Solved: Desperate to Rid My Computer of http://www.searchnu.com/421

msavoy · 26-Oct-2012, 11:00 PM #1

Hi, Everybody.
This forums site, Tech Support Guy, is a godsend for me as the http://www.searchnu.com/421 malware is wreaking havoc with my life and have nowhere to turn to in resolving this horrible situation.
I've read Click Here to Read This First and have followed the instructions on how to post my request for help to the best of my abilities.

I want to thank you all in advance, and express my utmost appreciation for any guidance, assistance you are able to provide that rids http://www.searchnu.com/421 from my computer.

Thanks so very much,
Marc Savoy

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) Dual Core Processor 4850e, AMD64 Family 15 Model 107 Stepping 2
Processor Count: 2
RAM: 4094 Mb
Graphics Card: ATI Radeon HD 5400 Series, 1024 Mb
Hard Drives: C: Total - 715301 MB, Free - 194135 MB; L: Total - 1907695 MB, Free - 1903888 MB;
Motherboard: PEGATRON CORPORATION, NARRA3
Antivirus: Microsoft Security Essentials Prerelease, Updated and Enabled
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:12:25 PM, on 10/26/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Primary\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Users\Primary\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Primary\Favorites\Desktop prime\RRCA\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {b97ed18c-1a8a-4acc-884f-b4fe7415adf2} - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
R3 - URLSearchHook: (no name) - {0cc09160-108c-4759-bab1-5c12c216e005} - (no file)
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [189974CC4CE60D2C085A4D175C892566BD51837D._service_run] "C:\Users\Primary\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Google Update] "C:\Users\Primary\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Amazon Cloud Drive] C:\Users\Primary\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.6.2.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd...pdetect118.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DokanCEMounter - Cloud Engines - C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13158 bytes
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
Run by Primary at 22:18:07 on 2012-10-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.1873 [GMT -4:00]
.
AV: Microsoft Security Essentials Prerelease *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials Prerelease *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Primary\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Primary\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\sdclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {b97ed18c-1a8a-4acc-884f-b4fe7415adf2} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
uURLSearchHooks: {0cc09160-108c-4759-bab1-5c12c216e005} - <orphaned>
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
mURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [189974CC4CE60D2C085A4D175C892566BD51837D._service_run] "C:\Users\Primary\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Google Update] "C:\Users\Primary\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Amazon Cloud Drive] C:\Users\Primary\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D 0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Primary\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4ggb9.default\
FF - prefs.js: browser.startup.homepage - hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D 0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
FF - prefs.js: keyword.URL - Google
FF - prefs.js: browser.search.selectedEngine - Funmoods
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D 0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D 0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D 0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979&q=
FF - user.js: extensions.funmoods.id - 0023542E3E236ED9
FF - user.js: extensions.funmoods.instlDay - 15633
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2213:21:33
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-10-15 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-10-15 141920]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 31080]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-10 204288]
R2 DokanCEDriver;DokanCEDriver;C:\Program Files (x86)\PogoplugBackup\dokance.sys [2012-3-8 66880]
R2 DokanCEMounter;DokanCEMounter;C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe [2012-3-8 115520]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-9 128456]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-6-14 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-11-10 10567680]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-11-10 325632]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-15 116648]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 250808]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-5 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-15 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-3 115168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-10 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-5 1255736]
S4 avgwd;AVG WatchDog;"C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" --> C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-26 17:20:52 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42BE6736-98C7-4F5D-A4F0-35654E1F1B26}\mpengine.dll
2012-10-26 16:18:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-10-26 16:18:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-26 02:22:34 388096 ----a-r- C:\Users\Primary\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2012-10-26 02:22:33 -------- d-----w- C:\Program Files (x86)\TrendMicro
2012-10-24 23:59:28 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-23 23:41:46 -------- d-----w- C:\Program Files (x86)\MSECache
2012-10-23 22:33:14 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll
2012-10-23 22:33:14 15360 ----a-w- C:\Windows\SysWow64\inetfr.DLL
2012-10-23 22:33:14 115920 ----a-w- C:\Windows\SysWow64\msinet.OCX
2012-10-23 22:33:14 101888 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL
2012-10-23 22:33:13 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL
2012-10-23 22:33:13 152848 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX
2012-10-23 22:33:13 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL
2012-10-23 22:33:13 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL
2012-10-23 22:33:13 -------- d-----w- C:\Users\Primary\AppData\Roaming\FreeBurner
2012-10-23 22:33:13 -------- d-----w- C:\ProgramData\boost_interprocess
2012-10-22 22:55:14 -------- d-----w- C:\ProgramData\Nero
2012-10-22 22:26:32 -------- d-----w- C:\Users\Primary\AppData\Local\{4DB50C1E-93CF-43C6-8D5C-125DF30B8374}
2012-10-21 02:14:34 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-21 02:14:34 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-19 22:48:10 -------- d-----w- C:\Program Files (x86)\Applian Technologies
2012-10-19 22:03:27 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF23067B-892E-4471-B957-7E581A667992}\gapaengine.dll
2012-10-18 11:26:44 -------- d-----w- C:\Users\Primary\.gimp-2.8
2012-10-17 23:57:30 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2012-10-17 23:05:18 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-10-17 23:05:17 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-10-17 23:05:17 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-10-17 23:05:17 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-10-17 16:51:42 -------- d-----w- C:\Users\Primary\Desktop prime
2012-10-17 16:22:12 -------- d-----w- C:\Program Files (x86)\Google Hacks
2012-10-16 23:42:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 03:49:37 -------- d-----w- C:\ProgramData\Seagate
2012-10-16 03:48:53 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-10-16 03:48:31 210016 ----a-w- C:\Windows\System32\drivers\vididr.sys
2012-10-16 03:48:27 141920 ----a-w- C:\Windows\System32\drivers\vsflt53.sys
2012-10-16 03:48:20 275552 ----a-w- C:\Windows\System32\drivers\snapman.sys
2012-10-16 03:47:33 -------- d-----w- C:\Program Files (x86)\Common Files\Seagate
2012-10-16 03:34:33 -------- d-----w- C:\Program Files (x86)\Seagate
2012-10-16 03:32:54 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-10-14 11:13:00 -------- d-----w- C:\Users\Primary\AppData\Roaming\GoforFiles
2012-10-14 10:58:36 -------- d-----w- C:\Program Files (x86)\Audacity
2012-10-13 05:30:38 -------- d--h--w- C:\Windows\msdownld.tmp
2012-10-13 05:30:27 -------- d-----w- C:\Windows\SysWow64\directx
2012-10-13 05:26:52 -------- d-----w- C:\Users\Primary\AppData\Local\Western_Digital
2012-10-12 20:35:28 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-10-12 20:35:28 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-10-12 20:35:28 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-10-12 20:35:28 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-10-12 20:35:28 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-10-12 20:35:28 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-10-12 20:35:26 50856 ----a-w- C:\Windows\System32\drivers\point64.sys
2012-10-11 09:02:57 -------- d-----w- C:\Users\Primary\AppData\Local\{68BC8EE9-C571-40EC-BC49-679770AD920A}
2012-10-10 16:40:00 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 16:38:52 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 16:38:51 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 16:38:50 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 16:38:50 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 16:38:50 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 16:38:49 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 05:25:03 -------- d-----w- C:\Program Files (x86)\OpenDNS Updater
2012-10-10 00:31:14 75928 ----a-w- C:\Windows\System32\drivers\dc3d.sys
2012-10-10 00:31:14 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2012-10-10 00:07:37 -------- d-----w- C:\Program Files (x86)\FirefoxPreloader
2012-10-08 11:27:59 -------- d-----w- C:\Users\Primary\AppData\Local\{04F45F3E-68C5-467F-9CC6-77FBAEEDE8CF}
2012-10-07 00:36:10 -------- d-----w- C:\Wow Gospel - CD 1
2012-10-05 18:57:40 -------- d-----w- C:\Users\Primary\AppData\Local\{87C8B400-0B14-4529-837D-8E3B67D60B52}
2012-10-05 17:27:24 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-05 03:48:54 -------- d-----w- C:\Users\Primary\AppData\Local\{C073A1FD-46E4-482D-B718-4D9A84808FF0}
2012-10-04 22:08:31 -------- d-----w- C:\Program Files\Defraggler
2012-10-03 19:57:03 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-01 21:13:22 -------- d-----w- C:\cygwin
2012-10-01 17:09:23 -------- d-----w- C:\Windows\CheckSur
2012-10-01 07:34:31 -------- d-----w- C:\Users\Primary\AppData\Local\{07EB5B35-93B9-4B58-BF46-E614B919C961}
2012-09-30 00:59:31 -------- d-----w- C:\Users\Primary\AppData\Local\CrashDumps
2012-09-29 01:42:04 2177704 ----a-w- C:\Windows\System32\coin92.dll
2012-09-27 04:51:00 -------- d-----w- C:\Users\Primary\AppData\Roaming\com.earthbrowser.air.E6AAAE80A01B412778887 6406C965C3EDE131099.1
.
==================== Find3M ====================
.
2012-10-10 02:42:21 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-10 02:42:20 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-22 21:45:22 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-09-22 21:27:18 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-09-22 21:27:18 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-09-22 21:27:18 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-04 17:52:51 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-04 17:52:51 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-04 17:29:16 0 ----a-w- C:\Windows\ativpsrm.bin
2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-21 17:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 22:19:21.16 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/2/2012 3:05:03 PM
System Uptime: 10/26/2012 9:58:17 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA3
Processor: AMD Athlon(tm) Dual Core Processor 4850e | Socket AM2 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 189.619 GiB free.
D: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is FIXED (NTFS) - 1863 GiB total, 1859.871 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP224: 10/15/2012 5:23:57 PM - Revo Uninstaller's restore point - Bing Bar
RP225: 10/15/2012 5:28:35 PM - Revo Uninstaller's restore point - GoforFiles
RP226: 10/15/2012 5:45:05 PM - Revo Uninstaller's restore point - Babylon toolbar on IE
RP227: 10/15/2012 5:46:18 PM - Revo Uninstaller's restore point - Babylon toolbar on IE
RP228: 10/15/2012 8:57:01 PM - Revo Uninstaller's restore point - Skype Click to Call
RP229: 10/15/2012 9:57:58 PM - Revo Uninstaller's restore point - Seagate Dashboard
RP230: 10/15/2012 11:34:06 PM - Installed SeaTools for Windows
RP231: 10/15/2012 11:39:51 PM - Revo Uninstaller's restore point - Google Toolbar for Internet Explorer
RP232: 10/15/2012 11:46:28 PM - Installed Seagate DiscWizard
RP233: 10/16/2012 4:08:18 PM - Windows Update
RP234: 10/16/2012 7:38:15 PM - Installed Java 7 Update 9
RP235: 10/17/2012 7:56:04 PM - DCInstallRestorePoint
RP236: 10/19/2012 6:56:54 PM - Revo Uninstaller's restore point - AutocompletePro
RP237: 10/22/2012 5:43:17 AM - Windows Update
RP238: 10/22/2012 6:40:09 PM - Revo Uninstaller's restore point - Funmoods
RP239: 10/22/2012 6:43:46 PM - Revo Uninstaller's restore point - BurnAware Free 5.2
RP240: 10/22/2012 6:54:41 PM - Installed Nero 9 Essentials 4.4.9.0
RP241: 10/23/2012 6:46:54 PM - Revo Uninstaller's restore point - OnlineHDTV
RP242: 10/23/2012 6:52:03 PM - Revo Uninstaller's restore point - Search-Results Toolbar
RP243: 10/23/2012 6:57:20 PM - Revo Uninstaller's restore point - Free Easy Burner V 5.1
RP244: 10/23/2012 7:42:04 PM - Installed Compatibility Pack for the 2007 Office system
RP245: 10/24/2012 4:21:30 PM - Windows Update
RP246: 10/25/2012 12:54:10 PM - Windows Update
RP247: 10/25/2012 10:21:46 PM - Installed HiJackThis
RP248: 10/26/2012 4:47:27 PM - Revo Uninstaller's restore point - Riot plugin
RP249: 10/26/2012 10:07:23 PM - Windows Backup
.
==== Installed Programs ======================
.
µTorrent
3DVIA player 5.0.0.20
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Advertising Center
Amazon Cloud Drive
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.2
AVG 2012
Bing Rewards Client Installer
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Control Center for KODAK Webcams
Cortona3D Viewer
D3DX10
Defraggler
Everything 1.2.1.371
ffdshow [rev 2527] [2008-12-19]
FileMenu Tools
freeWRL
GIMP 2.8.2
Glary Utilities 2.49.0.1600
Gmail Backup
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8500 A910 Product Improvement Study
HP Print View Software
HP Product Detection
HP Update
I.R.I.S. OCR
ImagXpress
Internet TV for Windows Media Center
IrfanView (remove only)
iTunes
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
LightScribe System Software
LockHunter 2.0 beta 2, 64 bit
Malwarebytes Anti-Malware version 1.65.1.1000
Mathematica Extras 8.0 (2609412)
Menu Templates - Starter Kit
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials Prerelease
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Movie Templates - Starter Kit
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 15.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
NVIDIA Drivers
OpenDNS Updater 2.2.1
Paint.NET v3.5.10
Picasa 3
Pogoplug Backup
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Seagate DiscWizard
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
SketchUp Pro 8
Speccy
Spybot - Search & Destroy
Star Trek Online
swMSM
Unity Web Player
Unlocker 1.9.1-x64
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
WD SmartWare
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
WinPatrol
WinRAR 4.11 (64-bit)
Wolfram CDF Player (M-WIN-D 8.0.4 2609533)
.
==== Event Viewer Messages From Past Week ========
.
10/26/2012 9:59:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdia
10/26/2012 9:58:59 PM, Error: Service Control Manager [7000] - The vToolbarUpdater12.2.6 service failed to start due to the following error: The system cannot find the file specified.
10/26/2012 12:52:31 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2012 12:52:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2012 12:52:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/26/2012 12:52:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/26/2012 12:52:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/26/2012 12:52:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/26/2012 12:52:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdia discache MpFilter spldr Wanarpv6
10/26/2012 12:52:11 PM, Error: Service Control Manager [7001] - The LPD Service service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
10/26/2012 10:02:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
10/24/2012 8:31:27 AM, Error: Service Control Manager [7034] - The Seagate Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
10/23/2012 4:10:32 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147628568 Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: containerfile:_C:\Users\Primary\Desktop prime\Downloads\2016 Obama's America (2012) 1080p BDRiP XViD AC3 FLAWL3SS\2016 Obama's America (2012) 1080p BDRiP XViD AC3 FLAWL3SS.avi;file:_C:\Users\Primary\Desktop prime\Downloads\2016 Obama's America (2012) 1080p BDRiP XViD AC3 FLAWL3SS\2016 Obama's America (2012) 1080p BDRiP XViD AC3 FLAWL3SS.avi->(ASF_Script_Commands) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\SearchProtocolHost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.139.430.0, AS: 1.139.430.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
10/22/2012 5:26:21 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2012 5:26:14 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
10/20/2012 9:01:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
10/20/2012 7:12:16 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

askey127 · 27-Oct-2012, 07:54 AM #2

Looking at your log.
Be back soon.

askey127 · 27-Oct-2012, 08:13 AM #3

Hi msavoy,
Quite a bit to do here, but you should be able to do it.
Just take one step at a time.

You have two antivirus applications running at once.
That will actually reduce your protection, and may make the system unstable.
You also have the µTorrent P2P program.
Using any of the P2P programs will absolutely get your computer infected, maybe a lot worse than searchnu.
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Save it to your desktop, but don't run it yet.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

µTorrent
Advertising Center
AVG 2012 <== only uninstall if it's the FREE version.
HiJackThis
Microsoft Security Essentials Prerelease

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
IF YOU UNINSTALLED AVG, install MSSE
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a scan and delete anything it finds.
----------------------------------------------
Preliminary Removals with an OTL Custom Fix
Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename Fix.txt
SQW7-Vista_x64.TXT
Make sure that Fix.txt is the exact filename used.
----------------------------------------------
Perform a Custom Fix with OTL
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
Right Click the OTL icon and choose "Run as administrator"

Click the Run Fix button at the top.
You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
When the Open dialog comes up, Navigate to the Desktop, scroll to highlight the file named Fix.txt and click Open
Some text will appear in the Custom scans/Fixes box.
Click the Run Fix button in OTL.
Let the program run unhindered and reboot the PC when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.
Copy the contents of that file and post it in your next reply.
The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it. OK the User Account Control.

Copy the content of the following codebox into the main textfield:

Code:

:filefind
*Fun4IM*
*Bandoo*
*Searchnu*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:folderfind
*Fun4IM*
*Bandoo*
*Searchnu*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:Regfind
Fun4IM
Bandoo
Searchnu
Searchqu
iLivid
whitesmoke
datamngr
kelkoopartners
trolltech

Click the Look button to start the scan.
Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The results log can also be found on your Desktop, entitled SystemLook.txt

So we are looking for the log from the OTL fix, and the SystemLook log.
askey127

msavoy · 27-Oct-2012, 11:41 AM #4

askey127,
First off, please allow me to express my greatest appreciation and sense of gratitude for the help and assistance you've provided on my behalf. As I mentioned in my initial message, I consider myself very fortunate to have discovered this site and come across people like yourself willing to help those in distress like myself. Trying to find information about searchnu.com, let alone specific, detailed strategy on how to have it removed is very scarce, few and far between. Doing a Google search on searchnu.com/421 leaves you rather depressed and discouraged directing you to places, sites that are hardly encouraging about being able to get rid of it, most of which have a sinister sense about them, almost spooky, that while very desperate couldn't get myself to download their "malware remover" and other 100% guaranteed products that seem downright scary. So, finding this site and having you do whatever you can on my behalf is absolutely a godsend. Once again, thanks very much.

I did find others with the same problem as listed below and had planned to follow the advice provided at that specific thread but despite all the directions he received from flavallee, Trusted advisor, at the end rusty_2010 writes that he was unable to get it removed. Fortunately, when I went to check my post, you had already given me the means in which to hopefully resolve my problem.

I'll get right down to following your directions and you'll be hearing back from me as soon as possible

Thanks again very much.

All the Very Best,
Marc Savoy

rusty_2010
http://forums.techguy.org/virus-othe...rchnu-com.html
flavallee's Avatar
flavallee
flavallee is online now
flavallee is a Trusted Advisor with special permissions.
flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 46,225 posts.

msavoy · 28-Oct-2012, 05:22 PM #5

askey127
Here are the results from the OTL log and SystemLook log

A few notes for your knowledge base.
1.I've been unable to find the OTL log files on my computer and neither did it seem to save itself in the notepad. Fortunately, I cut and pasted it into a doc. file simply to preserve a back up just in case.

C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

2. At one point I had lost hope of ridding the searchnu.com/421 when the fix.txt file wouldn't open up
and apppear in the OTL fix field. I tried several times but it wasn't responding getting the same message that it can't be opened or something like that. The fix.txt file menu page was already opened and had to simply click open but as I said it wasn't responding. I simply tried several other approaches using ways to get the file open until I finally succeeded.

Here's the information you requested and again want to thank you for your indispensible help. Looking forward to your response and want to discuss making some sort of donation for your efforts.

All the Very Best,
Marc Savoy

All Processes Killed

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuor der\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedAppl ications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI 32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMAN CS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI 32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMAN CS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sear chqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB4 2DDD5E894160\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Nod e\WhiteSmoke\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\In staller\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Fold ers not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
========== FILES ==========
File/Folder C:\Users\Primary\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch .xml not found.
File/Folder C:\Users\Primary\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Users\Primary\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.iliv id[1].txt not found.
File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweeti m[2].txt not found.
File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweeti m[3].txt not found.
File/Folder C:\Users\Primary\AppData\Local\Ilivid Player not found.
File/Folder C:\Users\Primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\Primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\Primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\Primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\Primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\Primary\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\Primary\AppData\Local\Temp\BandooV6.exe not found.
File/Folder C:\Users\Primary\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\Users\Primary\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\Primary\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\Primary\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\Primary\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\Primary\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\Primary\AppData\LocalLow\searchquband not found.
File/Folder C:\Users\Primary\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Users\Primary\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\Primary\Downloads\iLividSetupV1.exe not found.
File/Folder C:\Users\Primary\AppData\LocalLow\DataMngr not found.
File/Folder C:\Users\Primary\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
File/Folder C:\Users\Primary\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files (x86)\iLivid not found.
File\Folder C:\Program Files (x86)\Windows Savevid Toolbar not found.
File\Folder C:\Program Files (x86)\Savevid not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Primary\Favorites\Desktop prime\cmd.bat deleted successfully.
C:\Users\Primary\Favorites\Desktop prime\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3059638 bytes
->Temporary Internet Files folder emptied: 10628481 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 598 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 530359 bytes
->Temporary Internet Files folder emptied: 11927302 bytes
->Flash cache emptied: 1332 bytes

User: Primary
->Temp folder emptied: 135012971 bytes
->Temporary Internet Files folder emptied: 350876133 bytes
->Java cache emptied: 2366005 bytes
->FireFox cache emptied: 88174914 bytes
->Flash cache emptied: 15490249 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 113870 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 46623132 bytes
RecycleBin emptied: 602112 bytes

Total Files Cleaned = 635.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10282012_164111

Files\Folders moved on Reboot...
C:\Users\Primary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot..

SystemsLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 16:56 on 28/10/2012 by Primary
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\SystemFiles\Kernel\SystemResources\Windows\Algebra\SearchNumberT heory.mx --a---- 103132 bytes [03:16 21/07/2012] [00:40 04/10/2011] 89EBEEF5D86A5DE0A82E0804DFC37197
C:\Users\Primary\AppData\Roaming\Microsoft\Office\Recent\process to remove searchnu.com.docx.LNK --a---- 1298 bytes [17:46 28/10/2012] [17:46 28/10/2012] 21964AF55F51966372DDF3C9637EF0C5
C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\1process to remove searchnu.com.docx.lnk --a---- 765 bytes [15:07 27/10/2012] [15:07 27/10/2012] 5FFBB0CDFDDF88D679FD03A5D0F3F9D5
C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\process to remove searchnu.com.docx.lnk --a---- 760 bytes [15:02 27/10/2012] [17:46 28/10/2012] A2144B20DAA3FB892873EDD3B363F319
C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\searchnu imposter.txt.lnk --a---- 698 bytes [04:33 27/10/2012] [04:33 27/10/2012] 7B5599BAA65B105111B534372EF224A0
C:\Users\Primary\Favorites\Desktop prime\searchnu imposter.txt --a---- 47 bytes [04:33 27/10/2012] [04:33 27/10/2012] FB1F05083F832BA7D47CC06C6E6B0D9B

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Users\Primary\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/421,"="12"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 3"="[F00000000][T01CDB534202DED20]*C:\Users\Primary\Favorites\Desktop prime\process to remove searchnu.com.docx"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 6"="[F00000000][T01CDB454B77F05A0]*C:\Users\Primary\Favorites\Desktop prime\1process to remove searchnu.com.docx"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Users\Primary\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/421,"="12"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 3"="[F00000000][T01CDB534202DED20]*C:\Users\Primary\Favorites\Desktop prime\process to remove searchnu.com.docx"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 6"="[F00000000][T01CDB454B77F05A0]*C:\Users\Primary\Favorites\Desktop prime\1process to remove searchnu.com.docx"

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"="10/23/2012 6:33 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="10/23/2012 6:41 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"="10/23/2012 6:34 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="21"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"="255"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"="255"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"cmd.exe /c RD /S /Q C:\Program Files (x86)\Searchqu Toolbar"="22"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs =AGA&o=APN10649&apn_uid=6434908431664136&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs =AGA&o=APN10649&apn_uid=6434908431664136&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB]
"Folder"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\SRToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
"C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"="10/23/2012 6:33 PM"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="10/23/2012 6:41 PM"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"="10/23/2012 6:34 PM"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="21"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"="255"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"="255"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"cmd.exe /c RD /S /Q C:\Program Files (x86)\Searchqu Toolbar"="22"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
"E9EFB8E6C50FF4F4BA4ABF289FFAF289"="C:\Program Files (x86)\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm"

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"="10/23/2012 6:33 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="10/23/2012 6:41 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"="10/23/2012 6:34 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="21"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"="255"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"="255"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
"AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB]
"Folder"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\SRToolBar"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
"C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"="10/23/2012 6:33 PM"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="10/23/2012 6:41 PM"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"="10/23/2012 6:34 PM"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="21"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"="255"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"="255"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-

askey127 · 28-Oct-2012, 06:17 PM #6

msavoy,
-----------------------------------------------------------
Disable WinPatrol
- Right Click the 'Scotty Dog' icon in the system tray
- Click Options
- At the bottom of the options page, Uncheck Automatically Run WinPatrol When Computer Starts
-Click the X to end program.
- Right Click the 'Scotty Dog' icon in the system tray again
- Click Exit Program
WinPatrol is now disabled and will not start at bootup.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)

In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):

Code:

:Commands
[CREATERESTOREPOINT]

:Reg
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Users\Primary\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/421,"=-
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 3"=-
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 6"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Users\Primary\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/421,"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 3"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 6"=-
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"=-
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"=-
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"=-
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"=-
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"cmd.exe /c RD /S /Q C:\Program Files (x86)\Searchqu Toolbar"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB]
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
"C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"="10/23/2012 6:33 PM"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"cmd.exe /c RD /S /Q C:\Program Files (x86)\Searchqu Toolbar"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
"E9EFB8E6C50FF4F4BA4ABF289FFAF289"=-
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"=-
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"=-
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"=-
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB]
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
"C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"=-
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"=-
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[-HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech]

:Files
C:\Users\Primary\AppData\Roaming\Microsoft\Office\Recent\process to remove searchnu.com.docx.LNK
C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\1process to remove searchnu.com.docx.lnk
C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\process to remove searchnu.com.docx.lnk
C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\searchnu imposter.txt.lnk
C:\Users\Primary\Favorites\Desktop prime\searchnu imposter.txt
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]

Then click the Run Fix button at the top.
Let the program run unhindered, and click to allow the Reboot when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.
Copy the contents of that file and post it in your next reply.
The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it. OK the User Account Control.

Copy the content of the following codebox into the main textfield:

Code:

:filefind
*Fun4IM*
*Bandoo*
*Searchnu*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:folderfind
*Fun4IM*
*Bandoo*
*Searchnu*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:Regfind
Fun4IM
Bandoo
Searchnu
Searchqu
iLivid
whitesmoke
datamngr
kelkoopartners
trolltech

Click the Look button to start the scan.
Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The results log can also be found on your Desktop, entitled SystemLook.txt

So we are looking for the Fix log from OTL, and the new SystemLook.txt log.
Let me know how it goes.
askey127

msavoy · 28-Oct-2012, 09:19 PM #7

askey127,
Winpatrol without computer start
Custom Fix OTL

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Users\Primary\AppData\Local\Temp\INSTAL~1.DLL,_Se tFirefoxHP http://www.searchnu.com/421, deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU\\Item 3 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU\\Item 6 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Users\Primary\AppData\Local\Temp\INSTAL~1.DLL,_Se tFirefoxHP http://www.searchnu.com/421, not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\Office\12.0\Word\File MRU\\Item 3 not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\Office\12.0\Word\File MRU\\Item 6 not found.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks\\C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp \nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE not found.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll deleted successfully.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll deleted successfully.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll deleted successfully.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\cmd.exe /c RD /S /Q C:\Program Files (x86)\Searchqu Toolbar deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB\ deleted successfully.
HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks\\"C:\Users\Primary\AppData\Local\Temp\nsxAC.tm p\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"|"10/23/2012 6:33 PM" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\IEHelper\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\cmd.exe /c RD /S /Q C:\Program Files (x86)\Searchqu Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1 not found.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks\\C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp \nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE deleted successfully.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll not found.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll not found.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB\ not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks\\C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp \nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\IEHelper\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll not found.
Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech\ not found.
========== FILES ==========
C:\Users\Primary\AppData\Roaming\Microsoft\Office\Recent\process to remove searchnu.com.docx.LNK moved successfully.
C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\1process to remove searchnu.com.docx.lnk moved successfully.
C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\process to remove searchnu.com.docx.lnk moved successfully.
C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\searchnu imposter.txt.lnk moved successfully.
C:\Users\Primary\Favorites\Desktop prime\searchnu imposter.txt moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Primary\Favorites\Desktop prime\cmd.bat deleted successfully.
C:\Users\Primary\Favorites\Desktop prime\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Primary
->Temp folder emptied: 545817 bytes
->Temporary Internet Files folder emptied: 33918 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8059747 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11152 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10282012_201304

Files\Folders moved on Reboot...
C:\Users\Primary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Primary\AppData\Local\Mozilla\Firefox\Profiles\startupCache\startu pCache.4.little moved successfully.
C:\Users\Primary\AppData\Local\Mozilla\Firefox\Profiles\Cache\_CACHE_001_ moved successfully.
C:\Users\Primary\AppData\Local\Mozilla\Firefox\Profiles\Cache\_CACHE_002_ moved successfully.
C:\Users\Primary\AppData\Local\Mozilla\Firefox\Profiles\Cache\_CACHE_003_ moved successfully.
C:\Users\Primary\AppData\Local\Mozilla\Firefox\Profiles\Cache\_CACHE_MAP_ moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

SystemLook 30.07.11 by jpshortstuff
Log created at 20:32 on 28/10/2012 by Primary
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\SystemFiles\Kernel\SystemResources\Windows\Algebra\SearchNumberT heory.mx --a---- 103132 bytes [03:16 21/07/2012] [00:40 04/10/2011] 89EBEEF5D86A5DE0A82E0804DFC37197
C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsof t\Office\Recent\process to remove searchnu.com.docx.LNK --a---- 1298 bytes [17:46 28/10/2012] [17:46 28/10/2012] 21964AF55F51966372DDF3C9637EF0C5
C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsof t\Windows\Recent\1process to remove searchnu.com.docx.lnk --a---- 765 bytes [15:07 27/10/2012] [15:07 27/10/2012] 5FFBB0CDFDDF88D679FD03A5D0F3F9D5
C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsof t\Windows\Recent\process to remove searchnu.com.docx.lnk --a---- 760 bytes [15:02 27/10/2012] [17:46 28/10/2012] A2144B20DAA3FB892873EDD3B363F319
C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsof t\Windows\Recent\searchnu imposter.txt.lnk --a---- 698 bytes [04:33 27/10/2012] [04:33 27/10/2012] 7B5599BAA65B105111B534372EF224A0
C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\Favorites\Desktop prime\searchnu imposter.txt --a---- 47 bytes [04:33 27/10/2012] [04:33 27/10/2012] FB1F05083F832BA7D47CC06C6E6B0D9B

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs =AGA&o=APN10649&apn_uid=6434908431664136&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
"E9EFB8E6C50FF4F4BA4ABF289FFAF289"="C:\Program Files (x86)\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm"

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-

askey127 · 29-Oct-2012, 06:13 AM #8

msavoy,
Much better - we are getting there.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)

In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):

Code:

:Commands
[CREATERESTOREPOINT]

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
"E9EFB8E6C50FF4F4BA4ABF289FFAF289"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech]

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]

Then click the Run Fix button at the top.
Let the program run unhindered, and click to allow the Reboot when it is done.
When the computer Reboots, and you start your usual account, a Notepad text file will appear.
Copy the contents of that file and post it in your next reply.
The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt on your desktop, in your next reply.

---------------------------------------------
Run a SystemLook Scan Again

Double-click SystemLook.exe to run it. OK the User Account Control.

Copy the content of the following codebox into the main textfield:

Code:

:filefind
*Fun4IM*
*Bandoo*
*Searchnu*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:folderfind
*Fun4IM*
*Bandoo*
*Searchnu*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:Regfind
Fun4IM
Bandoo
Searchnu
Searchqu
iLivid
whitesmoke
datamngr
kelkoopartners
trolltech

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The results log can also be found on your Desktop, entitled SystemLook.txt

So we are looking for the two logs from OTL, and the new SystemLook log.
Let me know how it goes.
askey127

msavoy · 29-Oct-2012, 10:45 PM #9

I screwed up a bit. I enabled Winpatrol temporarily forgot to disable it as you directed, did the OTL run but when it rebooted I remembered that winpatrol should have been disabled and performed a second OTL scan where most of the responses were "error" so i did a third scan with winpatrol disabled, the results of which are here below. Hope i didn't mess things up too badly.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Primary\Favorites\Desktop prime\searchnu tools\cmd.bat deleted successfully.
C:\Users\Primary\Favorites\Desktop prime\searchnu tools\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Primary
->Temp folder emptied: 542974 bytes
->Temporary Internet Files folder emptied: 61999 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8580099 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20322 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10292012_220343

Files\Folders moved on Reboot...
C:\Users\Primary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Primary\Favorites\Desktop prime\searchnu tools\cmd.bat deleted successfully.
C:\Users\Primary\Favorites\Desktop prime\searchnu tools\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Primary
->Temp folder emptied: 542974 bytes
->Temporary Internet Files folder emptied: 61999 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8580099 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20322 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10292012_220343

Files\Folders moved on Reboot...
C:\Users\Primary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

msavoy · 29-Oct-2012, 10:59 PM **#10**

OTL logfile created on: 10/29/2012 10:50:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Primary\Favorites\Desktop prime\searchnu tools
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.62% Memory free
8.00 Gb Paging File | 6.34 Gb Available in Paging File | 79.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 214.50 Gb Free Space | 30.71% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 335.70 Gb Free Space | 72.08% Space Free | Partition Type: NTFS
Drive L: | 1862.98 Gb Total Space | 1228.84 Gb Free Space | 65.96% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Primary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/28 16:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe
PRC - [2012/10/20 22:14:34 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/06/14 10:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/06/14 10:57:20 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011/06/30 14:48:46 | 000,395,152 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2011/06/30 14:47:14 | 002,638,152 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/20 22:13:50 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/11/10 03:11:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/20 22:14:33 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 22:42:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/06/14 10:57:20 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/03/08 02:50:22 | 000,115,520 | ---- | M] (Cloud Engines) [Auto | Running] -- C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe -- (DokanCEMounter)
SRV - [2011/06/30 14:50:10 | 001,191,408 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/15 23:48:53 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012/10/15 23:48:31 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012/10/15 23:48:27 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2012/10/15 23:48:20 | 000,275,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/10/12 16:35:26 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/09 20:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/09/22 17:45:22 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/10 03:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/10 02:12:46 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/03/08 02:50:22 | 000,066,880 | ---- | M] (Cloud Engines) [File_System | Auto | Running] -- C:\Program Files (x86)\PogoplugBackup\dokance.sys -- (DokanCEDriver)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=nv1...&cr=1127200979
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtAy DyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=197120 3690
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=AP N10649&apn_uid=6434908431664136&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAy DyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=112720 0979
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtAy DyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=197120 3690
IE - HKLM\..\SearchScopes\{2ACC9101-D1A6-0CE1-84C5-022FD22F899F}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAy DyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=112720 0979
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.conduit.com?SearchSour...ctid=CT3227980
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=7981&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 C4 EA 89 84 50 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=7981&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKCU\..\URLSearchHook: {b97ed18c-1a8a-4acc-884f-b4fe7415adf2} - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {2F5B3A35-D8AD-439C-B006-5F52D9734059}
IE - HKCU\..\SearchScopes\{2F5B3A35-D8AD-439C-B006-5F52D9734059}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{7468ABCE-9808-46BD-99A7-4BA3A0514603}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D 0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979"
FF - prefs.js..keyword.URL: "Google"
FF - prefs.js..browser.search.selectedEngine: "Funmoods"
FF - prefs.js..browser.search.defaultenginename: "Funmoods"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Primary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Primary\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Primary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Primary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Primary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/20 22:14:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/13 22:42:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/13 22:42:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/10/23 18:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Extensions
[2012/10/29 21:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012/10/20 15:34:08 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{03B08 592-E5B4-45ff-A0BE-C1D975458688}
[2012/10/20 15:34:00 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{1dbc4 a33-ea62-4330-966c-7bdad3455322}
[2012/10/20 15:34:01 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{6AC85 730-7D0F-4de0-B3FA-21142DD85326}
[2012/10/29 02:25:07 | 000,000,000 | ---D | M] (BlockSite Plus) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{6d43f ee4-72e7-4290-b75a-b898e4f4676d}
[2012/10/20 13:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\y8w4ggb9.default\ extensions
[2012/10/25 21:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\y8w4ggb9.default\ extensions\staged
[2012/10/20 15:33:58 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\add-to-searchbox@maltekraus.de.xpi
[2012/10/20 15:34:00 | 000,020,387 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\chrome view@systemantics.net.xpi
[2012/10/20 15:34:00 | 000,018,310 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\colori nspector3d@davidfichtmueller.de.xpi
[2012/10/26 18:14:17 | 000,052,154 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\gmailt his@lazyrussian.com.xpi
[2012/10/20 15:34:00 | 000,128,599 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\itsall text@docwhat.gerf.org.xpi
[2012/10/21 20:05:02 | 000,154,926 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\Noia4O ptions@ArisT2.xpi
[2012/10/20 14:46:39 | 000,013,094 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\noinst alldelay@trlkly.drivehq.com.xpi
[2012/10/20 15:34:00 | 000,013,168 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\oldAdd BookmarkBehavior@alice.xpi
[2012/10/20 15:34:00 | 000,108,792 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\pcln@c ycledlm.gmail.com.xpi
[2012/10/20 15:34:00 | 000,030,669 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\redire ctcleaner@example.net.xpi
[2012/10/20 15:34:00 | 000,139,801 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\savefi leto@mozdev.org.xpi
[2012/10/20 15:34:00 | 000,258,434 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\scrapb ookplus@addons.mozilla.org.xpi
[2012/10/29 18:47:36 | 000,001,469 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\skip_c ompatibility_check@sdrocking.com.xpi
[2012/10/20 15:34:00 | 000,079,135 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{1A2D0 EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2012/10/20 15:34:00 | 000,018,589 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{1ced4 832-f06e-413f-aa14-9eb63ad40ace}.xpi
[2012/10/20 15:34:00 | 000,077,698 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{1feca 320-6b4d-11df-a08a-0800200c9a66}.xpi
[2012/10/20 14:47:39 | 000,318,456 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{28197 867-b1ef-4140-8e3b-55c45b9c8460}.xpi
[2012/10/25 13:56:13 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{4c709 7f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
[2012/10/25 20:22:08 | 000,013,331 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{4DC70 064-89E2-4a55-8FC6-E8CDEAE3612C}.xpi
[2012/10/25 19:59:28 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{4DC70 064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2012/10/20 15:34:01 | 000,372,140 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{5C46D 283-ABDE-4dce-B83C-08881401921C}.xpi
[2012/10/20 15:34:01 | 000,017,971 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{c1970 c0d-dbe6-4d91-804f-c9c0de643a57}.xpi
[2012/10/20 15:34:01 | 000,061,700 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{cd617 375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2012/10/20 15:27:29 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{d10d0 bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/20 15:34:01 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{d40f5 e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/10/20 15:34:01 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{D4DD6 3FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/10/20 15:34:01 | 000,038,787 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{d93e6 838-8272-4382-a0fb-36a56db176c5}.xpi
[2012/10/20 15:34:01 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{dc572 301-7619-498c-a57d-39143191b318}.xpi
[2012/10/29 02:22:14 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{dd3d7 613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012/10/20 15:34:01 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{e4a8a 97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/10/20 15:34:01 | 000,004,139 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{ec268 e28-22c6-4a6c-ac22-635cabee283c}.xpi
[2012/10/20 15:34:01 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{EDA7B 1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2012/10/21 20:05:02 | 001,556,566 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{faf13 420-5e24-11e0-80e3-0800200c9a66}.xpi
[2012/10/27 01:01:39 | 000,057,702 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{fe025 8ab-4f74-43a1-8781-bcdf340f9ee9}.xpi
[2012/10/20 13:21:40 | 000,000,775 | ---- | M] () -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\y8w4ggb9.default\ searchplugins\Funmoods.xml
[2012/10/23 18:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/20 22:14:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/23 18:41:02 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/10/20 22:13:49 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/02 21:36:14 | 000,001,115 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.ambit.com
O1 - Hosts: 127.0.0.1 search.babylon.com/?affID=14335&tt=3512_6&babsrc=HP_ss&mntrId=d8f66ed90000000000000023542e3e23
O1 - Hosts: 127.0.0.1 www.comodo.com/secure-dns/*/
O1 - Hosts: 127.0.0.1 www.comodo.com/*/*/*/*/
O1 - Hosts: 127.0.0.1 http://www.comodo.com/.../internet-s...et-security/*/
O1 - Hosts: 127.0.0.1
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [STARTPAGE] C:\NOSPY.ORG\start1.exe File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SkyDrive] C:\Users\Primary\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.6.2.cab (DLM Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd...pdetect118.cab (GMNRev Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d667252-cbb1-11e1-b8e4-0023542e3e23}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/29 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Firefox
[2012/10/29 00:49:47 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\final reagan
[2012/10/29 00:48:17 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\searchnu tools
[2012/10/28 16:41:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/28 15:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/10/28 15:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/28 13:38:32 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\rkill
[2012/10/28 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\ProcessMonitor
[2012/10/28 13:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Softland
[2012/10/28 13:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/10/28 13:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBackup 4
[2012/10/28 13:11:03 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Softland
[2012/10/28 13:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softland
[2012/10/28 13:07:14 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\NeoSmart_Technologies
[2012/10/28 13:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
[2012/10/28 13:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
[2012/10/27 05:06:23 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\photos
[2012/10/27 01:23:28 | 009,330,176 | ---- | C] (Irfan Skiljan) -- C:\Users\Primary\Favorites\Desktop prime\irfanview_plugins_433_setup.exe
[2012/10/26 23:48:36 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Spyware
[2012/10/26 12:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/25 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2012/10/24 11:15:27 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\NeroVision
[2012/10/24 10:39:46 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\main
[2012/10/23 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/10/23 18:33:14 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2012/10/23 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\FreeBurner
[2012/10/23 18:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/10/23 17:54:20 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\neo burn
[2012/10/22 19:07:56 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Nero
[2012/10/22 18:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/10/22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/10/22 18:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012/10/22 18:53:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012/10/22 18:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012/10/22 18:26:32 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{4DB50C1E-93CF-43C6-8D5C-125DF30B8374}
[2012/10/22 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\BM
[2012/10/22 16:35:53 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\RRCA
[2012/10/20 22:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/20 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\raw-hdr
[2012/10/19 18:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
[2012/10/18 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Primary\.gimp-2.8
[2012/10/17 19:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/10/17 19:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012/10/17 13:09:26 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain
[2012/10/17 12:53:33 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Bit Torrent Transferred
[2012/10/17 12:38:21 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Extra Step
[2012/10/17 12:22:12 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Hacks
[2012/10/17 12:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google Hacks
[2012/10/16 22:01:48 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\My Documents
[2012/10/16 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\New ISOs
[2012/10/16 19:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/16 13:52:52 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Beatles Search
[2012/10/16 13:35:21 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\mp3 1
[2012/10/15 23:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2012/10/15 23:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2012/10/15 23:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Seagate
[2012/10/15 23:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2012/10/15 23:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2012/10/15 23:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/10/14 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Step Folder 2
[2012/10/14 07:13:00 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\GoforFiles
[2012/10/14 07:01:22 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Audacity
[2012/10/14 06:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012/10/14 06:28:24 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/10/13 23:21:23 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\undeletable
[2012/10/13 01:30:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/10/13 01:26:52 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\Western_Digital
[2012/10/12 21:51:01 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2012/10/11 05:02:57 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{68BC8EE9-C571-40EC-BC49-679770AD920A}
[2012/10/10 01:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
[2012/10/09 20:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirefoxPreloader
[2012/10/08 07:27:59 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{04F45F3E-68C5-467F-9CC6-77FBAEEDE8CF}
[2012/10/07 18:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/10/06 20:36:10 | 000,000,000 | ---D | C] -- C:\Wow Gospel - CD 1
[2012/10/05 14:57:40 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{87C8B400-0B14-4529-837D-8E3B67D60B52}
[2012/10/04 23:48:54 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{C073A1FD-46E4-482D-B718-4D9A84808FF0}
[2012/10/04 18:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/10/03 15:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/01 13:09:23 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/10/01 03:34:31 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{07EB5B35-93B9-4B58-BF46-E614B919C961}
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/29 22:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/29 22:18:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/29 22:14:54 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/29 22:14:54 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/29 22:07:44 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/29 22:07:44 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/10/29 22:07:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/29 22:06:56 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/29 22:01:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2310302133-1125941473-504086252-1002UA.job
[2012/10/29 21:14:12 | 000,001,028 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Continue Best Codec Pack installation.lnk
[2012/10/29 20:50:20 | 000,152,392 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Word 2010 Return.png
[2012/10/29 19:01:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2310302133-1125941473-504086252-1002Core.job
[2012/10/29 18:11:01 | 000,419,734 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\1 extensions.png
[2012/10/29 13:59:56 | 000,466,275 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\googlemap.png
[2012/10/28 16:25:14 | 000,339,430 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\clean reagan.png1.png
[2012/10/28 15:42:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/28 14:15:46 | 000,900,708 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\flying main.png
[2012/10/28 14:09:00 | 000,013,685 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\ProcessMonitor.lnk
[2012/10/28 14:07:11 | 000,001,797 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\ProcessMonitor.lnk
[2012/10/28 13:11:17 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\FBackup 4.lnk
[2012/10/28 13:06:58 | 000,024,576 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\EasyBCD Backup (2012-10-28).bcd
[2012/10/28 13:06:14 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk
[2012/10/27 14:10:51 | 000,065,576 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\flag Untitled.png
[2012/10/27 14:10:32 | 000,152,264 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Untitled.pdn
[2012/10/27 14:05:49 | 000,888,967 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\flying flags.png
[2012/10/27 04:16:26 | 239,698,070 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\GoFlex_Slim_ProSW.zip
[2012/10/27 00:04:22 | 000,876,595 | ---- | M] () -- C:\Users\Primary\AppData\Local\census.cache
[2012/10/27 00:00:43 | 000,127,705 | ---- | M] () -- C:\Users\Primary\AppData\Local\ars.cache
[2012/10/26 17:25:09 | 000,000,036 | ---- | M] () -- C:\Users\Primary\AppData\Local\housecall.guid.cache
[2012/10/25 21:42:12 | 000,005,677 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\bm search ms.search-ms
[2012/10/24 10:57:10 | 000,000,227 | ---- | M] () -- C:\Users\Primary\AppData\Roaming\default.rss
[2012/10/24 10:56:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/10/24 10:49:49 | 000,001,319 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\CDC Label.ncd
[2012/10/24 01:43:05 | 000,001,661 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Jobs News, Videos, Reviews and Gossip - Lifehacker.htm - Shortcut.lnk
[2012/10/22 18:56:54 | 000,002,710 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012/10/22 18:53:59 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012/10/22 18:38:28 | 000,001,300 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Revo Uninstaller.lnk
[2012/10/22 18:37:12 | 000,000,526 | ---- | M] () -- C:\Users\Primary\AppData\Roaming\burnaware.ini
[2012/10/22 10:42:31 | 000,830,650 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/22 10:42:31 | 000,687,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/22 10:42:31 | 000,131,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/21 23:16:44 | 000,023,084 | ---- | M] () -- C:\Users\Primary\png.png
[2012/10/20 22:06:40 | 000,497,064 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Warp_Velocity_by_Mxyzptlk246.jpg
[2012/10/20 18:51:16 | 000,440,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/20 14:44:34 | 000,813,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/20 07:26:01 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/20 04:39:37 | 000,012,792 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\images.jpg
[2012/10/19 23:41:58 | 000,000,622 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\TakeOwnership.zip
[2012/10/19 21:06:27 | 003,077,634 | ---- | M] () -- C:\Users\Primary\best supreeem.png
[2012/10/17 19:59:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/10/17 19:05:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/10/17 19:05:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2012/10/16 15:35:29 | 000,093,394 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\LeviathanWallHanging.gif
[2012/10/15 23:48:59 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Seagate DiscWizard.lnk
[2012/10/15 23:34:36 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012/10/15 23:32:35 | 021,476,536 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\SeaToolsforWindowsSetup-1206.exe
[2012/10/14 13:28:02 | 000,126,844 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Going_into_warp_by_Balsavor.jpg
[2012/10/14 07:34:04 | 006,619,729 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\preview.mp3
[2012/10/14 07:31:31 | 003,727,360 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\60379.mp3
[2012/10/14 07:22:42 | 004,866,587 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\10 I'd Rather Be Dead.mp3
[2012/10/14 06:58:55 | 000,001,015 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Audacity.lnk
[2012/10/14 06:28:24 | 000,001,898 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView Thumbnails.lnk
[2012/10/14 06:28:24 | 000,001,006 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView.lnk
[2012/10/14 06:24:30 | 009,330,176 | ---- | M] (Irfan Skiljan) -- C:\Users\Primary\Favorites\Desktop prime\irfanview_plugins_433_setup.exe
[2012/10/14 06:11:40 | 000,002,842 | ---- | M] () -- C:\Users\Primary\AppData\Local\recently-used.xbel
[2012/10/14 01:59:54 | 000,001,074 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Glary Utilities.lnk
[2012/10/13 22:35:43 | 000,000,448 | ---- | M] () -- C:\OS (C) - Shortcut.lnk
[2012/10/11 04:04:24 | 000,003,478 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\25 The Name's Bond... James Bond.m4a - Shortcut.lnk
[2012/10/10 01:28:47 | 000,001,411 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Internet Explorer (64-bit).lnk
[2012/10/10 01:24:52 | 000,225,336 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\OpenDNS-Updater-2.2.1.exe
[2012/10/09 22:43:17 | 000,001,304 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Notepad.lnk
[2012/10/04 23:23:03 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/10/04 23:18:20 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/10/04 22:54:28 | 000,000,151 | ---- | M] () -- C:\Windows\PhotoSnapViewer.INI
[2012/10/03 15:57:05 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/02 21:36:14 | 000,001,115 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/29 20:50:15 | 000,152,392 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Word 2010 Return.png
[2012/10/29 18:11:00 | 000,419,734 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\1 extensions.png
[2012/10/29 13:59:55 | 000,466,275 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\googlemap.png
[2012/10/28 16:25:13 | 000,339,430 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\clean reagan.png1.png
[2012/10/28 15:41:57 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/28 14:12:50 | 000,900,708 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\flying main.png
[2012/10/28 14:09:00 | 000,013,685 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\ProcessMonitor.lnk
[2012/10/28 14:07:11 | 000,001,797 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\ProcessMonitor.lnk
[2012/10/28 13:11:17 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\FBackup 4.lnk
[2012/10/28 13:06:57 | 000,024,576 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\EasyBCD Backup (2012-10-28).bcd
[2012/10/28 13:05:40 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk
[2012/10/27 14:10:47 | 000,065,576 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\flag Untitled.png
[2012/10/27 14:10:31 | 000,152,264 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Untitled.pdn
[2012/10/27 14:05:44 | 000,888,967 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\flying flags.png
[2012/10/27 04:38:42 | 002,828,466 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\ubble.png
[2012/10/27 00:04:22 | 000,876,595 | ---- | C] () -- C:\Users\Primary\AppData\Local\census.cache
[2012/10/27 00:00:43 | 000,127,705 | ---- | C] () -- C:\Users\Primary\AppData\Local\ars.cache
[2012/10/26 17:25:09 | 000,000,036 | ---- | C] () -- C:\Users\Primary\AppData\Local\housecall.guid.cache
[2012/10/25 21:42:12 | 000,005,677 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\bm search ms.search-ms
[2012/10/24 10:49:49 | 000,001,319 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\CDC Label.ncd
[2012/10/22 21:03:24 | 000,001,028 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Continue Best Codec Pack installation.lnk
[2012/10/22 19:16:03 | 000,000,227 | ---- | C] () -- C:\Users\Primary\AppData\Roaming\default.rss
[2012/10/22 19:11:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/10/22 18:56:54 | 000,002,710 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012/10/22 18:53:59 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012/10/22 18:38:28 | 000,001,300 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Revo Uninstaller.lnk
[2012/10/21 23:16:39 | 000,023,084 | ---- | C] () -- C:\Users\Primary\png.png
[2012/10/20 04:39:35 | 000,012,792 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\images.jpg
[2012/10/19 23:41:56 | 000,000,622 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\TakeOwnership.zip
[2012/10/19 21:06:21 | 003,077,634 | ---- | C] () -- C:\Users\Primary\best supreeem.png
[2012/10/18 03:24:05 | 000,001,661 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Jobs News, Videos, Reviews and Gossip - Lifehacker.htm - Shortcut.lnk
[2012/10/18 03:13:27 | 000,003,478 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\25 The Name's Bond... James Bond.m4a - Shortcut.lnk
[2012/10/17 19:59:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/10/17 19:05:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/10/17 19:05:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2012/10/17 19:05:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/10/16 15:35:27 | 000,093,394 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\LeviathanWallHanging.gif
[2012/10/16 00:01:05 | 239,698,070 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\GoFlex_Slim_ProSW.zip
[2012/10/15 23:48:59 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Seagate DiscWizard.lnk
[2012/10/15 23:34:36 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012/10/15 23:32:27 | 021,476,536 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\SeaToolsforWindowsSetup-1206.exe
[2012/10/14 07:33:43 | 006,619,729 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\preview.mp3
[2012/10/14 07:29:54 | 003,727,360 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\60379.mp3
[2012/10/14 07:21:12 | 004,866,587 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\10 I'd Rather Be Dead.mp3
[2012/10/14 06:58:55 | 000,001,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012/10/14 06:58:55 | 000,001,015 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Audacity.lnk
[2012/10/14 06:28:24 | 000,001,898 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView Thumbnails.lnk
[2012/10/14 06:28:24 | 000,001,006 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView.lnk
[2012/10/14 06:11:40 | 000,002,842 | ---- | C] () -- C:\Users\Primary\AppData\Local\recently-used.xbel
[2012/10/14 01:59:54 | 000,001,074 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Glary Utilities.lnk
[2012/10/14 01:59:54 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/10/13 22:35:43 | 000,000,448 | ---- | C] () -- C:\OS (C) - Shortcut.lnk
[2012/10/13 22:33:51 | 000,000,526 | ---- | C] () -- C:\Users\Primary\AppData\Roaming\burnaware.ini
[2012/10/10 01:28:47 | 000,001,411 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Internet Explorer (64-bit).lnk
[2012/10/10 01:25:06 | 000,002,022 | ---- | C] () -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
[2012/10/10 01:24:47 | 000,225,336 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\OpenDNS-Updater-2.2.1.exe
[2012/10/09 22:43:17 | 000,001,304 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Notepad.lnk
[2012/10/05 23:44:13 | 000,459,873 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\926 12.html
[2012/10/05 15:36:05 | 000,497,064 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Warp_Velocity_by_Mxyzptlk246.jpg
[2012/10/05 15:33:29 | 000,126,844 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Going_into_warp_by_Balsavor.jpg
[2012/10/04 23:18:20 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/10/04 18:08:33 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/10/03 15:57:05 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/03 15:57:04 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/23 03:32:39 | 000,830,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/19 14:49:02 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2012/09/04 13:29:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/18 20:36:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/05/24 13:31:21 | 000,031,786 | ---- | C] () -- C:\Users\Primary\AppData\Local\Saturn-5-6-121-580x580.jpg
[2012/03/02 16:34:34 | 002,345,378 | ---- | C] () -- C:\Windows\Windows 7 Loader.exe
[2011/11/10 02:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/10 02:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/25 07:02:32 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/25 18:10:32 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\100 Greatest Classics Disc 5
[2012/10/20 03:09:41 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Audacity
[2012/03/10 16:50:19 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\AVG2012
[2012/07/21 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Blurity
[2012/10/07 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\com.earthbrowser.air.E6AAAE80A01B412778887 6406C965C3EDE131099.1
[2012/09/01 20:11:27 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\CrystalSpace
[2012/10/23 18:41:54 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\FreeBurner
[2012/10/14 01:59:47 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\GlarySoft
[2012/05/06 20:39:49 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Gmail Backup
[2012/10/15 17:44:55 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\GoforFiles
[2012/10/14 06:28:24 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\IrfanView
[2012/09/14 23:53:50 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Leadertech
[2012/07/26 18:45:27 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\LockHunter
[2012/09/19 05:08:18 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Memeo
[2012/09/02 09:20:30 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\mjusbsp
[2012/09/25 02:56:56 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\OpenDNS Updater
[2012/07/22 06:43:50 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\OutWit
[2012/06/28 02:26:34 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\ParallelGraphics
[2012/07/07 06:16:26 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Pictures Videos
[2012/07/15 16:27:14 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\qBittorrent
[2012/07/26 18:06:11 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\QuickScan
[2012/09/02 09:19:05 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\RCP 6
[2012/09/02 09:20:30 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Skyscraper
[2012/10/28 13:11:03 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Softland
[2012/07/26 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Thunderbird
[2012/07/10 08:14:12 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Windows Live Writer
[2012/07/10 08:24:53 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\WinPatrol
[2012/07/12 01:03:00 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\WinZip

========== Purity Check ==========

< End of report >

msavoy · 29-Oct-2012, 11:01 PM **#11**

I screwed up a bit. I enabled Winpatrol temporarily forgot to disable it as you directed, did the OTL run but when it rebooted I remembered that winpatrol should have been disabled and performed a second OTL scan where most of the responses were "error" so i did a third scan with winpatrol disabled, the results of which are here below. Hope i didn't mess things up too badly.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Primary\Favorites\Desktop prime\searchnu tools\cmd.bat deleted successfully.
C:\Users\Primary\Favorites\Desktop prime\searchnu tools\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Primary
->Temp folder emptied: 542974 bytes
->Temporary Internet Files folder emptied: 61999 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8580099 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20322 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10292012_220343

Files\Folders moved on Reboot...
C:\Users\Primary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 10/29/2012 10:50:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Primary\Favorites\Desktop prime\searchnu tools
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.62% Memory free
8.00 Gb Paging File | 6.34 Gb Available in Paging File | 79.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 214.50 Gb Free Space | 30.71% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 335.70 Gb Free Space | 72.08% Space Free | Partition Type: NTFS
Drive L: | 1862.98 Gb Total Space | 1228.84 Gb Free Space | 65.96% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Primary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/28 16:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe
PRC - [2012/10/20 22:14:34 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/06/14 10:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/06/14 10:57:20 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011/06/30 14:48:46 | 000,395,152 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2011/06/30 14:47:14 | 002,638,152 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/20 22:13:50 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/11/10 03:11:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/20 22:14:33 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 22:42:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/06/14 10:57:20 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/03/08 02:50:22 | 000,115,520 | ---- | M] (Cloud Engines) [Auto | Running] -- C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe -- (DokanCEMounter)
SRV - [2011/06/30 14:50:10 | 001,191,408 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/15 23:48:53 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012/10/15 23:48:31 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012/10/15 23:48:27 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2012/10/15 23:48:20 | 000,275,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/10/12 16:35:26 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/09 20:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/09/22 17:45:22 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/10 03:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/10 02:12:46 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/03/08 02:50:22 | 000,066,880 | ---- | M] (Cloud Engines) [File_System | Auto | Running] -- C:\Program Files (x86)\PogoplugBackup\dokance.sys -- (DokanCEDriver)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=nv1...&cr=1127200979
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtAy DyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=197120 3690
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=AP N10649&apn_uid=6434908431664136&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAy DyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=112720 0979
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtAy DyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=197120 3690
IE - HKLM\..\SearchScopes\{2ACC9101-D1A6-0CE1-84C5-022FD22F899F}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAy DyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=112720 0979
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.conduit.com?SearchSour...ctid=CT3227980
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=7981&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 C4 EA 89 84 50 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=7981&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKCU\..\URLSearchHook: {b97ed18c-1a8a-4acc-884f-b4fe7415adf2} - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {2F5B3A35-D8AD-439C-B006-5F52D9734059}
IE - HKCU\..\SearchScopes\{2F5B3A35-D8AD-439C-B006-5F52D9734059}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{7468ABCE-9808-46BD-99A7-4BA3A0514603}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D 0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979"
FF - prefs.js..keyword.URL: "Google"
FF - prefs.js..browser.search.selectedEngine: "Funmoods"
FF - prefs.js..browser.search.defaultenginename: "Funmoods"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Primary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Primary\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Primary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Primary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Primary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/20 22:14:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/13 22:42:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/13 22:42:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/10/23 18:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Extensions
[2012/10/29 21:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012/10/20 15:34:08 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{03B08 592-E5B4-45ff-A0BE-C1D975458688}
[2012/10/20 15:34:00 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{1dbc4 a33-ea62-4330-966c-7bdad3455322}
[2012/10/20 15:34:01 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{6AC85 730-7D0F-4de0-B3FA-21142DD85326}
[2012/10/29 02:25:07 | 000,000,000 | ---D | M] (BlockSite Plus) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{6d43f ee4-72e7-4290-b75a-b898e4f4676d}
[2012/10/20 13:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\y8w4ggb9.default\ extensions
[2012/10/25 21:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\y8w4ggb9.default\ extensions\staged
[2012/10/20 15:33:58 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\add-to-searchbox@maltekraus.de.xpi
[2012/10/20 15:34:00 | 000,020,387 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\chrome view@systemantics.net.xpi
[2012/10/20 15:34:00 | 000,018,310 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\colori nspector3d@davidfichtmueller.de.xpi
[2012/10/26 18:14:17 | 000,052,154 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\gmailt his@lazyrussian.com.xpi
[2012/10/20 15:34:00 | 000,128,599 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\itsall text@docwhat.gerf.org.xpi
[2012/10/21 20:05:02 | 000,154,926 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\Noia4O ptions@ArisT2.xpi
[2012/10/20 14:46:39 | 000,013,094 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\noinst alldelay@trlkly.drivehq.com.xpi
[2012/10/20 15:34:00 | 000,013,168 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\oldAdd BookmarkBehavior@alice.xpi
[2012/10/20 15:34:00 | 000,108,792 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\pcln@c ycledlm.gmail.com.xpi
[2012/10/20 15:34:00 | 000,030,669 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\redire ctcleaner@example.net.xpi
[2012/10/20 15:34:00 | 000,139,801 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\savefi leto@mozdev.org.xpi
[2012/10/20 15:34:00 | 000,258,434 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\scrapb ookplus@addons.mozilla.org.xpi
[2012/10/29 18:47:36 | 000,001,469 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\skip_c ompatibility_check@sdrocking.com.xpi
[2012/10/20 15:34:00 | 000,079,135 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{1A2D0 EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2012/10/20 15:34:00 | 000,018,589 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{1ced4 832-f06e-413f-aa14-9eb63ad40ace}.xpi
[2012/10/20 15:34:00 | 000,077,698 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{1feca 320-6b4d-11df-a08a-0800200c9a66}.xpi
[2012/10/20 14:47:39 | 000,318,456 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{28197 867-b1ef-4140-8e3b-55c45b9c8460}.xpi
[2012/10/25 13:56:13 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{4c709 7f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
[2012/10/25 20:22:08 | 000,013,331 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{4DC70 064-89E2-4a55-8FC6-E8CDEAE3612C}.xpi
[2012/10/25 19:59:28 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{4DC70 064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2012/10/20 15:34:01 | 000,372,140 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{5C46D 283-ABDE-4dce-B83C-08881401921C}.xpi
[2012/10/20 15:34:01 | 000,017,971 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{c1970 c0d-dbe6-4d91-804f-c9c0de643a57}.xpi
[2012/10/20 15:34:01 | 000,061,700 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{cd617 375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2012/10/20 15:27:29 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{d10d0 bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/20 15:34:01 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{d40f5 e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/10/20 15:34:01 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{D4DD6 3FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/10/20 15:34:01 | 000,038,787 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{d93e6 838-8272-4382-a0fb-36a56db176c5}.xpi
[2012/10/20 15:34:01 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{dc572 301-7619-498c-a57d-39143191b318}.xpi
[2012/10/29 02:22:14 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{dd3d7 613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012/10/20 15:34:01 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{e4a8a 97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/10/20 15:34:01 | 000,004,139 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{ec268 e28-22c6-4a6c-ac22-635cabee283c}.xpi
[2012/10/20 15:34:01 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{EDA7B 1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2012/10/21 20:05:02 | 001,556,566 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{faf13 420-5e24-11e0-80e3-0800200c9a66}.xpi
[2012/10/27 01:01:39 | 000,057,702 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{fe025 8ab-4f74-43a1-8781-bcdf340f9ee9}.xpi
[2012/10/20 13:21:40 | 000,000,775 | ---- | M] () -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\y8w4ggb9.default\ searchplugins\Funmoods.xml
[2012/10/23 18:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/20 22:14:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/23 18:41:02 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/10/20 22:13:49 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/02 21:36:14 | 000,001,115 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.ambit.com
O1 - Hosts: 127.0.0.1 search.babylon.com/?affID=14335&tt=3512_6&babsrc=HP_ss&mntrId=d8f66ed90000000000000023542e3e23
O1 - Hosts: 127.0.0.1 www.comodo.com/secure-dns/*/
O1 - Hosts: 127.0.0.1 www.comodo.com/*/*/*/*/
O1 - Hosts: 127.0.0.1 http://www.comodo.com/.../internet-s...et-security/*/
O1 - Hosts: 127.0.0.1
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [STARTPAGE] C:\NOSPY.ORG\start1.exe File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SkyDrive] C:\Users\Primary\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.6.2.cab (DLM Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd...pdetect118.cab (GMNRev Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2d667252-cbb1-11e1-b8e4-0023542e3e23}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/29 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Firefox
[2012/10/29 00:49:47 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\final reagan
[2012/10/29 00:48:17 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\searchnu tools
[2012/10/28 16:41:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/28 15:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/10/28 15:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/28 13:38:32 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\rkill
[2012/10/28 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\ProcessMonitor
[2012/10/28 13:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Softland
[2012/10/28 13:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/10/28 13:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBackup 4
[2012/10/28 13:11:03 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Softland
[2012/10/28 13:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softland
[2012/10/28 13:07:14 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\NeoSmart_Technologies
[2012/10/28 13:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
[2012/10/28 13:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
[2012/10/27 05:06:23 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\photos
[2012/10/27 01:23:28 | 009,330,176 | ---- | C] (Irfan Skiljan) -- C:\Users\Primary\Favorites\Desktop prime\irfanview_plugins_433_setup.exe
[2012/10/26 23:48:36 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Spyware
[2012/10/26 12:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/25 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2012/10/24 11:15:27 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\NeroVision
[2012/10/24 10:39:46 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\main
[2012/10/23 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/10/23 18:33:14 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2012/10/23 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\FreeBurner
[2012/10/23 18:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/10/23 17:54:20 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\neo burn
[2012/10/22 19:07:56 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Nero
[2012/10/22 18:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/10/22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/10/22 18:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012/10/22 18:53:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012/10/22 18:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012/10/22 18:26:32 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{4DB50C1E-93CF-43C6-8D5C-125DF30B8374}
[2012/10/22 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\BM
[2012/10/22 16:35:53 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\RRCA
[2012/10/20 22:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/20 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\raw-hdr
[2012/10/19 18:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
[2012/10/18 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Primary\.gimp-2.8
[2012/10/17 19:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/10/17 19:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012/10/17 13:09:26 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain
[2012/10/17 12:53:33 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Bit Torrent Transferred
[2012/10/17 12:38:21 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Extra Step
[2012/10/17 12:22:12 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Hacks
[2012/10/17 12:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google Hacks
[2012/10/16 22:01:48 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\My Documents
[2012/10/16 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\New ISOs
[2012/10/16 19:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/16 13:52:52 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Beatles Search
[2012/10/16 13:35:21 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\mp3 1
[2012/10/15 23:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2012/10/15 23:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2012/10/15 23:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Seagate
[2012/10/15 23:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2012/10/15 23:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2012/10/15 23:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/10/14 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Step Folder 2
[2012/10/14 07:13:00 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\GoforFiles
[2012/10/14 07:01:22 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Audacity
[2012/10/14 06:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012/10/14 06:28:24 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/10/13 23:21:23 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\undeletable
[2012/10/13 01:30:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/10/13 01:26:52 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\Western_Digital
[2012/10/12 21:51:01 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2012/10/11 05:02:57 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{68BC8EE9-C571-40EC-BC49-679770AD920A}
[2012/10/10 01:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
[2012/10/09 20:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirefoxPreloader
[2012/10/08 07:27:59 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{04F45F3E-68C5-467F-9CC6-77FBAEEDE8CF}
[2012/10/07 18:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/10/06 20:36:10 | 000,000,000 | ---D | C] -- C:\Wow Gospel - CD 1
[2012/10/05 14:57:40 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{87C8B400-0B14-4529-837D-8E3B67D60B52}
[2012/10/04 23:48:54 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{C073A1FD-46E4-482D-B718-4D9A84808FF0}
[2012/10/04 18:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/10/03 15:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/01 13:09:23 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/10/01 03:34:31 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{07EB5B35-93B9-4B58-BF46-E614B919C961}
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/29 22:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/29 22:18:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/29 22:14:54 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/29 22:14:54 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/29 22:07:44 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/29 22:07:44 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/10/29 22:07:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/29 22:06:56 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/29 22:01:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2310302133-1125941473-504086252-1002UA.job
[2012/10/29 21:14:12 | 000,001,028 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Continue Best Codec Pack installation.lnk
[2012/10/29 20:50:20 | 000,152,392 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Word 2010 Return.png
[2012/10/29 19:01:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2310302133-1125941473-504086252-1002Core.job
[2012/10/29 18:11:01 | 000,419,734 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\1 extensions.png
[2012/10/29 13:59:56 | 000,466,275 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\googlemap.png
[2012/10/28 16:25:14 | 000,339,430 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\clean reagan.png1.png
[2012/10/28 15:42:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/28 14:15:46 | 000,900,708 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\flying main.png
[2012/10/28 14:09:00 | 000,013,685 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\ProcessMonitor.lnk
[2012/10/28 14:07:11 | 000,001,797 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\ProcessMonitor.lnk
[2012/10/28 13:11:17 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\FBackup 4.lnk
[2012/10/28 13:06:58 | 000,024,576 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\EasyBCD Backup (2012-10-28).bcd
[2012/10/28 13:06:14 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk
[2012/10/27 14:10:51 | 000,065,576 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\flag Untitled.png
[2012/10/27 14:10:32 | 000,152,264 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Untitled.pdn
[2012/10/27 14:05:49 | 000,888,967 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\flying flags.png
[2012/10/27 04:16:26 | 239,698,070 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\GoFlex_Slim_ProSW.zip
[2012/10/27 00:04:22 | 000,876,595 | ---- | M] () -- C:\Users\Primary\AppData\Local\census.cache
[2012/10/27 00:00:43 | 000,127,705 | ---- | M] () -- C:\Users\Primary\AppData\Local\ars.cache
[2012/10/26 17:25:09 | 000,000,036 | ---- | M] () -- C:\Users\Primary\AppData\Local\housecall.guid.cache
[2012/10/25 21:42:12 | 000,005,677 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\bm search ms.search-ms
[2012/10/24 10:57:10 | 000,000,227 | ---- | M] () -- C:\Users\Primary\AppData\Roaming\default.rss
[2012/10/24 10:56:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/10/24 10:49:49 | 000,001,319 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\CDC Label.ncd
[2012/10/24 01:43:05 | 000,001,661 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Jobs News, Videos, Reviews and Gossip - Lifehacker.htm - Shortcut.lnk
[2012/10/22 18:56:54 | 000,002,710 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012/10/22 18:53:59 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012/10/22 18:38:28 | 000,001,300 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Revo Uninstaller.lnk
[2012/10/22 18:37:12 | 000,000,526 | ---- | M] () -- C:\Users\Primary\AppData\Roaming\burnaware.ini
[2012/10/22 10:42:31 | 000,830,650 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/22 10:42:31 | 000,687,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/22 10:42:31 | 000,131,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/21 23:16:44 | 000,023,084 | ---- | M] () -- C:\Users\Primary\png.png
[2012/10/20 22:06:40 | 000,497,064 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Warp_Velocity_by_Mxyzptlk246.jpg
[2012/10/20 18:51:16 | 000,440,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/20 14:44:34 | 000,813,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/20 07:26:01 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/20 04:39:37 | 000,012,792 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\images.jpg
[2012/10/19 23:41:58 | 000,000,622 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\TakeOwnership.zip
[2012/10/19 21:06:27 | 003,077,634 | ---- | M] () -- C:\Users\Primary\best supreeem.png
[2012/10/17 19:59:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/10/17 19:05:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/10/17 19:05:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2012/10/16 15:35:29 | 000,093,394 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\LeviathanWallHanging.gif
[2012/10/15 23:48:59 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Seagate DiscWizard.lnk
[2012/10/15 23:34:36 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012/10/15 23:32:35 | 021,476,536 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\SeaToolsforWindowsSetup-1206.exe
[2012/10/14 13:28:02 | 000,126,844 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Going_into_warp_by_Balsavor.jpg
[2012/10/14 07:34:04 | 006,619,729 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\preview.mp3
[2012/10/14 07:31:31 | 003,727,360 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\60379.mp3
[2012/10/14 07:22:42 | 004,866,587 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\10 I'd Rather Be Dead.mp3
[2012/10/14 06:58:55 | 000,001,015 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Audacity.lnk
[2012/10/14 06:28:24 | 000,001,898 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView Thumbnails.lnk
[2012/10/14 06:28:24 | 000,001,006 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView.lnk
[2012/10/14 06:24:30 | 009,330,176 | ---- | M] (Irfan Skiljan) -- C:\Users\Primary\Favorites\Desktop prime\irfanview_plugins_433_setup.exe
[2012/10/14 06:11:40 | 000,002,842 | ---- | M] () -- C:\Users\Primary\AppData\Local\recently-used.xbel
[2012/10/14 01:59:54 | 000,001,074 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Glary Utilities.lnk
[2012/10/13 22:35:43 | 000,000,448 | ---- | M] () -- C:\OS (C) - Shortcut.lnk
[2012/10/11 04:04:24 | 000,003,478 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\25 The Name's Bond... James Bond.m4a - Shortcut.lnk
[2012/10/10 01:28:47 | 000,001,411 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Internet Explorer (64-bit).lnk
[2012/10/10 01:24:52 | 000,225,336 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\OpenDNS-Updater-2.2.1.exe
[2012/10/09 22:43:17 | 000,001,304 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Notepad.lnk
[2012/10/04 23:23:03 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/10/04 23:18:20 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/10/04 22:54:28 | 000,000,151 | ---- | M] () -- C:\Windows\PhotoSnapViewer.INI
[2012/10/03 15:57:05 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/02 21:36:14 | 000,001,115 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/29 20:50:15 | 000,152,392 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Word 2010 Return.png
[2012/10/29 18:11:00 | 000,419,734 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\1 extensions.png
[2012/10/29 13:59:55 | 000,466,275 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\googlemap.png
[2012/10/28 16:25:13 | 000,339,430 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\clean reagan.png1.png
[2012/10/28 15:41:57 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/28 14:12:50 | 000,900,708 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\flying main.png
[2012/10/28 14:09:00 | 000,013,685 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\ProcessMonitor.lnk
[2012/10/28 14:07:11 | 000,001,797 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\ProcessMonitor.lnk
[2012/10/28 13:11:17 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\FBackup 4.lnk
[2012/10/28 13:06:57 | 000,024,576 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\EasyBCD Backup (2012-10-28).bcd
[2012/10/28 13:05:40 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk
[2012/10/27 14:10:47 | 000,065,576 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\flag Untitled.png
[2012/10/27 14:10:31 | 000,152,264 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Untitled.pdn
[2012/10/27 14:05:44 | 000,888,967 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\flying flags.png
[2012/10/27 04:38:42 | 002,828,466 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\ubble.png
[2012/10/27 00:04:22 | 000,876,595 | ---- | C] () -- C:\Users\Primary\AppData\Local\census.cache
[2012/10/27 00:00:43 | 000,127,705 | ---- | C] () -- C:\Users\Primary\AppData\Local\ars.cache
[2012/10/26 17:25:09 | 000,000,036 | ---- | C] () -- C:\Users\Primary\AppData\Local\housecall.guid.cache
[2012/10/25 21:42:12 | 000,005,677 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\bm search ms.search-ms
[2012/10/24 10:49:49 | 000,001,319 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\CDC Label.ncd
[2012/10/22 21:03:24 | 000,001,028 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Continue Best Codec Pack installation.lnk
[2012/10/22 19:16:03 | 000,000,227 | ---- | C] () -- C:\Users\Primary\AppData\Roaming\default.rss
[2012/10/22 19:11:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/10/22 18:56:54 | 000,002,710 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012/10/22 18:53:59 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2012/10/22 18:38:28 | 000,001,300 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Revo Uninstaller.lnk
[2012/10/21 23:16:39 | 000,023,084 | ---- | C] () -- C:\Users\Primary\png.png
[2012/10/20 04:39:35 | 000,012,792 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\images.jpg
[2012/10/19 23:41:56 | 000,000,622 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\TakeOwnership.zip
[2012/10/19 21:06:21 | 003,077,634 | ---- | C] () -- C:\Users\Primary\best supreeem.png
[2012/10/18 03:24:05 | 000,001,661 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Jobs News, Videos, Reviews and Gossip - Lifehacker.htm - Shortcut.lnk
[2012/10/18 03:13:27 | 000,003,478 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\25 The Name's Bond... James Bond.m4a - Shortcut.lnk
[2012/10/17 19:59:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012/10/17 19:05:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/10/17 19:05:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2012/10/17 19:05:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/10/16 15:35:27 | 000,093,394 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\LeviathanWallHanging.gif
[2012/10/16 00:01:05 | 239,698,070 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\GoFlex_Slim_ProSW.zip
[2012/10/15 23:48:59 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Seagate DiscWizard.lnk
[2012/10/15 23:34:36 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012/10/15 23:32:27 | 021,476,536 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\SeaToolsforWindowsSetup-1206.exe
[2012/10/14 07:33:43 | 006,619,729 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\preview.mp3
[2012/10/14 07:29:54 | 003,727,360 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\60379.mp3
[2012/10/14 07:21:12 | 004,866,587 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\10 I'd Rather Be Dead.mp3
[2012/10/14 06:58:55 | 000,001,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012/10/14 06:58:55 | 000,001,015 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Audacity.lnk
[2012/10/14 06:28:24 | 000,001,898 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView Thumbnails.lnk
[2012/10/14 06:28:24 | 000,001,006 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView.lnk
[2012/10/14 06:11:40 | 000,002,842 | ---- | C] () -- C:\Users\Primary\AppData\Local\recently-used.xbel
[2012/10/14 01:59:54 | 000,001,074 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Glary Utilities.lnk
[2012/10/14 01:59:54 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/10/13 22:35:43 | 000,000,448 | ---- | C] () -- C:\OS (C) - Shortcut.lnk
[2012/10/13 22:33:51 | 000,000,526 | ---- | C] () -- C:\Users\Primary\AppData\Roaming\burnaware.ini
[2012/10/10 01:28:47 | 000,001,411 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Internet Explorer (64-bit).lnk
[2012/10/10 01:25:06 | 000,002,022 | ---- | C] () -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
[2012/10/10 01:24:47 | 000,225,336 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\OpenDNS-Updater-2.2.1.exe
[2012/10/09 22:43:17 | 000,001,304 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Notepad.lnk
[2012/10/05 23:44:13 | 000,459,873 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\926 12.html
[2012/10/05 15:36:05 | 000,497,064 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Warp_Velocity_by_Mxyzptlk246.jpg
[2012/10/05 15:33:29 | 000,126,844 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Going_into_warp_by_Balsavor.jpg
[2012/10/04 23:18:20 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/10/04 18:08:33 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/10/03 15:57:05 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/03 15:57:04 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/23 03:32:39 | 000,830,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/19 14:49:02 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2012/09/04 13:29:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/18 20:36:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/05/24 13:31:21 | 000,031,786 | ---- | C] () -- C:\Users\Primary\AppData\Local\Saturn-5-6-121-580x580.jpg
[2012/03/02 16:34:34 | 002,345,378 | ---- | C] () -- C:\Windows\Windows 7 Loader.exe
[2011/11/10 02:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/10 02:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/25 07:02:32 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/25 18:10:32 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\100 Greatest Classics Disc 5
[2012/10/20 03:09:41 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Audacity
[2012/03/10 16:50:19 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\AVG2012
[2012/07/21 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Blurity
[2012/10/07 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\com.earthbrowser.air.E6AAAE80A01B412778887 6406C965C3EDE131099.1
[2012/09/01 20:11:27 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\CrystalSpace
[2012/10/23 18:41:54 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\FreeBurner
[2012/10/14 01:59:47 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\GlarySoft
[2012/05/06 20:39:49 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Gmail Backup
[2012/10/15 17:44:55 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\GoforFiles
[2012/10/14 06:28:24 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\IrfanView
[2012/09/14 23:53:50 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Leadertech
[2012/07/26 18:45:27 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\LockHunter
[2012/09/19 05:08:18 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Memeo
[2012/09/02 09:20:30 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\mjusbsp
[2012/09/25 02:56:56 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\OpenDNS Updater
[2012/07/22 06:43:50 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\OutWit
[2012/06/28 02:26:34 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\ParallelGraphics
[2012/07/07 06:16:26 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Pictures Videos
[2012/07/15 16:27:14 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\qBittorrent
[2012/07/26 18:06:11 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\QuickScan
[2012/09/02 09:19:05 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\RCP 6
[2012/09/02 09:20:30 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Skyscraper
[2012/10/28 13:11:03 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Softland
[2012/07/26 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Thunderbird
[2012/07/10 08:14:12 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Windows Live Writer
[2012/07/10 08:24:53 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\WinPatrol
[2012/07/12 01:03:00 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\WinZip

========== Purity Check ==========

< End of report >

msavoy · 29-Oct-2012, 11:03 PM **#12**

Very Sorry about the double post.

msavoy · 29-Oct-2012, 11:11 PM **#13**

SystemLook 30.07.11 by jpshortstuff
Log created at 23:04 on 29/10/2012 by Primary
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\SystemFiles\Kernel\SystemResources\Windows\Algebra\SearchNumberT heory.mx --a---- 103132 bytes [03:16 21/07/2012] [00:40 04/10/2011] 89EBEEF5D86A5DE0A82E0804DFC37197
C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\searchnu tools.lnk --a---- 569 bytes [02:59 30/10/2012] [03:04 30/10/2012] 45E87692CD7632D9327D6B359A29525F
C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsof t\Office\Recent\process to remove searchnu.com.docx.LNK --a---- 1298 bytes [17:46 28/10/2012] [17:46 28/10/2012] 21964AF55F51966372DDF3C9637EF0C5
C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsof t\Windows\Recent\1process to remove searchnu.com.docx.lnk --a---- 765 bytes [15:07 27/10/2012] [15:07 27/10/2012] 5FFBB0CDFDDF88D679FD03A5D0F3F9D5
C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsof t\Windows\Recent\process to remove searchnu.com.docx.lnk --a---- 760 bytes [15:02 27/10/2012] [17:46 28/10/2012] A2144B20DAA3FB892873EDD3B363F319
C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsof t\Windows\Recent\searchnu imposter.txt.lnk --a---- 698 bytes [04:33 27/10/2012] [04:33 27/10/2012] 7B5599BAA65B105111B534372EF224A0
C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\Favorites\Desktop prime\searchnu imposter.txt --a---- 47 bytes [04:33 27/10/2012] [04:33 27/10/2012] FB1F05083F832BA7D47CC06C6E6B0D9B

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
C:\Users\Primary\Favorites\Desktop prime\searchnu tools d------ [04:48 29/10/2012]

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\OTL.exe]
"Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\SystemLook_x6 4.exe]
"Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\SystemLook_x64.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\OTL.exe]
"Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\SystemLook_x64.exe]
"Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\SystemLook_x64.exe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"="OTL.exe"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\IntelliPoint\AppSpecific\OTL.exe]
"Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\IntelliPoint\AppSpecific\SystemLook_x64.exe]
"Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\SystemLook_x64.exe"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\IntelliType Pro\AppSpecific\OTL.exe]
"Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\IntelliType Pro\AppSpecific\SystemLook_x64.exe]
"Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\SystemLook_x64.exe"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"="OTL.exe"
[HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"="OTL.exe"

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs =AGA&o=APN10649&apn_uid=6434908431664136&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
"E9EFB8E6C50FF4F4BA4ABF289FFAF289"="C:\Program Files (x86)\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm"

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-

msavoy · 29-Oct-2012, 11:15 PM **#14**

I'm going through a terrible time with the malware being stuck in the middle of the worst hurricane, here in New York. I received this OTL Extras filelog that I'm including only because I am not sure whether you need it and want to include it to be sure.

Thanks Very Much,
Marc Savoy

msavoy · 29-Oct-2012, 11:16 PM **#15**

OTL Extras logfile created on: 10/29/2012 10:50:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Primary\Favorites\Desktop prime\searchnu tools
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.62% Memory free
8.00 Gb Paging File | 6.34 Gb Available in Paging File | 79.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 214.50 Gb Free Space | 30.71% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 335.70 Gb Free Space | 72.08% Space Free | Partition Type: NTFS
Drive L: | 1862.98 Gb Total Space | 1228.84 Gb Free Space | 65.96% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: Primary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{10F3DC06-0482-41CA-9DB4-92FCBCD5A5AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{112FD5D6-20D4-41A4-805D-D90EF44CAEBA}" = lport=137 | protocol=17 | dir=in | app=system |
"{15050768-CE92-411F-94ED-B307A6D97AB5}" = lport=10245 | protocol=6 | dir=in | app=system |
"{19EC0E5E-BCD2-4957-90EC-B5180FB82349}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2188562C-61C3-4477-954F-DEB1A6423916}" = rport=137 | protocol=17 | dir=out | app=system |
"{34EA7EEB-D107-421A-B3CF-2F8AC2E3D073}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{469493F6-D3BF-4A58-A3AA-BE3830A68A29}" = lport=445 | protocol=6 | dir=in | app=system |
"{4E808E38-08F5-4BA1-A16C-9DCD58C77F95}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{534044AA-5722-4A7C-BCD3-73A16CF6A4BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{64854DF5-E88A-40E6-B839-485229C36AD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7168EA80-970B-4D5F-9CB8-260DF4179E29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79584D59-640B-4D82-AB99-20CAA787FB04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8491E173-1315-420E-971A-F2885A7F64A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8BC77324-3189-4FBE-B9BA-F99C318638D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95A059CE-1D48-4B95-8426-98A87CBE70B8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{AAEF2C5E-F04F-4B42-9A44-7388E14FFC4F}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF6A0CB5-6888-4A6E-AFD4-8491E98501E9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B308B707-C7A0-4597-8DB9-9523CA36B9D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BED1E6F2-9F4D-4B1E-B345-8B959D3171B1}" = rport=138 | protocol=17 | dir=out | app=system |
"{C11A791C-9537-456D-A065-1346DFFECD04}" = rport=139 | protocol=6 | dir=out | app=system |
"{C52241D7-2B93-48B6-A07D-49AF6E613DB6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CD8530EE-4188-4BA3-A58F-5DB3417C7037}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DA51DE89-8269-4535-A5D5-345A7FCF0F0F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E40E7939-713D-43E2-AE46-252AAB4EEEC4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7921B80-1E4C-4F29-8821-79D27E248338}" = rport=445 | protocol=6 | dir=out | app=system |
"{EDD34263-5ADA-44EC-934B-03F8505506FC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F0F2EA7E-6300-4E0F-B4D7-6A5DA3B117B9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{FB03AAE7-755F-415D-834A-97F86872D246}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD6DC2DE-F2DE-4D85-A3B9-EE205CA6492E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FFF159E4-0DC2-4683-A869-2BFC207B689D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0AE27781-9B43-4C37-BDB3-EB098274F86A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{10E8EF97-E33B-4921-8E8B-463194C4E9BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12753043-E14A-4E5E-97E2-721DEDEF4A82}" = protocol=17 | dir=in | app=c:\users\primary\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1EB245A4-0BB4-4EA7-AB07-930EEF8E9F15}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1F0AC70B-00D4-4410-8577-12133BA4E6A4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1F61D2D6-838A-4921-9908-9C46E462B977}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{24488A42-7618-4A80-95CD-744B5FE8D86F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{33C780CC-9879-47CF-BF8E-90BC0D2B2AE7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{36B09205-C2A0-4DC0-AE2F-CEE2029F4ED5}" = dir=in | app=c:\program files\comodo\comodo internet security\fp.exe-h |
"{3B5E7350-9148-4520-BB22-71AADA9D89C6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3D843A99-F6D1-4C6B-AAE8-F95C6332A3BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{413D8325-B4FA-49A9-A36E-D9ABFB7143FD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{4FF13998-4138-4469-A6E0-112CE7E2EACC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5006B89F-6F06-424A-B684-71B83A0F71BC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5DC225A2-69E5-446D-9D2D-9923EF69ECC1}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{610B2FF6-E8F8-451B-9734-16CDEAFEE75D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{66C5746E-8F7C-4893-B82F-665164595515}" = dir=in | app=c:\users\primary\appdata\local\microsoft\skydrive\skydrive.exe |
"{6DE9D917-B6A0-40F8-8215-53C17F81746E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{6F1986A9-E76A-4B7E-A10D-5E3E60A06EBA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{76AF47FF-CD63-4FE2-8F5F-7876AB63BB0E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8A740C29-F2D2-439B-A156-611CDFD598E9}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{8ABDDEDE-7073-45E7-87D1-653D95C371D9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{97D220C2-2730-4583-B8F4-614C64FB8E08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9EA4B18D-9A2B-44A6-B1C9-B88102B4299D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A310CCC7-B256-4948-A122-D0866A578718}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A460A07E-453B-430A-81EA-DB16F5B80B0D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{A6E4AA1F-128D-4B97-A492-BEAC4BEF659C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AC6B9857-AC43-45E0-89AD-E1C999CA8138}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{B455F953-03D6-4937-85A3-A31E1E63A285}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B4FB2BD3-9319-4626-94A8-054FD808A8C1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B75B9BA1-C768-493E-A24E-501B14F56DF4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{C4727793-86EE-4CB6-B61F-CFFA63012EC4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D47A2AE7-3763-4FF0-8AD1-DA0CFC71A875}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DFB5644A-B52F-44BC-8151-8B97A4F4091C}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{EA811945-EA24-46B1-9E30-C7E0AACBE635}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{ED74CBB2-F653-4773-B811-E8FBCFDBE038}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F62FC304-DD3C-4409-B190-945C60D7353C}" = protocol=6 | dir=in | app=c:\users\primary\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{46EAE88C-89FC-4FC1-99C4-8B74DBD1B023}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{87943EDB-C95E-4572-9D80-C08714AD9EAA}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{A4654B36-D27B-4CB5-BED0-D41CBA58A60B}C:\program files (x86)\everything\everything.exe" = protocol=6 | dir=in | app=c:\program files (x86)\everything\everything.exe |
"TCP Query User{EBDA7AE4-CAED-4C7A-86E6-12D05FB17ACF}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"UDP Query User{55A2CBA7-15B7-445A-8373-DF3A39381375}C:\program files (x86)\everything\everything.exe" = protocol=17 | dir=in | app=c:\program files (x86)\everything\everything.exe |
"UDP Query User{56007239-061F-4DCF-8159-04623632229C}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{7C86D33B-9190-4A80-9248-02F4F1A31175}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"UDP Query User{D4AB03DE-E8F4-493D-A9D8-940A16815991}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0308919C-E317-4293-8D3C-97EF307BCDBC}" = HP Officejet Pro 8500 A910 Product Improvement Study
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E95102E-27A4-416F-A9D1-308C9603F14A}" = HP Print View Software
"{22A51951-1F45-4C8A-B888-306527F9C45F}" = WD SmartWare
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DEACDFFA-D424-416F-B849-FA282F55B2CE}" = Cortona3D Viewer
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"A-WIN-Extras 8.0.4 2609412_is1" = Mathematica Extras 8.0 (2609412)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"FileMenu Tools_is1" = FileMenu Tools
"GIMP-2_is1" = GIMP 2.8.2
"LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PogoplugBackup" = Pogoplug Backup
"Speccy" = Speccy
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E8BFE9E-F05C-4F4F-ABA4-FB82F9AF2F98}" = SketchUp Pro 8
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7bb15b26-acef-42c0-9c18-763a2d740655}" = Nero 9 Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}" = 3DVIA player 5.0.0.20
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF55B950-4227-49DF-914B-A8F63D236DB8}" = Amazon Cloud Drive
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DB01EE59-8EEB-4F28-9F4F-2396BBC96343}" = freeWRL
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0.2
"Control Center for KODAK Webcams" = Control Center for KODAK Webcams
"EasyBCD" = EasyBCD 2.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Everything" = Everything 1.2.1.371
"FBackup 4_is1" = FBackup 4
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Glary Utilities_is1" = Glary Utilities 2.49.0.1600
"gmailbackup" = Gmail Backup
"HP Marketing Resources" = HP Print View Software
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"Mozilla Thunderbird 15.0.1 (x86 en-US)" = Mozilla Thunderbird 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"M-WIN-D 8.0.4 2609533_is1" = Wolfram CDF Player (M-WIN-D 8.0.4 2609533)
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.94
"Star Trek Online" = Star Trek Online
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2012 7:04:52 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16450,
time stamp: 0x503723f6 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x006b5a41 Faulting process id:
0x6f4 Faulting application start time: 0x01cdb172ab1f74f0 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 0cd34028-1d66-11e2-94bf-0023542e3e23

Error - 10/23/2012 7:05:23 PM | Computer Name = Mike-PC | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Research task pane.

Error - 10/23/2012 7:18:19 PM | Computer Name = Mike-PC | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Research task pane.

Error - 10/23/2012 8:14:42 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 12.0.6662.5003 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 14cc Start
Time: 01cdb17c824cbe48 Termination Time: 40 Application Path: C:\Program Files (x86)\Microsoft
Office\Office12\WINWORD.EXE Report Id: c949b739-1d6f-11e2-b65a-0023542e3e23

Error - 10/23/2012 10:47:15 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
Description = The program MRT.exe version 4.13.6701.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 4ec Start Time:
01cdb17b9bffaa90 Termination Time: 780 Application Path: C:\Windows\system32\MRT.exe

Report
Id:

Error - 10/24/2012 10:51:05 AM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
Description = The program NeroExpress.exe version 9.4.44.100 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 5d40 Start
Time: 01cdb1f68eba63cc Termination Time: 24962 Application Path: C:\Program Files
(x86)\Nero\Nero 9\Nero Express\NeroExpress.exe Report Id: 2694d6dd-1dea-11e2-b65a-0023542e3e23

Error - 10/26/2012 12:23:07 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 16e8 Start
Time: 01cdb395cba85e74 Termination Time: 10 Application Path: C:\Program Files (x86)\Spybot
- Search & Destroy\SpybotSD.exe Report Id:

Error - 10/26/2012 8:07:15 PM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/27/2012 5:33:56 AM | Computer Name = Mike-PC | Source = Windows Backup | ID = 4104
Description =

Error - 10/28/2012 12:51:20 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 16.0.1.4666 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: dbc Start
Time: 01cdb5264367f6e0 Termination Time: 175 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: ae330c21-211f-11e2-a13b-0023542e3e23

Error - 10/29/2012 1:52:52 AM | Computer Name = Mike-PC | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Research task pane.

[ Media Center Events ]
Error - 7/22/2012 1:02:47 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 12:50:00 AM - Failed to retrieve Directory (Error: The operation has
timed out)

Error - 7/22/2012 1:47:30 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 1:31:49 AM - Failed to retrieve NetTV (Error: The operation has timed
out)

Error - 7/22/2012 1:52:47 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 1:50:33 AM - Failed to retrieve MCEClientUX (Error: The operation
has timed out)

Error - 7/22/2012 2:08:34 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 2:06:58 AM - Failed to retrieve SportsV2 (Error: The operation has
timed out)

Error - 10/25/2012 10:57:26 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
Description = 10:57:22 PM - Failed to retrieve Directory (Error: The operation has
timed out)

[ System Events ]
Error - 9/2/2012 5:54:55 AM | Computer Name = Mike-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 15.5.0.0 Update Source: %%815 Update Stage:
%%854 Source Path: Signature Type: %%886 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 2.1.8600.0 Error code: 0x80070002 Error
description: The system cannot find the file specified.

Error - 9/2/2012 5:54:55 AM | Computer Name = Mike-PC | Source = Microsoft Antimalware | ID = 2003
Description = %%860 has encountered an error trying to update the engine. New Engine
Version: Previous Engine Version: 2.1.8600.0 Engine Type: %%886 User: NT AUTHORITY\SYSTEM

Error
Code: 0x80070002 Error description: The system cannot find the file specified.

Error - 9/2/2012 5:55:00 AM | Computer Name = Mike-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 9/2/2012 5:55:05 AM | Computer Name = Mike-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x80070002 Error description: The system cannot find the file specified.
Reason: %%892

Error - 9/2/2012 5:55:23 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Search service hung on starting.

Error - 9/2/2012 5:55:51 AM | Computer Name = Mike-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138
(Definition 1.135.323.0).

Error - 9/2/2012 6:31:28 AM | Computer Name = Mike-PC | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%825

Error
Code: 0x8050a004 Error description: This package does not contain up-to-date definition
files for this program. For more information, see Help and Support. Signature version:
1.135.233.0;1.135.233.0 Engine version: 1.1.8601.0

Error - 9/2/2012 6:41:08 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error - 9/2/2012 6:41:08 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%1053

Error - 9/2/2012 6:48:10 AM | Computer Name = Mike-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x80070002 Error description: The system cannot find the file specified.
Reason: %%892

< End of report >

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: Desperate to Rid My Computer of http://www.searchnu.com/421

Find the solution to your computer problem!

Find the solution to your
computer problem!