-4DD3-A043-DEB49C17AB76}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{C3C65556-E2A9-4620-A0F3-8FB12C3C0878}C:\program files\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"TCP Query User{C47014A2-DAD8-4230-BD73-0EB29192EC4C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DEEF3DFF-C269-4A90-B513-E134496A92B7}C:\users\brian\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\brian\program files\dna\btdna.exe |
"TCP Query User{EC912C2E-F931-440C-965E-285154771C61}C:\program files\infogrames\grand prix 4\gp4.exe" = protocol=6 | dir=in | app=c:\program files\infogrames\grand prix 4\gp4.exe |
"UDP Query User{00555A28-1F0C-4BB6-887E-C848C4293446}C:\program files\microsoft games\links 2003\linksmmiii.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\links 2003\linksmmiii.exe |
"UDP Query User{0F14AB9C-3914-4378-84F5-059AFFE1496C}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe |
"UDP Query User{1C850BD5-E588-4423-BCD4-34D970BDCC8E}C:\program files\raptr\raptrbt.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptrbt.exe |
"UDP Query User{1D44FE4E-47DE-451E-8D78-CB079664F32C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{31BC706F-7062-4306-8526-6DA153483BE7}C:\program files\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"UDP Query User{37AF3C4F-AA49-4019-9B7D-66FB52AF997A}C:\users\brian\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\brian\program files\dna\btdna.exe |
"UDP Query User{6EB50CA6-282B-4797-AD0F-DD9E8ADAAB2F}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"UDP Query User{8AB527AC-82CF-4FAD-9C67-B628B2ACC9EF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{9D64F371-163E-402E-968D-DC216016630A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9EE54C76-4D61-4C54-BB5B-6040F10A4E8E}C:\users\brian\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\brian\program files\dna\btdna.exe |
"UDP Query User{A4170495-BF56-4955-B6F0-4C01205748C4}C:\program files\ea games\mohaa\moh_breakthrough.exe" = protocol=17 | dir=in | app=c:\program files\ea games\mohaa\moh_breakthrough.exe |
"UDP Query User{B14987CA-BEF8-4F09-945F-C721FB221C81}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{D716D03D-EC92-45DF-B9BB-996066D0F764}C:\program files\infogrames\grand prix 4\gp4.exe" = protocol=17 | dir=in | app=c:\program files\infogrames\grand prix 4\gp4.exe |
"UDP Query User{FAF19883-8E20-44B4-9623-D49F2EC972CD}C:\program files\ea games\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\mohaa\mohaa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D62121B-0361-47CD-8712-5B2F5D8D1C9C}" = Smart Technology Programming Software 7.0.2.7
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{176B3593-72F1-459C-829C-5E9671E2CB35}" = GameSpy Comrade
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F545642-28CE-4518-A943-636E17163C19}" = 725plv32
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{246CB06B-308C-4CAE-AD1C-CB8409274261}" = Citrix Receiver(Aero)
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = ZTE ZXHN W151N Wireless LAN Card
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D2D4073-D8F1-44FC-A8FF-8E679A84417E}" = MAGIX Screenshare
"{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{38496EC2-78B7-412A-9398-FC6B7DB8E182}" = Orange Preload
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3AF144F9-849D-DEDA-BA4F-2EBA94A3CF10}" = ccc-utility
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"{434D0FA1-A4CC-401A-9E74-621000028101}" = F1 2011
"{434D0FA1-A4CC-401A-9E74-621000028102}" = F1 2011
"{44B660BB-EAC5-4D4F-9890-C607DD5F7630}" = Thrustmaster Calibration Tool
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46EE2498-853A-FF8C-12E9-06E0FE279536}" = AMD Catalyst Install Manager
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{655C5545-7974-443F-882F-D745607EBB08}" = Citrix Receiver(DV)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6C362EE4-011C-11D5-941B-0050DA2D7AE1}" = Microsoft Speech 5.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{707A7798-C195-4318-8AA7-9C2ECEE61F3B}" = MAGIX PC Check & Tuning 2012
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739A6D0C-CA8D-4955-8E3D-58D1847327AC}" = Online Plug-in
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = MAGIX Toolbar
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{991057FA-3CA7-42B0-94B6-5B1B2535FBD3}" = Citrix Receiver Inside
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B7F54-C6E2-4A74-9937-9C6EBA10C4A2}" = Victoria 2
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A113003E-8271-4485-ABC1-83FB96BFFF52}" = Citrix Receiver(USB)
"{A137D52E-FA96-4815-85F5-E7B8F66837DB}" = Race Driver 3
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1DB04E4-B1D8-41D8-BEE2-8BFEF0AEF083}" = MAGIX PC Live
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53E699B-AEAA-65FB-90ED-A45D1DC86D37}" = HydraVision
"{A59E259E-5F1A-4F8F-A3DA-356137BE37F6}" = AncestryView V2
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B136E4A4-7660-4F15-9752-EF8E6BA7866D}" = Family Tree Maker 2005
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BC728724-882E-4E2D-B3EE-E2C7332DC2F2}" = Citrix Receiver (HDX Flash Redirection)
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BED27751-CD2A-4C2F-9813-00B9B60C76FE}" = Railroad Tycoon II - Platinum
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA454E9-DA4C-3CE7-4BDC-522B6F0F057A}" = ATI AVIVO Codecs
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DCA75ECE-39A9-0648-CB77-F6D759364CF9}" = Application Profiles
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E825D490-927B-43E5-BD45-3ABF03D6347A}" = Saitek Smart Technology Drivers
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F605992E-FD5B-46D7-AFDA-FDB1AB00F829}" = Self-service Plug-in
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AGEod's American Civil War_is1" = AGEod's American Civil War
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Blitzkrieg Burning Horizon" = Blitzkrieg Burning Horizon
"BrothersInArms" = Brothers In Arms
"BT Desktop Help" = BT Desktop Help
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Civilization V" = Sid Meier's Civilization V
"CleanMem" = CleanMem
"D-Day" = D-Day
"EA Download Manager" = EA Download Manager
"GameCenter_is1" = GameCenter 1.3.0.6
"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"Google Desktop" = Google Desktop
"iLivid" = iLivid
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"MAGIX_MSI_PC_Check_Tuning_2012" = MAGIX PC Check & Tuning 2012
"MAGIX_MSI_PC_Live" = MAGIX PC Live
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Pro Cycling Manager 2010_is1" = Pro Cycling Manager - Season 2010 version 1.0.4.2
"PunkBusterSvc" = PunkBuster Services
"Rapport_msi" = Rapport
"RealPlayer 15.0" = RealPlayer
"RealPlayer 6.0" = RealPlayer 7 Basic
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"SpeechAPI" = Microsoft Speech API 3.0
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 71270" = Football Manager 2012
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 7" = TeamViewer 7
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"Wars in America_is1" = Wars in America 1.05
"WinLiveSuite" = Windows Live Essentials
"World War One_is1" = World War One v1.0.7i
"Yahoo! Applications" = BT Yahoo! Applications
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"613417244.skyplayer.sky.com" = Sky Player Desktop
"BitTorrent DNA" = DNA
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/11/2012 10:55:07 | Computer Name = Brian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/11/2012 10:55:17 | Computer Name = Brian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/11/2012 10:55:17 | Computer Name = Brian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/11/2012 11:24:26 | Computer Name = Brian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/11/2012 11:24:26 | Computer Name = Brian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/11/2012 11:24:37 | Computer Name = Brian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/11/2012 11:24:37 | Computer Name = Brian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/11/2012 12:03:34 | Computer Name = Brian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/11/2012 12:03:34 | Computer Name = Brian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/11/2012 12:03:38 | Computer Name = Brian-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/11/2012 12:03:38 | Computer Name = Brian-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 16/04/2008 15:08:47 | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 25/05/2008 14:45:55 | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 27/05/2008 14:59:19 | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 09/06/2009 11:06:12 | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 23/11/2012 10:41:52 | Computer Name = Brian-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 23/11/2012 10:42:04 | Computer Name = Brian-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 23/11/2012 10:42:10 | Computer Name = Brian-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 23/11/2012 10:42:16 | Computer Name = Brian-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 23/11/2012 10:49:37 | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 23/11/2012 10:51:49 | Computer Name = Brian-PC | Source = DCOM | ID = 10010
Description =

Error - 23/11/2012 11:19:15 | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 23/11/2012 11:21:09 | Computer Name = Brian-PC | Source = DCOM | ID = 10010
Description =

Error - 23/11/2012 11:57:57 | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 23/11/2012 12:00:35 | Computer Name = Brian-PC | Source = DCOM | ID = 10010
Description =


< End of report >
BrianE
Regular Member
 
Posts: 15
Joined: November 23rd, 2012, 5:07 pm

Re: Searchnu.com/421

Unread postby askey127 » November 27th, 2012, 3:09 pm

BrianE,
Stay away from P2P programs like Bittorrent or your computer will always be infected, and may become unusable.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

BitTorrent DNA
DNA
iLivid
Java(TM) 6 Update 29
MAGIX Screenshare
MAGIX PC Check & Tuning 2012
MAGIX Toolbar
MAGIX PC Live
McAfee Security Scan Plus
URL Assistant

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine

------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
Under Java Platform, Standard Edition, labeled Java SE 7 Update 9, click on the button labeled JRE Download. Do NOT choose the button labeled "JDK Download". If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform jre-7u9-windows-i586.exe for 32-bit, and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}" =-
    "{5647BFA0-F1C0-460C-9665-C72C6A4B973C}" =-
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Searchnu.com/421

Unread postby BrianE » November 27th, 2012, 4:06 pm

Hi askey127,

He is the latest OTL log:-


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D08623F-E693-4D4A-B5EC-970E2FEC2A07} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D08623F-E693-4D4A-B5EC-970E2FEC2A07}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5647BFA0-F1C0-460C-9665-C72C6A4B973C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5647BFA0-F1C0-460C-9665-C72C6A4B973C}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Brian\Desktop\cmd.bat deleted successfully.
C:\Users\Brian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brian
->Temp folder emptied: 4785727 bytes
->Temporary Internet Files folder emptied: 2194821 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5489328 bytes
->Flash cache emptied: 1318 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lorraine
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC.000
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC.001
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC.002
->Temp folder emptied: 0 bytes

User: TEMP.Brian-PC.003
->Temp folder emptied: 0 bytes

User: Teresa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC.000
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC.001
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC.002
->Temp folder emptied: 0 bytes

User: UpdatusUser.Brian-PC.003
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5134 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 31856137 bytes

Total Files Cleaned = 42.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11272012_195613

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
BrianE
Regular Member
 
Posts: 15
Joined: November 23rd, 2012, 5:07 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 106 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware