Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help removing http://www.searchqu.com//406Posted: Tue 06 Sep

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help removing http://www.searchqu.com//406Posted: Tue 06 Sep

Unread postby Laura_S » September 6th, 2011, 1:58 pm

Hi there,

I was trying to find some way to install Skypemate and ended up getting iLivid or something like that on my PC. It's so annoying - it installed it's own toolbar and every time I open a new tab in IE it comes up as the Search Engine.

So far I have removed iLivid and another program, Bandoo, via add or remove programs and tried restarting.

I have also gone into Program Files and tried to delete an iLivid toolbar folder - this was not 'allowed' but having said that I rebooted again and that file disappeared so now I can't tell you what the error message was.. The hxxp://www.searchqu.com//406 tab problem is still here however.

I am super worried that I am getting all kinds of viruses right now.. Sometimes IE just closes itself for no reason..

I have also done a Malwarebytes scan which picked up 6 infected files.

I read the post about DDS and I think I've done it ok (see below) except there was no option to open an 'Attach' file.. basically the little black screen thing ran, then a grey box boppoed up listing the two required files, I pressed 'OK' and then saved the .txt file blow to my desktop - there didn't seem to be another one...

I'd really appreciate your helkp to get this off my PC!!

Thank you.

Laura

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.0.0
Run by Administrator at 17:04:20 on 2011-09-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.129 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/
mStart Page = hxxp://eis.esnips.com/page/search/?clie ... fde8d1391d
uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\devices.exe" -agent
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{899AF54A-7B11-4FA9-A7E5-505CEF3151CD} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F73EE01E-DA1C-46DF-906C-808A28B4C4FF} : DhcpNameServer = 89.101.160.4 89.101.160.5
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-8-16 5264736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-5 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-5 136176]
S3 rt2870;TP-LINK Wireless USB Adapter;c:\windows\system32\drivers\rt2870.sys [2008-11-26 650624]
.
=============== Created Last 30 ================
.
2011-09-06 15:01:56 -------- d-----w- c:\windows\pss
2011-09-06 14:37:21 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-09-06 14:37:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-06 14:37:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-06 14:37:12 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-06 14:37:12 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-09-06 14:37:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-06 14:14:00 -------- d-----w- c:\windows\system32\KB905474
2011-09-06 13:57:19 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-09-06 11:41:38 -------- d-----w- c:\documents and settings\administrator\Tracing
2011-09-06 11:41:25 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Ilivid Player
2011-09-06 11:41:24 -------- d-----w- c:\documents and settings\administrator\application data\Bandoo
2011-09-06 11:41:24 -------- d-----w- c:\documents and settings\administrator\AppData
2011-09-06 11:41:23 -------- d-----w- c:\documents and settings\administrator\application data\searchquband
2011-09-06 11:39:40 -------- d-----w- c:\documents and settings\administrator\application data\searchqutoolbar
2011-09-06 11:39:37 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-09-06 11:39:26 -------- d-----w- c:\documents and settings\administrator\local settings\application data\PackageAware
2011-09-06 08:31:52 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP9Z.DLL
2011-09-06 08:31:52 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD9Z.DLL
2011-09-06 08:31:51 272384 ----a-w- c:\windows\system32\CNMLM9Z.DLL
2011-09-06 08:31:23 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-09-06 08:31:04 303104 ----a-w- c:\windows\system32\CNC550L.dll
2011-09-06 08:31:04 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-09-06 08:31:04 1310720 ----a-w- c:\windows\system32\CNC550C.dll
2011-09-06 08:31:04 110592 ----a-w- c:\windows\system32\CNC550I.dll
2011-09-06 08:31:04 106496 ----a-w- c:\windows\system32\CNC550U.dll
2011-09-06 07:44:25 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-09-06 07:44:25 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-09-06 07:43:58 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-09-06 07:43:58 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-09-06 07:43:45 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-06 07:43:43 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-09-06 07:43:41 766464 ------w- c:\windows\system32\dllcache\vgx.dll
2011-09-06 07:43:32 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-09-06 07:43:16 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-09-06 07:43:16 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-09-06 07:43:15 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-09-06 07:42:55 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-09-06 07:42:03 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-09-06 07:41:29 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-09-06 07:41:29 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-09-06 07:41:29 35328 ------w- c:\windows\system32\dllcache\sc.exe
2011-09-06 07:41:29 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2011-09-06 07:41:29 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-09-06 07:41:29 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-09-06 07:41:28 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-09-06 07:41:28 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-09-06 07:40:27 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2011-09-06 07:40:22 293376 ------w- c:\windows\system32\browserchoice.exe
2011-09-06 07:40:09 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-06 07:40:02 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-09-06 07:39:48 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-09-06 07:39:39 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-09-06 07:39:16 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2011-09-06 07:38:28 692736 ------w- c:\windows\system32\dllcache\inetcomm.dll
2011-09-06 07:38:14 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-09-06 07:37:13 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-09-06 07:37:12 2192768 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-09-06 07:37:12 2148864 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-09-06 07:37:11 2069376 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-09-06 07:37:11 2027008 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-09-06 07:36:21 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-09-06 07:35:59 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-06 07:33:48 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-09-06 07:33:44 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-09-06 07:33:44 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-09-05 22:24:14 -------- d-----w- c:\windows\system32\PreInstall
2011-09-05 22:24:11 -------- d--h--w- c:\windows\$hf_mig$
2011-09-05 18:52:20 -------- d-----w- c:\program files\Logia
2011-09-05 18:52:19 -------- d-----w- c:\documents and settings\administrator\application data\Logia
2011-09-05 18:45:46 -------- d-----w- c:\windows\system32\appmgmt
2011-09-05 18:37:24 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-09-05 18:37:23 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-09-05 18:28:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-09-05 18:25:14 -------- d-----w- c:\windows\SHELLNEW
2011-09-05 18:24:11 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Microsoft Help
2011-09-05 18:08:39 -------- d-----w- c:\documents and settings\administrator\application data\AVG2012
2011-09-05 17:37:29 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-09-05 17:34:54 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-05 17:34:54 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-05 17:34:20 -------- d-----w- c:\program files\AVG
2011-09-05 17:32:40 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-09-05 15:17:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-09-05 15:17:44 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-09-05 15:17:41 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-09-05 15:01:37 -------- d-----w- c:\documents and settings\administrator\application data\OpenOffice.org
2011-09-05 14:00:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-09-02 14:04:46 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-09-02 10:32:14 213544 ----a-w- c:\windows\system32\drivers\b57xp32.sys
2011-09-02 09:00:00 155648 ----a-w- c:\windows\system32\igfxres.dll
2011-09-02 08:48:08 -------- d-----w- c:\documents and settings\all users\application data\Innovative Solutions
2011-09-02 08:48:08 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Innovative Solutions
2011-09-02 08:48:04 -------- d-----w- c:\program files\Innovative Solutions
2011-09-02 08:40:28 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sun
.
==================== Find3M ====================
.
2011-09-01 13:12:13 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-01 13:12:13 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-01 13:11:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 04:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 04:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 04:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 04:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-11 00:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 00:14:30 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 00:14:28 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 00:14:28 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 00:14:26 134608 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 00:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 00:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 11:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 11:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:43:59 841216 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:43:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:43:58 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:43:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-06-21 12:09:26 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 17:04:39.21 ===============

Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/1/2011 7:26:06 AM
System Uptime: 9/6/2011 4:18:47 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0RF705
Processor: Intel(R) Pentium(R) D CPU 3.40GHz | Microprocessor | 3389/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 33.892 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 9/6/2011 2:37:52 PM - System Checkpoint
RP2: 9/6/2011 2:46:56 PM - Software Distribution Service 3.0
RP3: 9/6/2011 3:30:30 PM - Software Distribution Service 3.0
RP4: 9/6/2011 4:21:51 PM - Installed Windows XP WgaNotify.
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
Bonjour
Canon MP550 series MP Drivers
DriverMax 5
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 7
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Skype™ 5.5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows iLivid Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Vista Sounds Pack
.
==== Event Viewer Messages From Past Week ========
.
9/6/2011 3:34:26 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
9/2/2011 9:32:08 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/2/2011 9:31:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/1/2011 2:13:34 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
9/1/2011 2:13:34 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI18A.tmp. Reference error message: The operation completed successfully. .
9/1/2011 2:13:34 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
9/1/2011 2:13:33 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI187.tmp. Reference error message: The operation completed successfully. .
9/1/2011 2:12:39 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
9/1/2011 2:12:39 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll. Reference error message: The operation completed successfully. .
9/1/2011 2:12:39 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
.
==== End Of File ===========================
Last edited by Cypher on September 8th, 2011, 6:22 am, edited 1 time in total.
Reason: Disabled link
Laura_S
Active Member
 
Posts: 12
Joined: September 6th, 2011, 11:47 am
Advertisement
Register to Remove

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Cypher » September 8th, 2011, 10:54 am

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Cypher » September 8th, 2011, 11:03 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following.
Windows iLivid Toolbar

Next.
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
Next.

Download and run OTL
Please download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under Custom Scans/Fixes copy/paste the contents of the code box below.
    Code: Select all
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchqu;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|trolltech;true;true;true; /FP
    
    |Fun4IM /RS
    |Bandoo /RS
    |Searchqu /RS
    |iLivid /RS
    |whitesmoke /RS
    |datamngr /RS
    |trolltech /RS
    |kelkoopartners /RS
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply

  • MGADiag log.
  • OTL.txt and Extra.txt contents..
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Laura_S » September 8th, 2011, 1:50 pm

Hi Cypher, thank you so much for helping me out. I had removed Ilivid via 'add or remove programs' already so that bit was sorted (I checked).

I have the MGADiag.txt attached below, however, OTL keeps crashing once it's started scanning. I followed your instructions to the letter, but no matter how many times I start the OTL scan it freezes / crashes on the same item that it is scanning.. This is:

"Scanning HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices\AUX..."

An egg-timer appears over the OTL window as well. When I close to try it again, the little box come up to say 'This Program is not Responding'.

Do you know any way I can get around this or why it might be doing this? I tried restarting my computer and trying it again. Also no other programs running in the background..

Thank you, Laura

MGADiag.txt:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-FTFGJ-G3JJQ-VH9MT
Windows Product Key Hash: 762zUpbu6TdaQsrzFSOwS5jVqog=
Windows Product ID: 76487-OEM-2283553-20838
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {1CD1DCB5-086E-4978-8F5E-CFB16C906B1F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\syssetup.dll[5.1.2600.5512], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1CD1DCB5-086E-4978-8F5E-CFB16C906B1F}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VH9MT</PKey><PID>76487-OEM-2283553-20838</PID><PIDType>3</PIDType><SID>S-1-5-21-1085031214-1993962763-1417001333</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>OptiPlex 745 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>2.1.0 </Version><SMBIOSVersion major="2" minor="3"/><Date>20061204000000.000000+000</Date><SLPBIOS>TOSHIBA,TOSHIBA,TOSHIBA,TOSHIBA</SLPBIOS></BIOS><HWID>7F493DDF01846066</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>TOSHIBA CORPORATION</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65129</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1A71A:Dell Inc|1A71A:Microsoft Corporation
Marker string from OEMBIOS.DAT: TOSHIBA,TOSHIBA,TOSHIBA,TOSHIBA

OEM Activation 2.0 Data-->
N/A
Laura_S
Active Member
 
Posts: 12
Joined: September 6th, 2011, 11:47 am

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Cypher » September 8th, 2011, 1:58 pm

Hi Laura,
thank you so much for helping me out.

You're most welcome.
Sorry you had trouble running OTL, lets see if it will run in Safe mode, run OTL with the same instructions please.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Laura_S » September 8th, 2011, 4:16 pm

Yup, Safe Mode worked fabulously! - Tried pasting all three .txt files together but this was too big for the post. Please see OTL.txt and Extras.txt below in seperate posts.

Many Thanks,

Laura

OTL.txt:

OTL logfile created on: 08/09/2011 19:45:08 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1013.54 Mb Total Physical Memory | 827.30 Mb Available Physical Memory | 81.62% Memory free
2.39 Gb Paging File | 2.33 Gb Available in Paging File | 97.69% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 33.95 Gb Free Space | 45.57% Space Free | Partition Type: NTFS

Computer Name: LAURA | User Name: LAURA | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)


========== Driver Services (SafeList) ==========

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?clie ... fde8d1391d





IE - HKU\S-1-5-21-1085031214-1993962763-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKU\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011/09/05 18:34:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/05 18:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 09:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 19:43:40 | 000,000,000 | ---D | M]

[2011/09/08 09:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/09/06 14:45:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6pgutua7.default\extensions
[2011/09/08 09:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/01 14:12:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/09/05 18:37:00 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/09/06 15:02:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/03 07:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/01 14:12:13 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/03 00:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-1085031214-1993962763-1417001333-500..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-1085031214-1993962763-1417001333-500..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1993962763-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{899AF54A-7B11-4FA9-A7E5-505CEF3151CD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73EE01E-DA1C-46DF-906C-808A28B4C4FF}: DhcpNameServer = 89.101.160.4 89.101.160.5
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\datamngr.dll) - c:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\iebho.dll) - c:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/01 07:24:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 19:01:03 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/09/08 17:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2011/09/08 17:15:24 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\MGADiag.exe
[2011/09/08 09:34:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/09/06 16:57:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/09/06 16:57:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/09/06 16:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/09/06 16:01:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/06 15:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/09/06 15:37:15 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/06 15:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/06 15:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/06 15:37:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/06 15:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/06 15:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/09/06 15:10:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2011/09/06 15:03:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/06 12:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing
[2011/09/06 12:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player
[2011/09/06 12:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Bandoo
[2011/09/06 12:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\AppData
[2011/09/06 12:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\searchquband
[2011/09/06 12:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\searchqutoolbar
[2011/09/06 12:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2011/09/06 12:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware
[2011/09/06 09:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP550 series
[2011/09/06 09:32:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2011/09/06 09:32:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/09/06 09:31:51 | 000,272,384 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM9Z.DLL
[2011/09/06 09:31:04 | 001,310,720 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC550C.dll
[2011/09/06 09:31:04 | 000,303,104 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC550L.dll
[2011/09/06 09:31:04 | 000,110,592 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC550I.dll
[2011/09/06 09:31:04 | 000,106,496 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC550U.dll
[2011/09/06 09:31:04 | 000,015,872 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNHMCA.dll
[2011/09/06 08:44:25 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/09/06 08:43:58 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/09/06 08:43:58 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/09/06 08:43:45 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/09/06 08:43:43 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/09/06 08:43:41 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/09/06 08:43:32 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/09/06 08:43:16 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/09/06 08:43:16 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/09/06 08:43:15 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/09/06 08:42:55 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/09/06 08:40:27 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/09/06 08:40:22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2011/09/06 08:40:09 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/09/06 08:40:02 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/09/06 08:39:48 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/09/06 08:39:39 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/09/06 08:39:16 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2011/09/06 08:38:28 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/09/06 08:38:14 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/09/06 08:37:12 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/09/06 08:37:12 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/09/06 08:37:11 | 002,069,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/09/06 08:37:11 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/09/06 08:35:59 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/09/06 08:33:48 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/09/06 08:33:44 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2011/09/05 23:24:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/09/05 23:24:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/09/05 19:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My eSnips Downloads
[2011/09/05 19:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Logia
[2011/09/05 19:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Logia
[2011/09/05 19:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PUMPKIN PATCH
[2011/09/05 19:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/09/05 19:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/09/05 19:37:23 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2011/09/05 19:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/09/05 19:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/09/05 19:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/09/05 19:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/09/05 19:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2005
[2011/09/05 19:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/09/05 19:25:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/09/05 19:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2011/09/05 19:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/09/05 19:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/09/05 19:21:11 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/09/05 19:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG2012
[2011/09/05 18:37:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/05 18:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/05 18:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/05 18:34:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/09/05 18:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/09/05 18:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/05 18:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2011/09/05 18:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/09/05 18:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/09/05 16:17:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/09/05 16:17:44 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/09/05 16:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2011/09/05 15:50:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/03 11:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/02 15:04:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/09/02 12:44:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/09/02 12:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WEDDING
[2011/09/02 11:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2011/09/02 11:41:13 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2011/09/02 11:41:13 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2011/09/02 11:41:13 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2011/09/02 11:41:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2011/09/02 11:41:10 | 000,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll
[2011/09/02 11:41:10 | 000,392,960 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\drivers\senfilt.sys
[2011/09/02 11:41:10 | 000,065,536 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll
[2011/09/02 11:41:10 | 000,028,160 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\PostProc.dll
[2011/09/02 11:32:14 | 000,213,544 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2011/09/02 10:00:00 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/09/02 09:57:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\x64
[2011/09/02 09:57:31 | 003,276,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2011/09/02 09:57:31 | 002,383,872 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ig4icd32.dll
[2011/09/02 09:57:31 | 002,262,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll
[2011/09/02 09:57:31 | 001,442,848 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll
[2011/09/02 09:57:31 | 001,323,008 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ig4dev32.dll
[2011/09/02 09:57:31 | 000,450,560 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2011/09/02 09:57:31 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2011/09/02 09:57:31 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difx32.dll
[2011/09/02 09:57:31 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2011/09/02 09:57:31 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2011/09/02 09:57:31 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2011/09/02 09:57:31 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2011/09/02 09:57:31 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2011/09/02 09:57:31 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2011/09/02 09:57:31 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2011/09/02 09:57:31 | 000,146,432 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll
[2011/09/02 09:57:31 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2011/09/02 09:57:31 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2011/09/02 09:57:31 | 000,106,496 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2011/09/02 09:57:31 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2011/09/02 09:57:31 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2011/09/02 09:57:31 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2011/09/02 09:57:31 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2011/09/02 09:57:31 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2011/09/02 09:57:31 | 000,053,248 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll
[2011/09/02 09:57:31 | 000,044,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2011/09/02 09:57:31 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2011/09/02 09:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Drivers
[2011/09/02 09:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/09/02 09:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
[2011/09/02 09:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
[2011/09/02 09:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2011/09/02 09:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/09/02 09:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2011/09/02 09:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2011/09/01 14:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/09/01 14:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/09/01 14:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/09/01 14:20:17 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/09/01 14:20:17 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/09/01 14:20:17 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/09/01 14:20:17 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/09/01 14:20:17 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/09/01 14:20:17 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/09/01 14:20:16 | 000,000,000 | ---D | C] -- C:\a1ddb52464e5e5df230e
[2011/09/01 14:19:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/09/01 14:19:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/09/01 14:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/09/01 14:17:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2011/09/01 14:16:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/09/01 14:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/09/01 14:16:37 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/09/01 14:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/09/01 14:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/09/01 14:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/09/01 14:16:34 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2011/09/01 14:16:34 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2011/09/01 14:16:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2011/09/01 14:16:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2011/09/01 14:16:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2011/09/01 14:16:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2011/09/01 14:16:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2011/09/01 14:16:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2011/09/01 14:16:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2011/09/01 14:16:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2011/09/01 14:16:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2011/09/01 14:16:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2011/09/01 14:16:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2011/09/01 14:16:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2011/09/01 14:16:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2011/09/01 14:16:31 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2011/09/01 14:16:31 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2011/09/01 14:16:31 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2011/09/01 14:16:31 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2011/09/01 14:16:31 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2011/09/01 14:16:31 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2011/09/01 14:16:31 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2011/09/01 14:16:30 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2011/09/01 14:16:30 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2011/09/01 14:16:30 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2011/09/01 14:16:30 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2011/09/01 14:16:30 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2011/09/01 14:16:29 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2011/09/01 14:16:29 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2011/09/01 14:16:29 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2011/09/01 14:16:29 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2011/09/01 14:16:29 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2011/09/01 14:16:29 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2011/09/01 14:16:29 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2011/09/01 14:16:29 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2011/09/01 14:16:29 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2011/09/01 14:16:28 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2011/09/01 14:16:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2011/09/01 14:16:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2011/09/01 14:16:28 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2011/09/01 14:16:24 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2011/09/01 14:16:24 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2011/09/01 14:16:24 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2011/09/01 14:16:24 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/09/01 14:16:24 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2011/09/01 14:16:24 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2011/09/01 14:16:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/09/01 14:16:24 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2011/09/01 14:16:24 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2011/09/01 14:16:24 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2011/09/01 14:16:24 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2011/09/01 14:16:23 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2011/09/01 14:16:23 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2011/09/01 14:16:23 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2011/09/01 14:16:23 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2011/09/01 14:16:23 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2011/09/01 14:16:23 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2011/09/01 14:16:23 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2011/09/01 14:16:23 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2011/09/01 14:16:23 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2011/09/01 14:16:23 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2011/09/01 14:16:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2011/09/01 14:16:23 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2011/09/01 14:16:23 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2011/09/01 14:16:23 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2011/09/01 14:16:23 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2011/09/01 14:16:22 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2011/09/01 14:16:22 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2011/09/01 14:16:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2011/09/01 14:16:22 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2011/09/01 14:16:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2011/09/01 14:16:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/09/01 14:16:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/09/01 14:16:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/09/01 14:16:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/09/01 14:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/09/01 14:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/09/01 14:16:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/09/01 14:16:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/09/01 14:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2011/09/01 14:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2011/09/01 14:15:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/09/01 14:15:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/09/01 14:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/09/01 14:15:51 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/09/01 14:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/09/01 14:15:40 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/09/01 14:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/01 14:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/01 14:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/01 14:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/01 14:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/01 14:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/09/01 14:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2011/09/01 14:14:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/09/01 14:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2011/09/01 14:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/01 14:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/09/01 14:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/09/01 14:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/09/01 14:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/09/01 14:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/09/01 14:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/09/01 14:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/09/01 14:13:07 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/09/01 14:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/09/01 14:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/09/01 14:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2011/09/01 14:12:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/09/01 14:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/09/01 14:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/01 14:12:19 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/09/01 14:12:19 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/09/01 14:12:19 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/09/01 14:12:19 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/09/01 14:12:19 | 000,128,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/09/01 14:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/09/01 14:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/09/01 14:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/09/01 14:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/09/01 14:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/09/01 14:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/09/01 14:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2011/09/01 14:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/09/01 14:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/09/01 14:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/09/01 14:11:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/01 14:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/09/01 14:10:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/09/01 14:10:59 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\NLDRV
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/09/01 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/09/01 14:10:58 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/09/01 14:10:58 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/09/01 14:10:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/09/01 14:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/09/01 14:10:15 | 000,254,152 | ---- | C] (Secure By Design Inc.) -- C:\Documents and Settings\Administrator\Desktop\Ninite Air Chrome Flash Flash IE IrfanView Java Installer.exe
[2011/09/01 14:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Talkback
[2011/09/01 08:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/09/01 08:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/09/01 07:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2011/09/01 07:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/09/01 07:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/09/01 07:28:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/09/01 07:28:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/09/01 07:28:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/09/01 07:28:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/09/01 07:28:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/09/01 07:28:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/09/01 07:28:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/09/01 07:28:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/09/01 07:28:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/09/01 07:28:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/09/01 07:28:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/09/01 07:28:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/09/01 07:28:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/09/01 07:28:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/09/01 07:28:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/09/01 07:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/09/01 07:28:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/09/01 07:27:57 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/09/01 07:27:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/09/01 07:27:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/09/01 07:27:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/09/01 07:26:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/09/01 07:26:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/09/01 07:25:52 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/09/01 07:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/09/01 07:25:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/09/01 07:25:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/09/01 07:25:10 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/09/01 07:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/09/01 07:24:06 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2011/09/01 07:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache
[2011/09/01 07:23:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/09/01 07:23:10 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/09/01 07:22:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/09/01 07:22:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2011/09/01 07:22:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2011/09/01 07:22:39 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2011/09/01 07:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/09/01 07:22:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2011/09/01 07:22:37 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/09/01 07:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/09/01 07:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/09/01 07:22:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/09/01 07:22:30 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2011/09/01 07:22:30 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2011/09/01 07:22:30 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2011/09/01 07:22:30 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2011/09/01 07:22:30 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2011/09/01 07:22:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2011/09/01 07:22:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2011/09/01 07:22:29 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/09/01 07:22:29 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2011/09/01 07:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/09/01 07:22:13 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2011/09/01 07:22:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2011/09/01 07:22:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2011/09/01 07:22:13 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2011/09/01 07:22:10 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2011/09/01 07:22:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2011/09/01 07:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/09/01 07:22:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2011/09/01 07:22:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2011/09/01 07:22:09 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2011/09/01 07:22:09 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2011/09/01 07:22:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2011/09/01 07:22:07 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2011/09/01 07:22:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2011/09/01 07:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/09/01 07:22:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2011/09/01 07:22:04 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2011/09/01 07:22:04 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2011/09/01 07:22:04 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2011/09/01 07:22:04 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2011/09/01 07:22:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2011/09/01 07:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/09/01 07:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/09/01 07:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/09/01 07:21:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/09/01 07:21:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/09/01 07:21:33 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/09/01 07:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/09/01 07:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/09/01 07:21:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/09/01 07:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/09/01 07:21:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/09/01 07:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/09/01 07:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/09/01 07:21:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2011/09/01 07:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/09/01 07:20:52 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2011/09/01 07:20:52 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011/09/01 07:20:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2011/09/01 07:20:52 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2011/09/01 07:20:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2011/09/01 07:20:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2011/09/01 07:20:46 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2011/09/01 07:20:46 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011/09/01 07:20:46 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011/09/01 07:20:46 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2011/09/01 07:20:46 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2011/09/01 07:20:45 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2011/09/01 07:20:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2011/09/01 07:20:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2011/09/01 07:20:45 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2011/09/01 07:20:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2011/09/01 07:20:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2011/09/01 07:20:45 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2011/09/01 07:20:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2011/09/01 07:20:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2011/09/01 07:20:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2011/09/01 07:20:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2011/09/01 07:20:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2011/09/01 07:20:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2011/09/01 07:20:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2011/09/01 07:20:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2011/09/01 07:20:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2011/09/01 07:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/09/01 07:20:32 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2011/09/01 07:20:32 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2011/09/01 07:20:32 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2011/09/01 07:20:32 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2011/09/01 07:20:32 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2011/09/01 07:20:31 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2011/09/01 07:20:31 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011/09/01 07:20:31 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2011/09/01 07:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/09/01 07:20:30 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/09/01 07:20:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/09/01 07:20:30 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2011/09/01 07:20:30 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/09/01 07:20:29 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2011/09/01 07:20:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2011/09/01 07:20:29 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2011/09/01 07:20:28 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2011/09/01 07:20:28 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2011/09/01 07:20:28 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2011/09/01 07:20:28 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2011/09/01 07:20:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011/09/01 07:20:28 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2011/09/01 07:20:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2011/09/01 07:20:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2011/09/01 07:20:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/09/01 07:20:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2011/09/01 07:20:27 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2011/09/01 07:20:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2011/09/01 07:20:27 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2011/09/01 07:20:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2011/09/01 07:20:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2011/09/01 07:20:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2011/09/01 07:20:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/09/01 07:20:26 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2011/09/01 07:20:26 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2011/09/01 07:20:26 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2011/09/01 07:20:26 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2011/09/01 07:20:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2011/09/01 07:20:26 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2011/09/01 07:20:21 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2011/09/01 07:20:21 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2011/09/01 07:20:21 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2011/09/01 07:20:21 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2011/09/01 07:20:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/09/01 07:19:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/08 19:32:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/08 19:32:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/08 19:01:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/09/08 18:18:49 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 18:15:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/08 18:12:53 | 103,144,035 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/08 17:15:33 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\MGADiag.exe
[2011/09/08 09:30:46 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/08 09:30:46 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/07 19:37:37 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/07 19:37:37 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/06 21:47:33 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/06 16:57:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/09/06 16:02:50 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/09/06 15:37:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/06 15:27:49 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/05 18:57:29 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/05 18:37:00 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/05 17:52:49 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Internet Explorer.lnk
[2011/09/03 11:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/02 15:04:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/09/02 15:04:17 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/09/02 09:48:06 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/09/02 09:40:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/01 14:15:53 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/01 14:15:12 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/09/01 14:14:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/01 14:13:49 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2011/09/01 14:13:07 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/09/01 14:12:40 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk
[2011/09/01 14:12:13 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/09/01 14:12:13 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/09/01 14:12:13 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/09/01 14:12:13 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/09/01 14:12:13 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/09/01 14:11:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/01 14:10:13 | 000,254,152 | ---- | M] (Secure By Design Inc.) -- C:\Documents and Settings\Administrator\Desktop\Ninite Air Chrome Flash Flash IE IrfanView Java Installer.exe
[2011/09/01 08:11:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/09/01 07:28:19 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/01 07:28:18 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/09/01 07:26:51 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/09/01 07:26:17 | 000,001,112 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/09/01 07:25:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/01 07:25:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/01 07:25:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/09/01 07:24:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/01 07:24:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/09/01 07:24:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/09/01 07:24:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/09/01 07:24:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/09/01 07:24:16 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/09/01 07:24:06 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/01 07:21:29 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/08 18:12:53 | 103,144,035 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/08 09:30:46 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/08 09:30:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/08 09:30:46 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/06 15:37:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/06 09:31:04 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\CNC173DD.TBL
[2011/09/05 18:37:00 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/05 18:10:47 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/05 18:10:46 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/05 17:52:49 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Internet Explorer.lnk
[2011/09/02 15:04:23 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/09/02 12:43:48 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 09:57:31 | 000,655,842 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2011/09/02 09:57:31 | 000,447,120 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2011/09/02 09:57:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2011/09/02 09:57:31 | 000,023,632 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2011/09/02 09:57:31 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2011/09/02 09:57:31 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2011/09/02 09:48:06 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/09/02 09:35:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/01 14:16:45 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/09/01 14:16:43 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/01 14:16:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/01 14:16:22 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/09/01 14:15:53 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/01 14:15:40 | 000,298,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/01 14:15:12 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/09/01 14:15:00 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2011/09/01 14:14:57 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/09/01 14:14:40 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/01 14:14:38 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/09/01 14:13:50 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2011/09/01 14:13:07 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/09/01 14:12:40 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk
[2011/09/01 08:11:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/09/01 07:28:19 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/01 07:28:19 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/09/01 07:28:18 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/09/01 07:28:14 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/09/01 07:28:03 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/09/01 07:28:03 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/09/01 07:26:51 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/09/01 07:26:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/01 07:25:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/09/01 07:24:20 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/01 07:24:20 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/09/01 07:24:20 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/09/01 07:24:20 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/09/01 07:24:20 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/09/01 07:24:16 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/01 07:24:16 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/01 07:24:14 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/09/01 07:23:09 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/09/01 07:22:45 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/09/01 07:22:45 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/09/01 07:21:34 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/09/01 07:21:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/01 07:21:09 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/09/01 07:20:48 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/09/01 07:20:48 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/09/01 07:20:48 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/09/01 07:20:47 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/09/01 07:20:47 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/09/01 07:20:47 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/09/01 07:20:47 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/09/01 07:20:47 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/09/01 07:20:47 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/09/01 07:20:47 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/09/01 07:20:47 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/09/01 07:20:45 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/09/01 07:20:45 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/09/01 07:20:44 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/09/01 07:20:40 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008/11/26 09:24:13 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2008/05/26 10:51:59 | 000,000,234 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/30 15:07:10 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/30 15:07:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 12:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 12:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >
[2011/09/06 12:41:24 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Administrator\Application Data\Bandoo
[2011/08/09 19:31:35 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Administrator\Local Settings\Temp\nsr6C\nsh6D.tmp\Bin\resources\tutorial\images\Bandoo

< c:|Searchqu;true;true;true; /FP >
[2011/09/06 12:41:23 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Administrator\Application Data\searchquband
[2011/09/06 12:45:35 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Administrator\Application Data\searchqutoolbar
[2011/09/06 12:46:18 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Administrator\Application Data\searchqutoolbar\coupons
[2011/09/06 12:45:33 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Administrator\Application Data\searchqutoolbar\weather

< c:|iLivid;true;true;true;true; /FP >
[2011/09/06 12:41:28 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player
[2011/09/06 12:39:50 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar
[2011/09/06 12:39:48 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar\Datamngr

< c:|whitesmoke;true;true;true; /FP >

< c:|datamgr;true;true;true; /FP >
[2011/09/05 19:34:40 | 000,000,000 | ---D | M] -- c:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr

< c:|trolltech;true;true;true; /FP >

< >

< >

< |Fun4IM /RS >

< IBandoo /RS >
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\\: IBandooCore
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\\: _IBandooCoreEvents

< ISearchqu /RS >

< |iLivid /RS >
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32\\: C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll [2011/05/31 13:29:58 | 000,088,976 | ---- | M] ()
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\InprocServer32\\: C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL [2011/08/09 19:06:15 | 000,101,272 | ---- | M] (Bandoo Media, inc)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32\\: C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll [2011/08/09 19:06:11 | 001,234,328 | ---- | M] (Bandoo Media, inc)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32\\: C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll [2011/08/09 19:06:11 | 001,234,328 | ---- | M] (Bandoo Media, inc)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\InprocServer32\\: C:\PROGRA~1\WI371A~1\Datamngr\DnsBHO.dll [2011/08/09 19:06:18 | 000,263,064 | ---- | M] (Bandoo Media, inc)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\0\win32\\: C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL [2011/08/09 19:06:15 | 000,101,272 | ---- | M] (Bandoo Media, inc)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\HELPDIR\\: C:\PROGRA~1\WI371A~1\Datamngr [2011/09/06 12:39:48 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\0\win32\\: C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll [2011/08/09 19:06:11 | 001,234,328 | ---- | M] (Bandoo Media, inc)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\HELPDIR\\: C:\PROGRA~1\WI371A~1\Datamngr [2011/09/06 12:39:48 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\0\win32\\: C:\PROGRA~1\WI371A~1\Datamngr\DnsBHO.dll [2011/08/09 19:06:18 | 000,263,064 | ---- | M] (Bandoo Media, inc)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\HELPDIR\\: C:\PROGRA~1\WI371A~1\Datamngr [2011/09/06 12:39:48 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\\AppPath: C:\PROGRA~1\WI371A~1\Datamngr\ToolBar [2011/09/06 12:39:42 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0A4BE92-2216-42DB-AB35-D72EFB9F0176}\\AppPath: C:\PROGRA~1\WI371A~1\Datamngr\ToolBar [2011/09/06 12:39:42 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR\\command: C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE [2011/08/09 19:06:05 | 001,599,376 | ---- | M] (Bandoo Media, inc)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\\DisplayName: Windows iLivid Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\\UninstallString: C:\Program Files\Windows iLivid Toolbar\uninstall.exe [2011/09/06 12:39:50 | 000,054,269 | ---- | M] ()
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\\DisplayIcon: C:\Program Files\Windows iLivid Toolbar\uninstall.exe [2011/09/06 12:39:50 | 000,054,269 | ---- | M] ()
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\\Path: C:\Program Files\Windows iLivid Toolbar [2011/09/06 12:39:50 | 000,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll [2011/08/09 19:06:08 | 001,236,368 | ---- | M] (Bandoo Media, inc)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe: C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker [2011/05/31 13:29:58 | 000,094,168 | ---- | M] (Visicom Media Inc.)

< |whitesmoke /RS >

< |datamgr /RS >
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25377C20-D19C-11D2-B483-00600832C573}\InprocServer32\\: C:\PROGRA~1\COMMON~1\MICROS~1\MSCLIE~1\MSCDM.DLL [2006/10/26 13:58:42 | 000,290,576 | ---- | M] ()
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F6C4076-12F5-11D3-8CEE-005004838434}\InprocServer32\\: C:\PROGRA~1\COMMON~1\MICROS~1\MSCLIE~1\MSCDM.DLL [2006/10/26 13:58:42 | 000,290,576 | ---- | M] ()
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D33A1BCE-649E-11D3-8CF2-005004641AC4}\InprocServer32\\: C:\PROGRA~1\COMMON~1\MICROS~1\MSCLIE~1\MSCDM.DLL [2006/10/26 13:58:42 | 000,290,576 | ---- | M] ()
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A17C8E1CE271A04EAEC5A2C5C8D134A\\00002109030000000000000000F01FEC: C?\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\\C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL: 1

< |trolltech /RS >

< |kelkoopartners /RS >

< End of report >
Laura_S
Active Member
 
Posts: 12
Joined: September 6th, 2011, 11:47 am

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Laura_S » September 8th, 2011, 4:19 pm

Extras.txt:

OTL Extras logfile created on: 08/09/2011 19:45:08 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1013.54 Mb Total Physical Memory | 827.30 Mb Available Physical Memory | 81.62% Memory free
2.39 Gb Paging File | 2.33 Gb Available in Paging File | 97.69% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 33.95 Gb Free Space | 45.57% Space Free | Partition Type: NTFS

Computer Name: LAURA | User Name: LAURA | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A819907C-5912-4471-91D7-D94885A2C40B}" = AVG 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCF98260-1FE9-4CEC-ACE7-88EE3158F23C}" = AVG 2012
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{E1230694-33DA-4E74-82E1-06CC9D545E9B}" = Windows Vista Sounds Pack
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG" = AVG 2012
"DMX5_is1" = DriverMax 5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/09/2011 11:42:21 | Computer Name = MATRIXBK-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.21302, faulting
module , version 5.1.2600.6058, fault address 0x00004942.

Error - 08/09/2011 12:56:10 | Computer Name = LAURA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.27.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 08/09/2011 13:17:20 | Computer Name = LAURA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.27.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 08/09/2011 14:00:04 | Computer Name = LAURA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.27.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 08/09/2011 14:12:52 | Computer Name = LAURA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.27.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 05/09/2011 14:18:07 | Computer Name = MATRIXBK-PC | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 05/09/2011 14:18:08 | Computer Name = MATRIXBK-PC | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 05/09/2011 14:18:09 | Computer Name = MATRIXBK-PC | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 05/09/2011 14:18:10 | Computer Name = MATRIXBK-PC | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 05/09/2011 14:18:12 | Computer Name = MATRIXBK-PC | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 05/09/2011 14:18:13 | Computer Name = MATRIXBK-PC | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 05/09/2011 14:18:14 | Computer Name = MATRIXBK-PC | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 06/09/2011 10:34:26 | Computer Name = MATRIXBK-PC | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 07/09/2011 17:43:18 | Computer Name = MATRIXBK-PC | Source = Print | ID = 6161
Description = The document Microsoft Word - Insert 140x135 _L_ RSVP.doc owned by
Administrator failed to print on printer Canon MP550 series Printer. Data type:
NT EMF 1.008. Size of the spool file in bytes: 214116. Number of bytes printed:
97436. Total number of pages in the document: 6. Number of pages printed: 0. Client
machine: \\MATRIXBK-PC. Win32 error code returned by the print processor: 13 (0xd).


Error - 08/09/2011 04:02:51 | Computer Name = MATRIXBK-PC | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.


< End of report >
Laura_S
Active Member
 
Posts: 12
Joined: September 6th, 2011, 11:47 am

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Cypher » September 9th, 2011, 7:25 am

Hi Laura.
Good work well done, i will get back to you soon with your next set of instructions.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Cypher » September 9th, 2011, 10:10 am

Hi Laura.
Continue with the instructions below then post the requested logs.

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    
    :files
    c:\Documents and Settings\Administrator\Application Data\Bandoo
    c:\Documents and Settings\Administrator\Local Settings\Temp\nsr6C\nsh6D.tmp\Bin\resources\tutorial\images\Bandoo
    c:\Documents and Settings\Administrator\Application Data\searchquband
    c:\Documents and Settings\Administrator\Application Data\searchqutoolbar
    c:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player
    c:\Program Files\Windows iLivid Toolbar
    c:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr
    ipconfig /flushdns /c
    
    :commands
    [emptyflash]
    [emptytemp]
    [clearallrestorepoints]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please download SystemLook from one of the links below, and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
This scan can take some time to run so please be patient.


Logs/Information to Post in your Next Reply

  • OTL log.
  • SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Laura_S » September 9th, 2011, 11:49 am

Hi Cypher, here are my logs:

OTL log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
c:\Documents and Settings\Administrator\Application Data\Bandoo folder moved successfully.
c:\Documents and Settings\Administrator\Local Settings\Temp\nsr6C\nsh6D.tmp\Bin\resources\tutorial\images\Bandoo folder moved successfully.
c:\Documents and Settings\Administrator\Application Data\searchquband folder moved successfully.
c:\Documents and Settings\Administrator\Application Data\searchqutoolbar\weather folder moved successfully.
c:\Documents and Settings\Administrator\Application Data\searchqutoolbar\coupons folder moved successfully.
c:\Documents and Settings\Administrator\Application Data\searchqutoolbar folder moved successfully.
c:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\components folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar folder moved successfully.
c:\Program Files\Windows iLivid Toolbar\Datamngr folder moved successfully.
c:\Program Files\Windows iLivid Toolbar folder moved successfully.
c:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 79890 bytes

User: All Users

User: Default User
->Flash cache emptied: 56468 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 241863252 bytes
->Temporary Internet Files folder emptied: 54926942 bytes
->FireFox cache emptied: 32055292 bytes
->Google Chrome cache emptied: 6643752 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 194786 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 90671084 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 598550 bytes

Total Files Cleaned = 410.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.27.0 log created on 09092011_163312

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF26E.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF282.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y6FK1RZC\ai[2].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y6FK1RZC\ai[3].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y6FK1RZC\ai[4].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y6FK1RZC\ai[5].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y6FK1RZC\facebook_com[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VX5Z0XKR\ai[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VX5Z0XKR\ai[2].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VX5Z0XKR\ai[3].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VX5Z0XKR\ai[4].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RQVEC71G\ai[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RQVEC71G\ai[2].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RQVEC71G\ai[3].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RQVEC71G\history_manager[5].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L6H05KKI\ai[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L6H05KKI\ai[2].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L6H05KKI\ai[3].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L6H05KKI\ai[6].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L6H05KKI\search[3].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EM9LR8KB\ai[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EM9LR8KB\ai[2].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EM9LR8KB\ai[3].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EM9LR8KB\generic[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BBW5ZZ00\messaging_upload[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8W9CJDJ1\ai[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8W9CJDJ1\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8GJOBG48\11[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8GJOBG48\ai[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8GJOBG48\ai[2].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8GJOBG48\ai[4].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8GJOBG48\map2_iframe[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:42 on 09/09/2011 by LAURA
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Documents and Settings\Administrator\Cookies\administrator@minicatalog.bandoo[1].txt --a---- 370 bytes [13:36 06/09/2011] [13:36 06/09/2011] C88499F10628AEB92F0A7F9B9EFE66A3
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg --a---- 65 bytes [11:41 06/09/2011] [11:41 06/09/2011] F8B61E7F3E53232D837FA7744B2EBFA5
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 24210 bytes [12:30 31/05/2011] [12:30 31/05/2011] E2B3734A723FB575F4168B48552793BE
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 30447 bytes [12:30 31/05/2011] [12:30 31/05/2011] 06ED4E13216E83D78D1659907C48C7D2
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [12:30 31/05/2011] [12:30 31/05/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [12:29 31/05/2011] [12:29 31/05/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [12:29 31/05/2011] [12:29 31/05/2011] AD14E447F7CED4CA987B91B379EAF952

Searching for "*iLivid*"
C:\Documents and Settings\Administrator\Cookies\administrator@ilivid[2].txt --a---- 391 bytes [11:39 06/09/2011] [11:39 06/09/2011] A473721818811BFD3E3BED801DF61492
C:\Documents and Settings\Administrator\Cookies\administrator@stats.ilivid[1].txt --a---- 92 bytes [11:39 06/09/2011] [11:39 06/09/2011] D9AA771A5FBB6EAA575E1285213A9EEF

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [11:39 06/09/2011] [18:06 09/08/2011] 6A25D001E2CD4EBCEB1C8F07D4C06BCF
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1599376 bytes [11:39 06/09/2011] [18:06 09/08/2011] F90D5FFA020B693CB5A7115A5E07AA3F

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\09092011_163312\c_Documents and Settings\Administrator\Application Data\Bandoo d------ [11:41 06/09/2011]
C:\_OTL\MovedFiles\09092011_163312\c_Documents and Settings\Administrator\Local Settings\Temp\nsr6C\nsh6D.tmp\Bin\resources\tutorial\images\Bandoo d------ [11:40 06/09/2011]

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\09092011_163312\c_Documents and Settings\Administrator\Application Data\searchquband d------ [11:41 06/09/2011]
C:\_OTL\MovedFiles\09092011_163312\c_Documents and Settings\Administrator\Application Data\searchqutoolbar d------ [15:33 09/09/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\09092011_163312\c_Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player d------ [11:41 06/09/2011]
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar d------ [15:33 09/09/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Documents and Settings\Administrator\AppData\LocalLow\DataMngr d------ [11:41 06/09/2011]
C:\Program Files\WI371A~1\DATAMNGR d------ [15:35 09/09/2011]
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [15:33 09/09/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
@="BandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
@="BandooCore Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\CurVer]
@="BandooCore.BandooCore.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
@="BandooCore Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\CurVer]
@="BandooCore.ResourcesMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\CurVer]
@="BandooCore.SettingsMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\CurVer]
@="BandooCore.StatisticMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\LocalServer32]
@=""C:\Program Files\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ProgID]
@="BandooCore.ResourcesMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\VersionIndependentProgID]
@="BandooCore.ResourcesMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\LocalServer32]
@=""C:\Program Files\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ProgID]
@="BandooCore.SettingsMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\VersionIndependentProgID]
@="BandooCore.SettingsMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
@="BandooCore Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\LocalServer32]
@=""C:\Program Files\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ProgID]
@="BandooCore.BandooCore.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\VersionIndependentProgID]
@="BandooCore.BandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\LocalServer32]
@=""C:\Program Files\Bandoo\BndCore.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ProgID]
@="BandooCore.StatisticMngr.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\VersionIndependentProgID]
@="BandooCore.StatisticMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
@="IBandooCore"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
@="_IBandooCoreEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0]
@="BandooCore 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\0\win32]
@="C:\Program Files\Bandoo\BndCore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\HELPDIR]
@="C:\Program Files\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
"AppPath"="C:\Program Files\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
"AppPath"="C:\Program Files\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
"AppName"="Bandoo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
"AppPath"="C:\Program Files\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
"AppName"="BandooUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
"AppPath"="C:\Program Files\Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
"Contact"="Bandoo Media, Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
"Publisher"="Bandoo Media, Inc"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo]

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=176&systemid=406&v="
[HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=176&systemid=406&v="
[HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=176&systemid=406&sr=0&q="
[HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
"NewTabUrl"="http://www.searchqu.com//406"
[HKEY_CURRENT_USER\Software\DataMngr\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=176&systemid=406&sr=0&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=176&systemid=406&qu={searchTerms}&ft=json"
[HKEY_CURRENT_USER\Software\searchqutoolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
@="SearchQUIEHelper.UrlHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer]
@="SearchQUIEHelper.UrlHelper.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0]
@="SearchQUIEBHO 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=176&systemid=406&v="
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=176&systemid=406&v="
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=176&systemid=406&sr=0&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\IEBHO]
"NewTabUrl"="http://www.searchqu.com//406"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=176&systemid=406&sr=0&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=176&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=176&systemid=406&v="
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=176&systemid=406&v="
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=176&systemid=406&sr=0&q="
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr\IEBHO]
"NewTabUrl"="http://www.searchqu.com//406"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=176&systemid=406&sr=0&q={searchTerms}"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=176&systemid=406&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\searchqutoolbar]

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\DataMngr]
"DLLPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_CURRENT_USER\Software\DataMngr]
"Folder"="C:\Program Files\Windows iLivid Toolbar"
[HKEY_CURRENT_USER\Software\DataMngr]
"Path"="C:\Program Files\Windows iLivid Toolbar\Datamngr"
[HKEY_CURRENT_USER\Software\DataMngr]
"UIPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
"DLLPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
"Folder"="C:\Program Files\Windows iLivid Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
"Path"="C:\Program Files\Windows iLivid Toolbar\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
"UIPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
"DisplayName"="Windows iLivid Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
"UninstallString"="C:\Program Files\Windows iLivid Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
"DisplayIcon"="C:\Program Files\Windows iLivid Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
"Path"="C:\Program Files\Windows iLivid Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
"Folder"="C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr]
"DLLPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr]
"Folder"="C:\Program Files\Windows iLivid Toolbar"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr]
"Path"="C:\Program Files\Windows iLivid Toolbar\Datamngr"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr]
"UIPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr]
[HKEY_CURRENT_USER\Software\DataMngr]
"DLLPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_CURRENT_USER\Software\DataMngr]
"Path"="C:\Program Files\Windows iLivid Toolbar\Datamngr"
[HKEY_CURRENT_USER\Software\DataMngr]
"ShortDllPath"="C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll"
[HKEY_CURRENT_USER\Software\DataMngr]
"UIPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32]
@="C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32]
@="C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\InprocServer32]
@="C:\PROGRA~1\WI371A~1\Datamngr\DnsBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\0\win32]
@="C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\HELPDIR]
@="C:\PROGRA~1\WI371A~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\0\win32]
@="C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\HELPDIR]
@="C:\PROGRA~1\WI371A~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\0\win32]
@="C:\PROGRA~1\WI371A~1\Datamngr\DnsBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\HELPDIR]
@="C:\PROGRA~1\WI371A~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
"DLLPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
"Path"="C:\Program Files\Windows iLivid Toolbar\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
"ShortDllPath"="C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
"UIPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
"AppPath"="C:\PROGRA~1\WI371A~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0A4BE92-2216-42DB-AB35-D72EFB9F0176}]
"AppPath"="C:\PROGRA~1\WI371A~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR]
"command"="C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
"Folder"="C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"="C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr]
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr]
"DLLPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr]
"Path"="C:\Program Files\Windows iLivid Toolbar\Datamngr"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr]
"ShortDllPath"="C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll"
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr]
"UIPath"="C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
Laura_S
Active Member
 
Posts: 12
Joined: September 6th, 2011, 11:47 am

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Laura_S » September 9th, 2011, 11:51 am

Thought I might also add that now when I open a new tab in IE the searchqu search engine is gone! This is fantastic!
Laura_S
Active Member
 
Posts: 12
Joined: September 6th, 2011, 11:47 am

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Cypher » September 10th, 2011, 11:03 am

Hi Laura,
Sorry of the delay in getting back to you.
Continue with the instructions below please and post the requested logs.

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [-HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo]
    [HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
    "DNSUrl"=-
    [HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
    "404Url"=-
    [HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
    "SearchUrl"=-
    [HKEY_CURRENT_USER\Software\DataMngr\IEBHO]
    "NewTabUrl"=-
    [HKEY_CURRENT_USER\Software\DataMngr\IEBHO\RelatedSearch]
    "url"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "URL"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "SuggestionsURL_JSON"=-
    [-HKEY_CURRENT_USER\Software\searchqutoolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\IEBHO]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "URL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "SuggestionsURL_JSON"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
    [-HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr\IEBHO]
    [HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "URL"=-
    [HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    "SuggestionsURL_JSON"=-
    [-HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\searchqutoolbar]
    [-HKEY_CURRENT_USER\Software\DataMngr]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    [-HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr]
    [-HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
    [-HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
    [-HKEY_CURRENT_USER\Software\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\0\win32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\HELPDIR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0A4BE92-2216-42DB-AB35-D72EFB9F0176}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    [-HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    
    :Files
    C:\Documents and Settings\Administrator\Cookies\administrator@minicatalog.bandoo[1].txt
    C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg
    C:\Documents and Settings\Administrator\Cookies\administrator@ilivid[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@stats.ilivid[1].txt
    C:\Documents and Settings\Administrator\AppData\LocalLow\DataMngr
    C:\Program Files\WI371A~1\DATAMNGR
    ipconfig /flushdns /c
    
    :commands
    [emptyflash]
    [emptytemp]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
This scan can take some time to run so please be patient.


Logs/Information to Post in your Next Reply

  • OTL log.
  • SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Laura_S » September 10th, 2011, 1:09 pm

Hi Cypher - no problem at all! Please find these logs below:

OTL

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bandoo\ not found.
Registry value HKEY_CURRENT_USER\Software\DataMngr\IEBHO\\DNSUrl deleted successfully.
Registry value HKEY_CURRENT_USER\Software\DataMngr\IEBHO\\404Url deleted successfully.
Registry value HKEY_CURRENT_USER\Software\DataMngr\IEBHO\\SearchUrl deleted successfully.
Registry value HKEY_CURRENT_USER\Software\DataMngr\IEBHO\\NewTabUrl deleted successfully.
Registry value HKEY_CURRENT_USER\Software\DataMngr\IEBHO\RelatedSearch\\url deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\\URL deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\\SuggestionsURL_JSON deleted successfully.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\IEBHO\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\\URL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\\SuggestionsURL_JSON deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr\IEBHO\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\\URL not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\\SuggestionsURL_JSON not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\InprocServer32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\0\win32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\HELPDIR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\0\win32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\HELPDIR\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\0\win32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\HELPDIR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0A4BE92-2216-42DB-AB35-D72EFB9F0176}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0A4BE92-2216-42DB-AB35-D72EFB9F0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-1993962763-1417001333-500\Software\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
========== FILES ==========
C:\Documents and Settings\Administrator\Cookies\administrator@minicatalog.bandoo[1].txt moved successfully.
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg moved successfully.
C:\Documents and Settings\Administrator\Cookies\administrator@ilivid[2].txt moved successfully.
C:\Documents and Settings\Administrator\Cookies\administrator@stats.ilivid[1].txt moved successfully.
C:\Documents and Settings\Administrator\AppData\LocalLow\DataMngr folder moved successfully.
C:\Program Files\WI371A~1\DATAMNGR folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 21353 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 88070 bytes
->Temporary Internet Files folder emptied: 51340252 bytes
->FireFox cache emptied: 7124991 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 695 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 834644 bytes

Total Files Cleaned = 57.00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 09102011_174318

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF40A5.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF40B2.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FK8QG6ET\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\368SBEPD\topbuttons[1].xml moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:55 on 10/09/2011 by LAURA
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 24210 bytes [12:30 31/05/2011] [12:30 31/05/2011] E2B3734A723FB575F4168B48552793BE
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 30447 bytes [12:30 31/05/2011] [12:30 31/05/2011] 06ED4E13216E83D78D1659907C48C7D2
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [12:30 31/05/2011] [12:30 31/05/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\09102011_174318\C_Documents and Settings\Administrator\Cookies\administrator@minicatalog.bandoo[1].txt --a---- 370 bytes [13:36 06/09/2011] [13:36 06/09/2011] C88499F10628AEB92F0A7F9B9EFE66A3
C:\_OTL\MovedFiles\09102011_174318\C_WINDOWS\system32\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg --a---- 65 bytes [11:41 06/09/2011] [11:41 06/09/2011] F8B61E7F3E53232D837FA7744B2EBFA5

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [12:29 31/05/2011] [12:29 31/05/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [12:29 31/05/2011] [12:29 31/05/2011] AD14E447F7CED4CA987B91B379EAF952

Searching for "*iLivid*"
C:\_OTL\MovedFiles\09102011_174318\C_Documents and Settings\Administrator\Cookies\administrator@ilivid[2].txt --a---- 391 bytes [11:39 06/09/2011] [11:39 06/09/2011] A473721818811BFD3E3BED801DF61492
C:\_OTL\MovedFiles\09102011_174318\C_Documents and Settings\Administrator\Cookies\administrator@stats.ilivid[1].txt --a---- 92 bytes [11:39 06/09/2011] [11:39 06/09/2011] D9AA771A5FBB6EAA575E1285213A9EEF

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [11:39 06/09/2011] [18:06 09/08/2011] 6A25D001E2CD4EBCEB1C8F07D4C06BCF
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1599376 bytes [11:39 06/09/2011] [18:06 09/08/2011] F90D5FFA020B693CB5A7115A5E07AA3F

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\09092011_163312\c_Documents and Settings\Administrator\Application Data\Bandoo d------ [11:41 06/09/2011]
C:\_OTL\MovedFiles\09092011_163312\c_Documents and Settings\Administrator\Local Settings\Temp\nsr6C\nsh6D.tmp\Bin\resources\tutorial\images\Bandoo d------ [11:40 06/09/2011]

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\09092011_163312\c_Documents and Settings\Administrator\Application Data\searchquband d------ [11:41 06/09/2011]
C:\_OTL\MovedFiles\09092011_163312\c_Documents and Settings\Administrator\Application Data\searchqutoolbar d------ [15:33 09/09/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\09092011_163312\c_Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player d------ [11:41 06/09/2011]
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar d------ [15:33 09/09/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\09092011_163312\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [15:33 09/09/2011]
C:\_OTL\MovedFiles\09102011_174318\C_Documents and Settings\Administrator\AppData\LocalLow\DataMngr d------ [11:41 06/09/2011]
C:\_OTL\MovedFiles\09102011_174318\C_Program Files\WI371A~1\DATAMNGR d------ [15:35 09/09/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0]
@="SearchQUIEBHO 1.0 Type Library"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
Laura_S
Active Member
 
Posts: 12
Joined: September 6th, 2011, 11:47 am

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Cypher » September 10th, 2011, 1:51 pm

Hi Laura,
Good work that looks much better, how is your computer performing now any problems?
i need you to run another scan for me please to check for leftovers.

Temp File Cleaner

  • Please download TFC and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.
  • NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help removing http://www.searchqu.com//406Posted: Tue 06

Unread postby Laura_S » September 11th, 2011, 7:47 am

Hi Cypher, yes my machine is working perfectly, nice and fast! Many Thanks!

Here is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=7.00.6000.21302 (vista_ldr.110617-1500)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=2ae3794375b596419bcf30464fb38e4e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-09-11 10:57:20
# local_time=2011-09-11 11:57:20 (+0000, GMT Daylight Time)
# country="Ireland"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 493147 493147 0 0
# compatibility_mode=8192 67108863 100 0 131 131 0 0
# scanned=39654
# found=0
# cleaned=0
# scan_time=1433
Laura_S
Active Member
 
Posts: 12
Joined: September 6th, 2011, 11:47 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware