1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Desperate to Rid My Computer of http://www.searchnu.com/421

Discussion in 'Virus & Other Malware Removal' started by msavoy, Oct 26, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. msavoy

    msavoy Thread Starter

    Joined:
    Oct 26, 2012
    Messages:
    19
    Hi, Everybody.
    This forums site, Tech Support Guy, is a godsend for me as the http://www.searchnu.com/421 malware is wreaking havoc with my life and have nowhere to turn to in resolving this horrible situation.
    I've read Click Here to Read This First and have followed the instructions on how to post my request for help to the best of my abilities.

    I want to thank you all in advance, and express my utmost appreciation for any guidance, assistance you are able to provide that rids http://www.searchnu.com/421 from my computer.

    Thanks so very much,
    Marc Savoy


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
    Processor: AMD Athlon(tm) Dual Core Processor 4850e, AMD64 Family 15 Model 107 Stepping 2
    Processor Count: 2
    RAM: 4094 Mb
    Graphics Card: ATI Radeon HD 5400 Series, 1024 Mb
    Hard Drives: C: Total - 715301 MB, Free - 194135 MB; L: Total - 1907695 MB, Free - 1903888 MB;
    Motherboard: PEGATRON CORPORATION, NARRA3
    Antivirus: Microsoft Security Essentials Prerelease, Updated and Enabled
    [FONT=&quot]O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems [/FONT]
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:12:25 PM, on 10/26/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16450)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Users\Primary\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
    C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
    C:\Program Files (x86)\Everything\Everything.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Users\Primary\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Primary\Favorites\Desktop prime\RRCA\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {b97ed18c-1a8a-4acc-884f-b4fe7415adf2} - (no file)
    R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    R3 - URLSearchHook: (no name) - {0cc09160-108c-4759-bab1-5c12c216e005} - (no file)
    R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O3 - Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
    O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [189974CC4CE60D2C085A4D175C892566BD51837D._service_run] "C:\Users\Primary\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Primary\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Amazon Cloud Drive] C:\Users\Primary\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
    O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS1\Services\Tcpip\..\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS2\Services\Tcpip\..\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll (file missing)
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DokanCEMounter - Cloud Engines - C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13158 bytes
    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
    Run by Primary at 22:18:07 on 2012-10-26
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.1873 [GMT -4:00]
    .
    AV: Microsoft Security Essentials Prerelease *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials Prerelease *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k LPDService
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Users\Primary\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
    C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
    C:\Program Files (x86)\Everything\Everything.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\Primary\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\sdclt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\ehome\mcupdate.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: {b97ed18c-1a8a-4acc-884f-b4fe7415adf2} - <orphaned>
    uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
    uURLSearchHooks: {0cc09160-108c-4759-bab1-5c12c216e005} - <orphaned>
    uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
    mURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [189974CC4CE60D2C085A4D175C892566BD51837D._service_run] "C:\Users\Primary\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [Google Update] "C:\Users\Primary\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Amazon Cloud Drive] C:\Users\Primary\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
    uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
    mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E} : NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E} : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
    x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Primary\AppData\Roaming\Mozilla\Firefox\Profiles\y8w4ggb9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
    FF - prefs.js: keyword.URL - Google
    FF - prefs.js: browser.search.selectedEngine - Funmoods
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979&q=
    FF - user.js: extensions.funmoods.id - 0023542E3E236ED9
    FF - user.js: extensions.funmoods.instlDay - 15633
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2213:21:33
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - nv1
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - nv1
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-10-15 210016]
    R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-10-15 141920]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 31080]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-10 204288]
    R2 DokanCEDriver;DokanCEDriver;C:\Program Files (x86)\PogoplugBackup\dokance.sys [2012-3-8 66880]
    R2 DokanCEMounter;DokanCEMounter;C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe [2012-3-8 115520]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-9 128456]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]
    R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]
    R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-6-14 248248]
    R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-11-10 10567680]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-11-10 325632]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-15 116648]
    S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 250808]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-5 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-15 116648]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-3 115168]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-10 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-5 1255736]
    S4 avgwd;AVG WatchDog;"C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" --> C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-10-26 17:20:52 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42BE6736-98C7-4F5D-A4F0-35654E1F1B26}\mpengine.dll
    2012-10-26 16:18:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-10-26 16:18:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-10-26 02:22:34 388096 ----a-r- C:\Users\Primary\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2012-10-26 02:22:33 -------- d-----w- C:\Program Files (x86)\TrendMicro
    2012-10-24 23:59:28 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-10-23 23:41:46 -------- d-----w- C:\Program Files (x86)\MSECache
    2012-10-23 22:33:14 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll
    2012-10-23 22:33:14 15360 ----a-w- C:\Windows\SysWow64\inetfr.DLL
    2012-10-23 22:33:14 115920 ----a-w- C:\Windows\SysWow64\msinet.OCX
    2012-10-23 22:33:14 101888 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL
    2012-10-23 22:33:13 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL
    2012-10-23 22:33:13 152848 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX
    2012-10-23 22:33:13 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL
    2012-10-23 22:33:13 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL
    2012-10-23 22:33:13 -------- d-----w- C:\Users\Primary\AppData\Roaming\FreeBurner
    2012-10-23 22:33:13 -------- d-----w- C:\ProgramData\boost_interprocess
    2012-10-22 22:55:14 -------- d-----w- C:\ProgramData\Nero
    2012-10-22 22:26:32 -------- d-----w- C:\Users\Primary\AppData\Local\{4DB50C1E-93CF-43C6-8D5C-125DF30B8374}
    2012-10-21 02:14:34 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2012-10-21 02:14:34 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2012-10-19 22:48:10 -------- d-----w- C:\Program Files (x86)\Applian Technologies
    2012-10-19 22:03:27 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF23067B-892E-4471-B957-7E581A667992}\gapaengine.dll
    2012-10-18 11:26:44 -------- d-----w- C:\Users\Primary\.gimp-2.8
    2012-10-17 23:57:30 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
    2012-10-17 23:05:18 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-10-17 23:05:17 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-10-17 23:05:17 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-10-17 23:05:17 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-10-17 16:51:42 -------- d-----w- C:\Users\Primary\Desktop prime
    2012-10-17 16:22:12 -------- d-----w- C:\Program Files (x86)\Google Hacks
    2012-10-16 23:42:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-10-16 03:49:37 -------- d-----w- C:\ProgramData\Seagate
    2012-10-16 03:48:53 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys
    2012-10-16 03:48:31 210016 ----a-w- C:\Windows\System32\drivers\vididr.sys
    2012-10-16 03:48:27 141920 ----a-w- C:\Windows\System32\drivers\vsflt53.sys
    2012-10-16 03:48:20 275552 ----a-w- C:\Windows\System32\drivers\snapman.sys
    2012-10-16 03:47:33 -------- d-----w- C:\Program Files (x86)\Common Files\Seagate
    2012-10-16 03:34:33 -------- d-----w- C:\Program Files (x86)\Seagate
    2012-10-16 03:32:54 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-10-14 11:13:00 -------- d-----w- C:\Users\Primary\AppData\Roaming\GoforFiles
    2012-10-14 10:58:36 -------- d-----w- C:\Program Files (x86)\Audacity
    2012-10-13 05:30:38 -------- d--h--w- C:\Windows\msdownld.tmp
    2012-10-13 05:30:27 -------- d-----w- C:\Windows\SysWow64\directx
    2012-10-13 05:26:52 -------- d-----w- C:\Users\Primary\AppData\Local\Western_Digital
    2012-10-12 20:35:28 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
    2012-10-12 20:35:28 828872 ----a-w- C:\Windows\System32\msvcr110.dll
    2012-10-12 20:35:28 661448 ----a-w- C:\Windows\System32\msvcp110.dll
    2012-10-12 20:35:28 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
    2012-10-12 20:35:28 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
    2012-10-12 20:35:28 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
    2012-10-12 20:35:26 50856 ----a-w- C:\Windows\System32\drivers\point64.sys
    2012-10-11 09:02:57 -------- d-----w- C:\Users\Primary\AppData\Local\{68BC8EE9-C571-40EC-BC49-679770AD920A}
    2012-10-10 16:40:00 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-10-10 16:38:52 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2012-10-10 16:38:51 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-10-10 16:38:50 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-10-10 16:38:50 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-10-10 16:38:50 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-10-10 16:38:49 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-10-10 05:25:03 -------- d-----w- C:\Program Files (x86)\OpenDNS Updater
    2012-10-10 00:31:14 75928 ----a-w- C:\Windows\System32\drivers\dc3d.sys
    2012-10-10 00:31:14 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
    2012-10-10 00:07:37 -------- d-----w- C:\Program Files (x86)\FirefoxPreloader
    2012-10-08 11:27:59 -------- d-----w- C:\Users\Primary\AppData\Local\{04F45F3E-68C5-467F-9CC6-77FBAEEDE8CF}
    2012-10-07 00:36:10 -------- d-----w- C:\Wow Gospel - CD 1
    2012-10-05 18:57:40 -------- d-----w- C:\Users\Primary\AppData\Local\{87C8B400-0B14-4529-837D-8E3B67D60B52}
    2012-10-05 17:27:24 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-10-05 03:48:54 -------- d-----w- C:\Users\Primary\AppData\Local\{C073A1FD-46E4-482D-B718-4D9A84808FF0}
    2012-10-04 22:08:31 -------- d-----w- C:\Program Files\Defraggler
    2012-10-03 19:57:03 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-10-01 21:13:22 -------- d-----w- C:\cygwin
    2012-10-01 17:09:23 -------- d-----w- C:\Windows\CheckSur
    2012-10-01 07:34:31 -------- d-----w- C:\Users\Primary\AppData\Local\{07EB5B35-93B9-4B58-BF46-E614B919C961}
    2012-09-30 00:59:31 -------- d-----w- C:\Users\Primary\AppData\Local\CrashDumps
    2012-09-29 01:42:04 2177704 ----a-w- C:\Windows\System32\coin92.dll
    2012-09-27 04:51:00 -------- d-----w- C:\Users\Primary\AppData\Roaming\com.earthbrowser.air.E6AAAE80A01B4127788876406C965C3EDE131099.1
    .
    ==================== Find3M ====================
    .
    2012-10-10 02:42:21 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-10 02:42:20 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-22 21:45:22 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-09-22 21:27:18 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-09-22 21:27:18 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
    2012-09-22 21:27:18 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-09-04 17:52:51 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-04 17:52:51 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-04 17:29:16 0 ----a-w- C:\Windows\ativpsrm.bin
    2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-08-21 17:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    .
    ============= FINISH: 22:19:21.16 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/2/2012 3:05:03 PM
    System Uptime: 10/26/2012 9:58:17 PM (1 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | NARRA3
    Processor: AMD Athlon(tm) Dual Core Processor 4850e | Socket AM2 | 2500/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 699 GiB total, 189.619 GiB free.
    D: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    L: is FIXED (NTFS) - 1863 GiB total, 1859.871 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP224: 10/15/2012 5:23:57 PM - Revo Uninstaller's restore point - Bing Bar
    RP225: 10/15/2012 5:28:35 PM - Revo Uninstaller's restore point - GoforFiles
    RP226: 10/15/2012 5:45:05 PM - Revo Uninstaller's restore point - Babylon toolbar on IE
    RP227: 10/15/2012 5:46:18 PM - Revo Uninstaller's restore point - Babylon toolbar on IE
    RP228: 10/15/2012 8:57:01 PM - Revo Uninstaller's restore point - Skype Click to Call
    RP229: 10/15/2012 9:57:58 PM - Revo Uninstaller's restore point - Seagate Dashboard
    RP230: 10/15/2012 11:34:06 PM - Installed SeaTools for Windows
    RP231: 10/15/2012 11:39:51 PM - Revo Uninstaller's restore point - Google Toolbar for Internet Explorer
    RP232: 10/15/2012 11:46:28 PM - Installed Seagate DiscWizard
    RP233: 10/16/2012 4:08:18 PM - Windows Update
    RP234: 10/16/2012 7:38:15 PM - Installed Java 7 Update 9
    RP235: 10/17/2012 7:56:04 PM - DCInstallRestorePoint
    RP236: 10/19/2012 6:56:54 PM - Revo Uninstaller's restore point - AutocompletePro
    RP237: 10/22/2012 5:43:17 AM - Windows Update
    RP238: 10/22/2012 6:40:09 PM - Revo Uninstaller's restore point - Funmoods
    RP239: 10/22/2012 6:43:46 PM - Revo Uninstaller's restore point - BurnAware Free 5.2
    RP240: 10/22/2012 6:54:41 PM - Installed Nero 9 Essentials 4.4.9.0
    RP241: 10/23/2012 6:46:54 PM - Revo Uninstaller's restore point - OnlineHDTV
    RP242: 10/23/2012 6:52:03 PM - Revo Uninstaller's restore point - Search-Results Toolbar
    RP243: 10/23/2012 6:57:20 PM - Revo Uninstaller's restore point - Free Easy Burner V 5.1
    RP244: 10/23/2012 7:42:04 PM - Installed Compatibility Pack for the 2007 Office system
    RP245: 10/24/2012 4:21:30 PM - Windows Update
    RP246: 10/25/2012 12:54:10 PM - Windows Update
    RP247: 10/25/2012 10:21:46 PM - Installed HiJackThis
    RP248: 10/26/2012 4:47:27 PM - Revo Uninstaller's restore point - Riot plugin
    RP249: 10/26/2012 10:07:23 PM - Windows Backup
    .
    ==== Installed Programs ======================
    .
    µTorrent
    3DVIA player 5.0.0.20
    7-Zip 9.20 (x64 edition)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Advertising Center
    Amazon Cloud Drive
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 2.0.2
    AVG 2012
    Bing Rewards Client Installer
    Bonjour
    CCleaner
    Compatibility Pack for the 2007 Office system
    Control Center for KODAK Webcams
    Cortona3D Viewer
    D3DX10
    Defraggler
    Everything 1.2.1.371
    ffdshow [rev 2527] [2008-12-19]
    FileMenu Tools
    freeWRL
    GIMP 2.8.2
    Glary Utilities 2.49.0.1600
    Gmail Backup
    Google Chrome
    Google Drive
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.1.0.0
    HiJackThis
    HP Officejet Pro 8500 A910 Basic Device Software
    HP Officejet Pro 8500 A910 Help
    HP Officejet Pro 8500 A910 Product Improvement Study
    HP Print View Software
    HP Product Detection
    HP Update
    I.R.I.S. OCR
    ImagXpress
    Internet TV for Windows Media Center
    IrfanView (remove only)
    iTunes
    Java 7 Update 9
    Java Auto Updater
    JavaFX 2.1.1
    Junk Mail filter update
    LightScribe System Software
    LockHunter 2.0 beta 2, 64 bit
    Malwarebytes Anti-Malware version 1.65.1.1000
    Mathematica Extras 8.0 (2609412)
    Menu Templates - Starter Kit
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials Prerelease
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Movie Templates - Starter Kit
    Mozilla Firefox 16.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 15.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express Help
    Nero InfoTool
    Nero Installer
    Nero Online Upgrade
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero Vision Help
    NeroExpress
    neroxml
    NVIDIA Drivers
    OpenDNS Updater 2.2.1
    Paint.NET v3.5.10
    Picasa 3
    Pogoplug Backup
    QuickTime
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.94
    Seagate DiscWizard
    SeaTools for Windows
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    SketchUp Pro 8
    Speccy
    Spybot - Search & Destroy
    Star Trek Online
    swMSM
    Unity Web Player
    Unlocker 1.9.1-x64
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual Studio 2008 x64 Redistributables
    VLC media player 2.0.1
    WD SmartWare
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Flash
    WinPatrol
    WinRAR 4.11 (64-bit)
    Wolfram CDF Player (M-WIN-D 8.0.4 2609533)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/26/2012 9:59:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdia
    10/26/2012 9:58:59 PM, Error: Service Control Manager [7000] - The vToolbarUpdater12.2.6 service failed to start due to the following error: The system cannot find the file specified.
    10/26/2012 12:52:31 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2012 12:52:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2012 12:52:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/26/2012 12:52:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/26/2012 12:52:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/26/2012 12:52:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/26/2012 12:52:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdia discache MpFilter spldr Wanarpv6
    10/26/2012 12:52:11 PM, Error: Service Control Manager [7001] - The LPD Service service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
    10/26/2012 10:02:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
    10/24/2012 8:31:27 AM, Error: Service Control Manager [7034] - The Seagate Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
    10/23/2012 4:10:32 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:ASX/Wimad.CN&threatid=2147628568 Name: TrojanDownloader:ASX/Wimad.CN ID: 2147628568 Severity: Severe Category: Trojan Downloader Path: containerfile:_C:\Users\Primary\Desktop prime\Downloads\2016 Obama's America (2012) 1080p BDRiP XViD AC3 FLAWL3SS\2016 Obama's America (2012) 1080p BDRiP XViD AC3 FLAWL3SS.avi;file:_C:\Users\Primary\Desktop prime\Downloads\2016 Obama's America (2012) 1080p BDRiP XViD AC3 FLAWL3SS\2016 Obama's America (2012) 1080p BDRiP XViD AC3 FLAWL3SS.avi->(ASF_Script_Commands) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\SearchProtocolHost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.139.430.0, AS: 1.139.430.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    10/22/2012 5:26:21 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    10/22/2012 5:26:14 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    10/20/2012 9:01:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
    10/20/2012 7:12:16 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    .
    ==== End Of File ===========================
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,628
    Looking at your log.
    Be back soon.
     
  3. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,628
    Hi msavoy,
    Quite a bit to do here, but you should be able to do it.
    Just take one step at a time.

    You have two antivirus applications running at once.
    That will actually reduce your protection, and may make the system unstable.
    You also have the µTorrent P2P program.
    Using any of the P2P programs will absolutely get your computer infected, maybe a lot worse than searchnu.
    -----------------------------------------------------------
    Download the Microsoft Security Essentials Installer
    The download is here: http://www.microsoft.com/security_essentials/
    Save it to your desktop, but don't run it yet.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    µTorrent
    Advertising Center
    AVG 2012
    <== only uninstall if it's the FREE version.
    HiJackThis
    Microsoft Security Essentials Prerelease

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    -----------------------------------------------------------
    IF YOU UNINSTALLED AVG, install MSSE
    Double Click the icon for the Microsoft Security Essentials installer.
    Let it install, update itself, run a scan and delete anything it finds.
    ----------------------------------------------
    Preliminary Removals with an OTL Custom Fix
    Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename Fix.txt
    SQW7-Vista_x64.TXT
    Make sure that Fix.txt is the exact filename used.
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    Right Click the OTL icon and choose "Run as administrator"
    • Click the Run Fix button at the top.
    • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
    • When the Open dialog comes up, Navigate to the Desktop, scroll to highlight the file named Fix.txt and click Open
    • Some text will appear in the Custom scans/Fixes box.
    • Click the Run Fix button in OTL.
    • Let the program run unhindered and reboot the PC when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ---------------------------------------------
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it. OK the User Account Control.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchnu
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
      
      
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The results log can also be found on your Desktop, entitled SystemLook.txt

    So we are looking for the log from the OTL fix, and the SystemLook log.
    askey127
     
  4. msavoy

    msavoy Thread Starter

    Joined:
    Oct 26, 2012
    Messages:
    19
    askey127,
    First off, please allow me to express my greatest appreciation and sense of gratitude for the help and assistance you've provided on my behalf. As I mentioned in my initial message, I consider myself very fortunate to have discovered this site and come across people like yourself willing to help those in distress like myself. Trying to find information about searchnu.com, let alone specific, detailed strategy on how to have it removed is very scarce, few and far between. Doing a Google search on searchnu.com/421 leaves you rather depressed and discouraged directing you to places, sites that are hardly encouraging about being able to get rid of it, most of which have a sinister sense about them, almost spooky, that while very desperate couldn't get myself to download their "malware remover" and other 100% guaranteed products that seem downright scary. So, finding this site and having you do whatever you can on my behalf is absolutely a godsend. Once again, thanks very much.

    I did find others with the same problem as listed below and had planned to follow the advice provided at that specific thread but despite all the directions he received from flavallee, Trusted advisor, at the end rusty_2010 writes that he was unable to get it removed. Fortunately, when I went to check my post, you had already given me the means in which to hopefully resolve my problem.

    I'll get right down to following your directions and you'll be hearing back from me as soon as possible

    Thanks again very much.
    (y):D
    All the Very Best,
    Marc Savoy

    rusty_2010
    http://forums.techguy.org/virus-other-malware-removal/1057435-please-help-remove-searchnu-com.html
    flavallee's Avatar
    flavallee
    flavallee is online now
    flavallee is a Trusted Advisor with special permissions.
    flavallee has a Profile Picture
    Computer Specs
    Trusted Advisor with 46,225 posts.
     
  5. msavoy

    msavoy Thread Starter

    Joined:
    Oct 26, 2012
    Messages:
    19
    (y)askey127
    Here are the results from the OTL log and SystemLook log

    A few notes for your knowledge base.
    1.I've been unable to find the OTL log files on my computer and neither did it seem to save itself in the notepad. Fortunately, I cut and pasted it into a doc. file simply to preserve a back up just in case.

    C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

    2. At one point I had lost hope of ridding the searchnu.com/421 when the fix.txt file wouldn't open up
    and apppear in the OTL fix field. I tried several times but it wasn't responding getting the same message that it can't be opened or something like that. The fix.txt file menu page was already opened and had to simply click open but as I said it wasn't responding. I simply tried several other approaches using ways to get the file open until I finally succeeded.


    Here's the information you requested and again want to thank you for your indispensible help. Looking forward to your response and want to discuss making some sort of donation for your efforts.

    All the Very Best,
    Marc Savoy


    All Processes Killed


    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
    Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
    Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
    Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
    Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI 32\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMAN CS\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
    Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
    Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
    Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
    Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
    Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
    ========== FILES ==========
    File/Folder C:\Users\Primary\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
    File/Folder C:\Users\Primary\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
    File/Folder C:\Users\Primary\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
    File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
    File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
    File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
    File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
    File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
    File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
    File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
    File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
    File/Folder C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
    File/Folder C:\Users\Primary\AppData\Local\Ilivid Player not found.
    File/Folder C:\Users\Primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
    File/Folder C:\Users\Primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
    File/Folder C:\Users\Primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
    File/Folder C:\Users\Primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
    File/Folder C:\Users\Primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
    File/Folder C:\Users\Primary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
    File/Folder C:\Users\Primary\AppData\Local\Temp\BandooFiles not found.
    File/Folder C:\Users\Primary\AppData\Local\Temp\BandooV6.exe not found.
    File/Folder C:\Users\Primary\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
    File/Folder C:\Users\Primary\AppData\Local\Temp\SweetIMReinstall not found.
    File/Folder C:\Users\Primary\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
    File/Folder C:\Users\Primary\AppData\Local\Temp\ilivid.7z not found.
    File/Folder C:\Users\Primary\AppData\Local\Temp\searchqu.ini not found.
    File/Folder C:\Users\Primary\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
    File/Folder C:\Users\Primary\AppData\LocalLow\searchquband not found.
    File/Folder C:\Users\Primary\AppData\LocalLow\searchqutoolbar not found.
    File/Folder C:\Users\Primary\Downloads\SweetImSetup.exe not found.
    File/Folder C:\Users\Primary\Downloads\iLividSetupV1.exe not found.
    File/Folder C:\Users\Primary\AppData\LocalLow\DataMngr not found.
    File/Folder C:\Users\Primary\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
    File/Folder C:\Users\Primary\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
    File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
    File\Folder C:\Program Files\Windows iLivid Toolbar not found.
    File\Folder C:\Program Files\iLivid not found.
    File\Folder C:\Windows\Prefetch\ILIVID* not found.
    File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
    File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
    File\Folder C:\Program Files (x86)\iLivid not found.
    File\Folder C:\Program Files (x86)\Windows Savevid Toolbar not found.
    File\Folder C:\Program Files (x86)\Savevid not found.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Primary\Favorites\Desktop prime\cmd.bat deleted successfully.
    C:\Users\Primary\Favorites\Desktop prime\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 3059638 bytes
    ->Temporary Internet Files folder emptied: 10628481 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 598 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 530359 bytes
    ->Temporary Internet Files folder emptied: 11927302 bytes
    ->Flash cache emptied: 1332 bytes

    User: Primary
    ->Temp folder emptied: 135012971 bytes
    ->Temporary Internet Files folder emptied: 350876133 bytes
    ->Java cache emptied: 2366005 bytes
    ->FireFox cache emptied: 88174914 bytes
    ->Flash cache emptied: 15490249 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 113870 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46623132 bytes
    RecycleBin emptied: 602112 bytes

    Total Files Cleaned = 635.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10282012_164111

    Files\Folders moved on Reboot...
    C:\Users\Primary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    [FONT=&quot]Registry entries deleted on Reboot..[/FONT]


    SystemsLook.txt

    SystemLook 30.07.11 by jpshortstuff
    Log created at 16:56 on 28/10/2012 by Primary
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Fun4IM*"
    No files found.

    Searching for "*Bandoo*"
    No files found.

    Searching for "*Searchnu*"
    C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\SystemFiles\Kernel\SystemResources\Windows\Algebra\SearchNumberTheory.mx --a---- 103132 bytes [03:16 21/07/2012] [00:40 04/10/2011] 89EBEEF5D86A5DE0A82E0804DFC37197
    C:\Users\Primary\AppData\Roaming\Microsoft\Office\Recent\process to remove searchnu.com.docx.LNK --a---- 1298 bytes [17:46 28/10/2012] [17:46 28/10/2012] 21964AF55F51966372DDF3C9637EF0C5
    C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\1process to remove searchnu.com.docx.lnk --a---- 765 bytes [15:07 27/10/2012] [15:07 27/10/2012] 5FFBB0CDFDDF88D679FD03A5D0F3F9D5
    C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\process to remove searchnu.com.docx.lnk --a---- 760 bytes [15:02 27/10/2012] [17:46 28/10/2012] A2144B20DAA3FB892873EDD3B363F319
    C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\searchnu imposter.txt.lnk --a---- 698 bytes [04:33 27/10/2012] [04:33 27/10/2012] 7B5599BAA65B105111B534372EF224A0
    C:\Users\Primary\Favorites\Desktop prime\searchnu imposter.txt --a---- 47 bytes [04:33 27/10/2012] [04:33 27/10/2012] FB1F05083F832BA7D47CC06C6E6B0D9B

    Searching for "*Searchqu*"
    No files found.

    Searching for "*iLivid*"
    No files found.

    Searching for "*whitesmoke*"
    No files found.

    Searching for "*datamngr*"
    No files found.

    Searching for "*trolltech*"
    No files found.

    ========== folderfind ==========

    Searching for "*Fun4IM*"
    No folders found.

    Searching for "*Bandoo*"
    No folders found.

    Searching for "*Searchnu*"
    No folders found.

    Searching for "*Searchqu*"
    No folders found.

    Searching for "*iLivid*"
    No folders found.

    Searching for "*whitesmoke*"
    No folders found.

    Searching for "*datamngr*"
    No folders found.

    Searching for "*trolltech*"
    No folders found.

    ========== Regfind ==========

    Searching for "Fun4IM"
    No data found.

    Searching for "Bandoo"
    No data found.

    Searching for "Searchnu"
    [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
    "C:\Users\Primary\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/421,"="12"
    [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU]
    "Item 3"="[F00000000][T01CDB534202DED20]*C:\Users\Primary\Favorites\Desktop prime\process to remove searchnu.com.docx"
    [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU]
    "Item 6"="[F00000000][T01CDB454B77F05A0]*C:\Users\Primary\Favorites\Desktop prime\1process to remove searchnu.com.docx"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
    "C:\Users\Primary\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/421,"="12"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\Office\12.0\Word\File MRU]
    "Item 3"="[F00000000][T01CDB534202DED20]*C:\Users\Primary\Favorites\Desktop prime\process to remove searchnu.com.docx"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\Office\12.0\Word\File MRU]
    "Item 6"="[F00000000][T01CDB454B77F05A0]*C:\Users\Primary\Favorites\Desktop prime\1process to remove searchnu.com.docx"

    Searching for "Searchqu"
    [HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
    "C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEARCHQU.EXE"="10/23/2012 6:33 PM"
    [HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="10/23/2012 6:41 PM"
    [HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"="10/23/2012 6:34 PM"
    [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="21"
    [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"="255"
    [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"="255"
    [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
    "cmd.exe /c RD /S /Q C:\Program Files (x86)\Searchqu Toolbar"="22"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=6434908431664136&qu={searchTerms}&ft=json"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=6434908431664136&qu={searchTerms}&ft=json"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB]
    "Folder"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\SRToolBar"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
    "C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEARCHQU.EXE"="10/23/2012 6:33 PM"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="10/23/2012 6:41 PM"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\IEHelper]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"="10/23/2012 6:34 PM"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="21"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"="255"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"="255"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
    "cmd.exe /c RD /S /Q C:\Program Files (x86)\Searchqu Toolbar"="22"

    Searching for "iLivid"
    No data found.

    Searching for "whitesmoke"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
    "E9EFB8E6C50FF4F4BA4ABF289FFAF289"="C:\Program Files (x86)\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm"

    Searching for "datamngr"
    [HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
    "C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEARCHQU.EXE"="10/23/2012 6:33 PM"
    [HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="10/23/2012 6:41 PM"
    [HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"="10/23/2012 6:34 PM"
    [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="21"
    [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"="255"
    [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"="255"
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
    "AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB]
    "Folder"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\SRToolBar"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
    "C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEARCHQU.EXE"="10/23/2012 6:33 PM"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="10/23/2012 6:41 PM"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\IEHelper]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"="10/23/2012 6:34 PM"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"="21"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"="255"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
    "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"="255"

    Searching for "kelkoopartners"
    No data found.

    Searching for "trolltech"
    [HKEY_CURRENT_USER\Software\Trolltech]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech]
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

    -= EOF =-
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,628
    msavoy,
    -----------------------------------------------------------
    Disable WinPatrol
    - Right Click the 'Scotty Dog' icon in the system tray
    - Click Options
    - At the bottom of the options page, Uncheck Automatically Run WinPatrol When Computer Starts
    -Click the X to end program.
    - Right Click the 'Scotty Dog' icon in the system tray again
    - Click Exit Program
    WinPatrol is now disabled and will not start at bootup.
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :Reg
      [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
      "C:\Users\Primary\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/421,"=-
      [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU]
      "Item 3"=-
      [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU]
      "Item 6"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
      "C:\Users\Primary\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/421,"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\Office\12.0\Word\File MRU]
      "Item 3"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\Office\12.0\Word\File MRU]
      "Item 6"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
      "C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
      "cmd.exe /c RD /S /Q C:\Program Files (x86)\Searchqu Toolbar"=-
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB]
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
      "C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"="10/23/2012 6:33 PM"
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\IEHelper]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
      "cmd.exe /c RD /S /Q C:\Program Files (x86)\Searchqu Toolbar"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
      "E9EFB8E6C50FF4F4BA4ABF289FFAF289"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
      "C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"=-
      [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"=-
      [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB]
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
      "C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\IEHelper]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll"=-
      [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run]
      "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll"=-
      [-HKEY_CURRENT_USER\Software\Trolltech]
      [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
      [-HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech]
      
      :Files
      C:\Users\Primary\AppData\Roaming\Microsoft\Office\Recent\process to remove searchnu.com.docx.LNK
      C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\1process to remove searchnu.com.docx.lnk
      C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\process to remove searchnu.com.docx.lnk
      C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\searchnu imposter.txt.lnk
      C:\Users\Primary\Favorites\Desktop prime\searchnu imposter.txt
      ipconfig /flushdns /c
      
      :Commands
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ---------------------------------------------
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it. OK the User Account Control.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchnu
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
      
      
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The results log can also be found on your Desktop, entitled SystemLook.txt

    So we are looking for the Fix log from OTL, and the new SystemLook.txt log.
    Let me know how it goes.
    askey127
     
  7. msavoy

    msavoy Thread Starter

    Joined:
    Oct 26, 2012
    Messages:
    19
    askey127,
    Winpatrol without computer start
    Custom Fix OTL

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Users\Primary\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/421, deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU\\Item 3 deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU\\Item 6 deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Users\Primary\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchnu.com/421, not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\Office\12.0\Word\File MRU\\Item 3 not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\Office\12.0\Word\File MRU\\Item 6 not found.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks\\C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE not found.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\cmd.exe /c RD /S /Q C:\Program Files (x86)\Searchqu Toolbar deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB\ deleted successfully.
    HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks\\"C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE"|"10/23/2012 6:33 PM" /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\IEHelper\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\cmd.exe /c RD /S /Q C:\Program Files (x86)\Searchqu Toolbar not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1 not found.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks\\C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll not found.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll not found.
    Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchquSRTB\ not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks\\C:\Users\Primary\AppData\Local\Temp\nsxAC.tmp\nsnE73.tmp\SETUPDATAMNGR_SEA RCHQU.EXE not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\ActiveTasks\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\Detected\IEHelper\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll not found.
    Registry value HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\BillP Studios\WinPatrol\Run\\C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll not found.
    Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
    Registry key HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech\ not found.
    ========== FILES ==========
    C:\Users\Primary\AppData\Roaming\Microsoft\Office\Recent\process to remove searchnu.com.docx.LNK moved successfully.
    C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\1process to remove searchnu.com.docx.lnk moved successfully.
    C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\process to remove searchnu.com.docx.lnk moved successfully.
    C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\searchnu imposter.txt.lnk moved successfully.
    C:\Users\Primary\Favorites\Desktop prime\searchnu imposter.txt moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Primary\Favorites\Desktop prime\cmd.bat deleted successfully.
    C:\Users\Primary\Favorites\Desktop prime\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Primary
    ->Temp folder emptied: 545817 bytes
    ->Temporary Internet Files folder emptied: 33918 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 8059747 bytes
    ->Flash cache emptied: 492 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 11152 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 8.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10282012_201304

    Files\Folders moved on Reboot...
    C:\Users\Primary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Primary\AppData\Local\Mozilla\Firefox\Profiles\startupCache\startupCache.4.little moved successfully.
    C:\Users\Primary\AppData\Local\Mozilla\Firefox\Profiles\Cache\_CACHE_001_ moved successfully.
    C:\Users\Primary\AppData\Local\Mozilla\Firefox\Profiles\Cache\_CACHE_002_ moved successfully.
    C:\Users\Primary\AppData\Local\Mozilla\Firefox\Profiles\Cache\_CACHE_003_ moved successfully.
    C:\Users\Primary\AppData\Local\Mozilla\Firefox\Profiles\Cache\_CACHE_MAP_ moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    SystemLook 30.07.11 by jpshortstuff
    Log created at 20:32 on 28/10/2012 by Primary
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Fun4IM*"
    No files found.

    Searching for "*Bandoo*"
    No files found.

    Searching for "*Searchnu*"
    C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\SystemFiles\Kernel\SystemResources\Windows\Algebra\SearchNumberTheory.mx --a---- 103132 bytes [03:16 21/07/2012] [00:40 04/10/2011] 89EBEEF5D86A5DE0A82E0804DFC37197
    C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsoft\Office\Recent\process to remove searchnu.com.docx.LNK --a---- 1298 bytes [17:46 28/10/2012] [17:46 28/10/2012] 21964AF55F51966372DDF3C9637EF0C5
    C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\1process to remove searchnu.com.docx.lnk --a---- 765 bytes [15:07 27/10/2012] [15:07 27/10/2012] 5FFBB0CDFDDF88D679FD03A5D0F3F9D5
    C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\process to remove searchnu.com.docx.lnk --a---- 760 bytes [15:02 27/10/2012] [17:46 28/10/2012] A2144B20DAA3FB892873EDD3B363F319
    C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\searchnu imposter.txt.lnk --a---- 698 bytes [04:33 27/10/2012] [04:33 27/10/2012] 7B5599BAA65B105111B534372EF224A0
    C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\Favorites\Desktop prime\searchnu imposter.txt --a---- 47 bytes [04:33 27/10/2012] [04:33 27/10/2012] FB1F05083F832BA7D47CC06C6E6B0D9B

    Searching for "*Searchqu*"
    No files found.

    Searching for "*iLivid*"
    No files found.

    Searching for "*whitesmoke*"
    No files found.

    Searching for "*datamngr*"
    No files found.

    Searching for "*trolltech*"
    No files found.

    ========== folderfind ==========

    Searching for "*Fun4IM*"
    No folders found.

    Searching for "*Bandoo*"
    No folders found.

    Searching for "*Searchnu*"
    No folders found.

    Searching for "*Searchqu*"
    No folders found.

    Searching for "*iLivid*"
    No folders found.

    Searching for "*whitesmoke*"
    No folders found.

    Searching for "*datamngr*"
    No folders found.

    Searching for "*trolltech*"
    No folders found.

    ========== Regfind ==========

    Searching for "Fun4IM"
    No data found.

    Searching for "Bandoo"
    No data found.

    Searching for "Searchnu"
    No data found.

    Searching for "Searchqu"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=6434908431664136&qu={searchTerms}&ft=json"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"

    Searching for "iLivid"
    No data found.

    Searching for "whitesmoke"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
    "E9EFB8E6C50FF4F4BA4ABF289FFAF289"="C:\Program Files (x86)\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm"

    Searching for "datamngr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]

    Searching for "kelkoopartners"
    No data found.

    Searching for "trolltech"
    [HKEY_CURRENT_USER\Software\Trolltech]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech]
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

    -= EOF =-
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,628
    msavoy,
    Much better - we are getting there.
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :Reg
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
      "E9EFB8E6C50FF4F4BA4ABF289FFAF289"=-
      [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
      [-HKEY_CURRENT_USER\Software\Trolltech]
      [-HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech]
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt on your desktop, in your next reply.

    ---------------------------------------------
    Run a SystemLook Scan Again
    • Double-click SystemLook.exe to run it. OK the User Account Control.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchnu
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
      
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The results log can also be found on your Desktop, entitled SystemLook.txt

    So we are looking for the two logs from OTL, and the new SystemLook log.
    Let me know how it goes.
    askey127
     
  9. msavoy

    msavoy Thread Starter

    Joined:
    Oct 26, 2012
    Messages:
    19
    [FONT=&quot]I screwed up a bit. I enabled Winpatrol temporarily forgot to disable it as you directed, did the OTL run but when it rebooted I remembered that winpatrol should have been disabled and performed a second OTL scan where most of the responses were "error" so i did a third scan with winpatrol disabled, the results of which are here below. Hope i didn't mess things up too badly.[/FONT]

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1 not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
    Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Primary\Favorites\Desktop prime\searchnu tools\cmd.bat deleted successfully.
    C:\Users\Primary\Favorites\Desktop prime\searchnu tools\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Primary
    ->Temp folder emptied: 542974 bytes
    ->Temporary Internet Files folder emptied: 61999 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 8580099 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 20322 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 9.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10292012_220343

    Files\Folders moved on Reboot...
    C:\Users\Primary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1 not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
    Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Primary\Favorites\Desktop prime\searchnu tools\cmd.bat deleted successfully.
    C:\Users\Primary\Favorites\Desktop prime\searchnu tools\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Primary
    ->Temp folder emptied: 542974 bytes
    ->Temporary Internet Files folder emptied: 61999 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 8580099 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 20322 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 9.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10292012_220343

    Files\Folders moved on Reboot...
    C:\Users\Primary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  10. msavoy

    msavoy Thread Starter

    Joined:
    Oct 26, 2012
    Messages:
    19
    OTL logfile created on: 10/29/2012 10:50:48 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Primary\Favorites\Desktop prime\searchnu tools
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.62% Memory free
    8.00 Gb Paging File | 6.34 Gb Available in Paging File | 79.30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 698.54 Gb Total Space | 214.50 Gb Free Space | 30.71% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 335.70 Gb Free Space | 72.08% Space Free | Partition Type: NTFS
    Drive L: | 1862.98 Gb Total Space | 1228.84 Gb Free Space | 65.96% Space Free | Partition Type: NTFS

    Computer Name: MIKE-PC | User Name: Primary | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/28 16:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe
    PRC - [2012/10/20 22:14:34 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    PRC - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    PRC - [2012/06/14 10:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    PRC - [2012/06/14 10:57:20 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    PRC - [2011/06/30 14:48:46 | 000,395,152 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    PRC - [2011/06/30 14:47:14 | 002,638,152 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    PRC - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
    PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/20 22:13:50 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
    MOD - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    MOD - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
    MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/11/10 03:11:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/10/20 22:14:33 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/09 22:42:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
    SRV - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
    SRV - [2012/06/14 10:57:20 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
    SRV - [2012/03/08 02:50:22 | 000,115,520 | ---- | M] (Cloud Engines) [Auto | Running] -- C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe -- (DokanCEMounter)
    SRV - [2011/06/30 14:50:10 | 001,191,408 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
    SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/15 23:48:53 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2012/10/15 23:48:31 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
    DRV:64bit: - [2012/10/15 23:48:27 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
    DRV:64bit: - [2012/10/15 23:48:20 | 000,275,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2012/10/12 16:35:26 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/10/09 20:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/09/22 17:45:22 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/10 03:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/11/10 02:12:46 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2012/03/08 02:50:22 | 000,066,880 | ---- | M] (Cloud Engines) [File_System | Auto | Running] -- C:\Program Files (x86)\PogoplugBackup\dokance.sys -- (DokanCEDriver)
    DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=nv...BzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1971203690
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=6434908431664136&q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1971203690
    IE - HKLM\..\SearchScopes\{2ACC9101-D1A6-0CE1-84C5-022FD22F899F}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
    IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227980
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=7981&bi=400
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 C4 EA 89 84 50 CD 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=7981&bi=400
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {b97ed18c-1a8a-4acc-884f-b4fe7415adf2} - No CLSID value found
    IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes,DefaultScope = {2F5B3A35-D8AD-439C-B006-5F52D9734059}
    IE - HKCU\..\SearchScopes\{2F5B3A35-D8AD-439C-B006-5F52D9734059}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{7468ABCE-9808-46BD-99A7-4BA3A0514603}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979"
    FF - prefs.js..keyword.URL: "Google"
    FF - prefs.js..browser.search.selectedEngine: "Funmoods"
    FF - prefs.js..browser.search.defaultenginename: "Funmoods"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
    FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Primary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Primary\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Primary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Primary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Primary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/20 22:14:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/13 22:42:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/13 22:42:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2012/10/23 18:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Extensions
    [2012/10/29 21:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions
    [2012/10/20 15:34:08 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    [2012/10/20 15:34:00 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
    [2012/10/20 15:34:01 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    [2012/10/29 02:25:07 | 000,000,000 | ---D | M] (BlockSite Plus) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{6d43fee4-72e7-4290-b75a-b898e4f4676d}
    [2012/10/20 13:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\y8w4ggb9.default\extensions
    [2012/10/25 21:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\y8w4ggb9.default\extensions\staged
    [2012/10/20 15:33:58 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,020,387 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,018,310 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/26 18:14:17 | 000,052,154 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,128,599 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/21 20:05:02 | 000,154,926 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 14:46:39 | 000,013,094 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,013,168 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,108,792 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,030,669 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,139,801 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,258,434 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/29 18:47:36 | 000,001,469 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,079,135 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
    [2012/10/20 15:34:00 | 000,018,589 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi
    [2012/10/20 15:34:00 | 000,077,698 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{1feca320-6b4d-11df-a08a-0800200c9a66}.xpi
    [2012/10/20 14:47:39 | 000,318,456 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
    [2012/10/25 13:56:13 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
    [2012/10/25 20:22:08 | 000,013,331 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}.xpi
    [2012/10/25 19:59:28 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
    [2012/10/20 15:34:01 | 000,372,140 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
    [2012/10/20 15:34:01 | 000,017,971 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi
    [2012/10/20 15:34:01 | 000,061,700 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
    [2012/10/20 15:27:29 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/10/20 15:34:01 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
    [2012/10/20 15:34:01 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2012/10/20 15:34:01 | 000,038,787 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{d93e6838-8272-4382-a0fb-36a56db176c5}.xpi
    [2012/10/20 15:34:01 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
    [2012/10/29 02:22:14 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
    [2012/10/20 15:34:01 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    [2012/10/20 15:34:01 | 000,004,139 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}.xpi
    [2012/10/20 15:34:01 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
    [2012/10/21 20:05:02 | 001,556,566 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
    [2012/10/27 01:01:39 | 000,057,702 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi
    [2012/10/20 13:21:40 | 000,000,775 | ---- | M] () -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\y8w4ggb9.default\searchplugins\Funmoods.xml
    [2012/10/23 18:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/20 22:14:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/23 18:41:02 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
    [2012/10/20 22:13:49 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/10/02 21:36:14 | 000,001,115 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.ambit.com
    O1 - Hosts: 127.0.0.1 search.babylon.com/?affID=14335&tt=3512_6&babsrc=HP_ss&mntrId=d8f66ed90000000000000023542e3e23
    O1 - Hosts: 127.0.0.1 www.comodo.com/secure-dns/*/
    O1 - Hosts: 127.0.0.1 www.comodo.com/*/*/*/*/
    O1 - Hosts: 127.0.0.1 www.comodo.com/.../internet-security/free-internet-security/*/
    O1 - Hosts: 127.0.0.1
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
    O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
    O4 - HKLM..\Run: [STARTPAGE] C:\NOSPY.ORG\start1.exe File not found
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
    O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
    O4 - HKCU..\Run: [SkyDrive] C:\Users\Primary\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: NameServer = 208.67.222.222,208.67.220.220
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{2d667252-cbb1-11e1-b8e4-0023542e3e23}\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/29 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Firefox
    [2012/10/29 00:49:47 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\final reagan
    [2012/10/29 00:48:17 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\searchnu tools
    [2012/10/28 16:41:11 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/10/28 15:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/10/28 15:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/10/28 13:38:32 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\rkill
    [2012/10/28 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\ProcessMonitor
    [2012/10/28 13:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Softland
    [2012/10/28 13:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2012/10/28 13:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBackup 4
    [2012/10/28 13:11:03 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Softland
    [2012/10/28 13:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softland
    [2012/10/28 13:07:14 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\NeoSmart_Technologies
    [2012/10/28 13:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
    [2012/10/28 13:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
    [2012/10/27 05:06:23 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\photos
    [2012/10/27 01:23:28 | 009,330,176 | ---- | C] (Irfan Skiljan) -- C:\Users\Primary\Favorites\Desktop prime\irfanview_plugins_433_setup.exe
    [2012/10/26 23:48:36 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Spyware
    [2012/10/26 12:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/10/25 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
    [2012/10/24 11:15:27 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\NeroVision
    [2012/10/24 10:39:46 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\main
    [2012/10/23 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
    [2012/10/23 18:33:14 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
    [2012/10/23 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\FreeBurner
    [2012/10/23 18:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2012/10/23 17:54:20 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\neo burn
    [2012/10/22 19:07:56 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Nero
    [2012/10/22 18:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
    [2012/10/22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
    [2012/10/22 18:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
    [2012/10/22 18:53:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
    [2012/10/22 18:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
    [2012/10/22 18:26:32 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{4DB50C1E-93CF-43C6-8D5C-125DF30B8374}
    [2012/10/22 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\BM
    [2012/10/22 16:35:53 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\RRCA
    [2012/10/20 22:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/20 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\raw-hdr
    [2012/10/19 18:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
    [2012/10/18 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Primary\.gimp-2.8
    [2012/10/17 19:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    [2012/10/17 19:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
    [2012/10/17 13:09:26 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain
    [2012/10/17 12:53:33 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Bit Torrent Transferred
    [2012/10/17 12:38:21 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Extra Step
    [2012/10/17 12:22:12 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Hacks
    [2012/10/17 12:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google Hacks
    [2012/10/16 22:01:48 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\My Documents
    [2012/10/16 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\New ISOs
    [2012/10/16 19:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/10/16 13:52:52 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Beatles Search
    [2012/10/16 13:35:21 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\mp3 1
    [2012/10/15 23:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
    [2012/10/15 23:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
    [2012/10/15 23:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Seagate
    [2012/10/15 23:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
    [2012/10/15 23:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
    [2012/10/15 23:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/10/14 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Step Folder 2
    [2012/10/14 07:13:00 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\GoforFiles
    [2012/10/14 07:01:22 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Audacity
    [2012/10/14 06:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
    [2012/10/14 06:28:24 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
    [2012/10/13 23:21:23 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\undeletable
    [2012/10/13 01:30:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
    [2012/10/13 01:26:52 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\Western_Digital
    [2012/10/12 21:51:01 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
    [2012/10/11 05:02:57 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{68BC8EE9-C571-40EC-BC49-679770AD920A}
    [2012/10/10 01:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
    [2012/10/09 20:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirefoxPreloader
    [2012/10/08 07:27:59 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{04F45F3E-68C5-467F-9CC6-77FBAEEDE8CF}
    [2012/10/07 18:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
    [2012/10/06 20:36:10 | 000,000,000 | ---D | C] -- C:\Wow Gospel - CD 1
    [2012/10/05 14:57:40 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{87C8B400-0B14-4529-837D-8E3B67D60B52}
    [2012/10/04 23:48:54 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{C073A1FD-46E4-482D-B718-4D9A84808FF0}
    [2012/10/04 18:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
    [2012/10/03 15:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/10/01 13:09:23 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2012/10/01 03:34:31 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{07EB5B35-93B9-4B58-BF46-E614B919C961}
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ]
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/29 22:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/29 22:18:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/29 22:14:54 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/29 22:14:54 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/29 22:07:44 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/29 22:07:44 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2012/10/29 22:07:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/29 22:06:56 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/29 22:01:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2310302133-1125941473-504086252-1002UA.job
    [2012/10/29 21:14:12 | 000,001,028 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Continue Best Codec Pack installation.lnk
    [2012/10/29 20:50:20 | 000,152,392 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Word 2010 Return.png
    [2012/10/29 19:01:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2310302133-1125941473-504086252-1002Core.job
    [2012/10/29 18:11:01 | 000,419,734 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\1 extensions.png
    [2012/10/29 13:59:56 | 000,466,275 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\googlemap.png
    [2012/10/28 16:25:14 | 000,339,430 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\clean reagan.png1.png
    [2012/10/28 15:42:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/10/28 14:15:46 | 000,900,708 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\flying main.png
    [2012/10/28 14:09:00 | 000,013,685 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\ProcessMonitor.lnk
    [2012/10/28 14:07:11 | 000,001,797 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\ProcessMonitor.lnk
    [2012/10/28 13:11:17 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\FBackup 4.lnk
    [2012/10/28 13:06:58 | 000,024,576 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\EasyBCD Backup (2012-10-28).bcd
    [2012/10/28 13:06:14 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk
    [2012/10/27 14:10:51 | 000,065,576 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\flag Untitled.png
    [2012/10/27 14:10:32 | 000,152,264 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Untitled.pdn
    [2012/10/27 14:05:49 | 000,888,967 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\flying flags.png
    [2012/10/27 04:16:26 | 239,698,070 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\GoFlex_Slim_ProSW.zip
    [2012/10/27 00:04:22 | 000,876,595 | ---- | M] () -- C:\Users\Primary\AppData\Local\census.cache
    [2012/10/27 00:00:43 | 000,127,705 | ---- | M] () -- C:\Users\Primary\AppData\Local\ars.cache
    [2012/10/26 17:25:09 | 000,000,036 | ---- | M] () -- C:\Users\Primary\AppData\Local\housecall.guid.cache
    [2012/10/25 21:42:12 | 000,005,677 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\bm search ms.search-ms
    [2012/10/24 10:57:10 | 000,000,227 | ---- | M] () -- C:\Users\Primary\AppData\Roaming\default.rss
    [2012/10/24 10:56:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2012/10/24 10:49:49 | 000,001,319 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\CDC Label.ncd
    [2012/10/24 01:43:05 | 000,001,661 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Jobs News, Videos, Reviews and Gossip - Lifehacker.htm - Shortcut.lnk
    [2012/10/22 18:56:54 | 000,002,710 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
    [2012/10/22 18:53:59 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
    [2012/10/22 18:38:28 | 000,001,300 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Revo Uninstaller.lnk
    [2012/10/22 18:37:12 | 000,000,526 | ---- | M] () -- C:\Users\Primary\AppData\Roaming\burnaware.ini
    [2012/10/22 10:42:31 | 000,830,650 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/10/22 10:42:31 | 000,687,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/22 10:42:31 | 000,131,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/21 23:16:44 | 000,023,084 | ---- | M] () -- C:\Users\Primary\png.png
    [2012/10/20 22:06:40 | 000,497,064 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Warp_Velocity_by_Mxyzptlk246.jpg
    [2012/10/20 18:51:16 | 000,440,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/10/20 14:44:34 | 000,813,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/20 07:26:01 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/20 04:39:37 | 000,012,792 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\images.jpg
    [2012/10/19 23:41:58 | 000,000,622 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\TakeOwnership.zip
    [2012/10/19 21:06:27 | 003,077,634 | ---- | M] () -- C:\Users\Primary\best supreeem.png
    [2012/10/17 19:59:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/10/17 19:05:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/10/17 19:05:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
    [2012/10/16 15:35:29 | 000,093,394 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\LeviathanWallHanging.gif
    [2012/10/15 23:48:59 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Seagate DiscWizard.lnk
    [2012/10/15 23:34:36 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
    [2012/10/15 23:32:35 | 021,476,536 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\SeaToolsforWindowsSetup-1206.exe
    [2012/10/14 13:28:02 | 000,126,844 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Going_into_warp_by_Balsavor.jpg
    [2012/10/14 07:34:04 | 006,619,729 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\preview.mp3
    [2012/10/14 07:31:31 | 003,727,360 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\60379.mp3
    [2012/10/14 07:22:42 | 004,866,587 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\10 I'd Rather Be Dead.mp3
    [2012/10/14 06:58:55 | 000,001,015 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Audacity.lnk
    [2012/10/14 06:28:24 | 000,001,898 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView Thumbnails.lnk
    [2012/10/14 06:28:24 | 000,001,006 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView.lnk
    [2012/10/14 06:24:30 | 009,330,176 | ---- | M] (Irfan Skiljan) -- C:\Users\Primary\Favorites\Desktop prime\irfanview_plugins_433_setup.exe
    [2012/10/14 06:11:40 | 000,002,842 | ---- | M] () -- C:\Users\Primary\AppData\Local\recently-used.xbel
    [2012/10/14 01:59:54 | 000,001,074 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Glary Utilities.lnk
    [2012/10/13 22:35:43 | 000,000,448 | ---- | M] () -- C:\OS (C) - Shortcut.lnk
    [2012/10/11 04:04:24 | 000,003,478 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\25 The Name's Bond... James Bond.m4a - Shortcut.lnk
    [2012/10/10 01:28:47 | 000,001,411 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Internet Explorer (64-bit).lnk
    [2012/10/10 01:24:52 | 000,225,336 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\OpenDNS-Updater-2.2.1.exe
    [2012/10/09 22:43:17 | 000,001,304 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Notepad.lnk
    [2012/10/04 23:23:03 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
    [2012/10/04 23:18:20 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
    [2012/10/04 22:54:28 | 000,000,151 | ---- | M] () -- C:\Windows\PhotoSnapViewer.INI
    [2012/10/03 15:57:05 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/10/02 21:36:14 | 000,001,115 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ]
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/29 20:50:15 | 000,152,392 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Word 2010 Return.png
    [2012/10/29 18:11:00 | 000,419,734 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\1 extensions.png
    [2012/10/29 13:59:55 | 000,466,275 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\googlemap.png
    [2012/10/28 16:25:13 | 000,339,430 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\clean reagan.png1.png
    [2012/10/28 15:41:57 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/10/28 14:12:50 | 000,900,708 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\flying main.png
    [2012/10/28 14:09:00 | 000,013,685 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\ProcessMonitor.lnk
    [2012/10/28 14:07:11 | 000,001,797 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\ProcessMonitor.lnk
    [2012/10/28 13:11:17 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\FBackup 4.lnk
    [2012/10/28 13:06:57 | 000,024,576 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\EasyBCD Backup (2012-10-28).bcd
    [2012/10/28 13:05:40 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk
    [2012/10/27 14:10:47 | 000,065,576 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\flag Untitled.png
    [2012/10/27 14:10:31 | 000,152,264 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Untitled.pdn
    [2012/10/27 14:05:44 | 000,888,967 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\flying flags.png
    [2012/10/27 04:38:42 | 002,828,466 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\ubble.png
    [2012/10/27 00:04:22 | 000,876,595 | ---- | C] () -- C:\Users\Primary\AppData\Local\census.cache
    [2012/10/27 00:00:43 | 000,127,705 | ---- | C] () -- C:\Users\Primary\AppData\Local\ars.cache
    [2012/10/26 17:25:09 | 000,000,036 | ---- | C] () -- C:\Users\Primary\AppData\Local\housecall.guid.cache
    [2012/10/25 21:42:12 | 000,005,677 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\bm search ms.search-ms
    [2012/10/24 10:49:49 | 000,001,319 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\CDC Label.ncd
    [2012/10/22 21:03:24 | 000,001,028 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Continue Best Codec Pack installation.lnk
    [2012/10/22 19:16:03 | 000,000,227 | ---- | C] () -- C:\Users\Primary\AppData\Roaming\default.rss
    [2012/10/22 19:11:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2012/10/22 18:56:54 | 000,002,710 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
    [2012/10/22 18:53:59 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
    [2012/10/22 18:38:28 | 000,001,300 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Revo Uninstaller.lnk
    [2012/10/21 23:16:39 | 000,023,084 | ---- | C] () -- C:\Users\Primary\png.png
    [2012/10/20 04:39:35 | 000,012,792 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\images.jpg
    [2012/10/19 23:41:56 | 000,000,622 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\TakeOwnership.zip
    [2012/10/19 21:06:21 | 003,077,634 | ---- | C] () -- C:\Users\Primary\best supreeem.png
    [2012/10/18 03:24:05 | 000,001,661 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Jobs News, Videos, Reviews and Gossip - Lifehacker.htm - Shortcut.lnk
    [2012/10/18 03:13:27 | 000,003,478 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\25 The Name's Bond... James Bond.m4a - Shortcut.lnk
    [2012/10/17 19:59:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/10/17 19:05:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/10/17 19:05:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
    [2012/10/17 19:05:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/10/16 15:35:27 | 000,093,394 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\LeviathanWallHanging.gif
    [2012/10/16 00:01:05 | 239,698,070 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\GoFlex_Slim_ProSW.zip
    [2012/10/15 23:48:59 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Seagate DiscWizard.lnk
    [2012/10/15 23:34:36 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
    [2012/10/15 23:32:27 | 021,476,536 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\SeaToolsforWindowsSetup-1206.exe
    [2012/10/14 07:33:43 | 006,619,729 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\preview.mp3
    [2012/10/14 07:29:54 | 003,727,360 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\60379.mp3
    [2012/10/14 07:21:12 | 004,866,587 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\10 I'd Rather Be Dead.mp3
    [2012/10/14 06:58:55 | 000,001,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    [2012/10/14 06:58:55 | 000,001,015 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Audacity.lnk
    [2012/10/14 06:28:24 | 000,001,898 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView Thumbnails.lnk
    [2012/10/14 06:28:24 | 000,001,006 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView.lnk
    [2012/10/14 06:11:40 | 000,002,842 | ---- | C] () -- C:\Users\Primary\AppData\Local\recently-used.xbel
    [2012/10/14 01:59:54 | 000,001,074 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Glary Utilities.lnk
    [2012/10/14 01:59:54 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
    [2012/10/13 22:35:43 | 000,000,448 | ---- | C] () -- C:\OS (C) - Shortcut.lnk
    [2012/10/13 22:33:51 | 000,000,526 | ---- | C] () -- C:\Users\Primary\AppData\Roaming\burnaware.ini
    [2012/10/10 01:28:47 | 000,001,411 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Internet Explorer (64-bit).lnk
    [2012/10/10 01:25:06 | 000,002,022 | ---- | C] () -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
    [2012/10/10 01:24:47 | 000,225,336 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\OpenDNS-Updater-2.2.1.exe
    [2012/10/09 22:43:17 | 000,001,304 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Notepad.lnk
    [2012/10/05 23:44:13 | 000,459,873 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\926 12.html
    [2012/10/05 15:36:05 | 000,497,064 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Warp_Velocity_by_Mxyzptlk246.jpg
    [2012/10/05 15:33:29 | 000,126,844 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Going_into_warp_by_Balsavor.jpg
    [2012/10/04 23:18:20 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
    [2012/10/04 18:08:33 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
    [2012/10/03 15:57:05 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/10/03 15:57:04 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/09/23 03:32:39 | 000,830,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/09/19 14:49:02 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
    [2012/09/04 13:29:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/08/18 20:36:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2012/05/24 13:31:21 | 000,031,786 | ---- | C] () -- C:\Users\Primary\AppData\Local\Saturn-5-6-121-580x580.jpg
    [2012/03/02 16:34:34 | 002,345,378 | ---- | C] () -- C:\Windows\Windows 7 Loader.exe
    [2011/11/10 02:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2011/11/10 02:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/07/25 07:02:32 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/07/25 18:10:32 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\100 Greatest Classics Disc 5
    [2012/10/20 03:09:41 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Audacity
    [2012/03/10 16:50:19 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\AVG2012
    [2012/07/21 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Blurity
    [2012/10/07 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\com.earthbrowser.air.E6AAAE80A01B4127788876406C965C3EDE131099.1
    [2012/09/01 20:11:27 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\CrystalSpace
    [2012/10/23 18:41:54 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\FreeBurner
    [2012/10/14 01:59:47 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\GlarySoft
    [2012/05/06 20:39:49 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Gmail Backup
    [2012/10/15 17:44:55 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\GoforFiles
    [2012/10/14 06:28:24 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\IrfanView
    [2012/09/14 23:53:50 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Leadertech
    [2012/07/26 18:45:27 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\LockHunter
    [2012/09/19 05:08:18 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Memeo
    [2012/09/02 09:20:30 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\mjusbsp
    [2012/09/25 02:56:56 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\OpenDNS Updater
    [2012/07/22 06:43:50 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\OutWit
    [2012/06/28 02:26:34 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\ParallelGraphics
    [2012/07/07 06:16:26 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Pictures Videos
    [2012/07/15 16:27:14 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\qBittorrent
    [2012/07/26 18:06:11 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\QuickScan
    [2012/09/02 09:19:05 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\RCP 6
    [2012/09/02 09:20:30 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Skyscraper
    [2012/10/28 13:11:03 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Softland
    [2012/07/26 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Thunderbird
    [2012/07/10 08:14:12 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Windows Live Writer
    [2012/07/10 08:24:53 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\WinPatrol
    [2012/07/12 01:03:00 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\WinZip

    ========== Purity Check ==========



    < End of report >
     
  11. msavoy

    msavoy Thread Starter

    Joined:
    Oct 26, 2012
    Messages:
    19
    [FONT=&quot]I screwed up a bit. I enabled Winpatrol temporarily forgot to disable it as you directed, did the OTL run but when it rebooted I remembered that winpatrol should have been disabled and performed a second OTL scan where most of the responses were "error" so i did a third scan with winpatrol disabled, the results of which are here below. Hope i didn't mess things up too badly.[/FONT]

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B760674538A35F241999134C94EA70A1 not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
    Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Trolltech\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Primary\Favorites\Desktop prime\searchnu tools\cmd.bat deleted successfully.
    C:\Users\Primary\Favorites\Desktop prime\searchnu tools\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mike
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Primary
    ->Temp folder emptied: 542974 bytes
    ->Temporary Internet Files folder emptied: 61999 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 8580099 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 20322 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 9.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10292012_220343

    Files\Folders moved on Reboot...
    C:\Users\Primary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    (y)(y)

    OTL logfile created on: 10/29/2012 10:50:48 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Primary\Favorites\Desktop prime\searchnu tools
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.62% Memory free
    8.00 Gb Paging File | 6.34 Gb Available in Paging File | 79.30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 698.54 Gb Total Space | 214.50 Gb Free Space | 30.71% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 335.70 Gb Free Space | 72.08% Space Free | Partition Type: NTFS
    Drive L: | 1862.98 Gb Total Space | 1228.84 Gb Free Space | 65.96% Space Free | Partition Type: NTFS

    Computer Name: MIKE-PC | User Name: Primary | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/28 16:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe
    PRC - [2012/10/20 22:14:34 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    PRC - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    PRC - [2012/06/14 10:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    PRC - [2012/06/14 10:57:20 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    PRC - [2011/06/30 14:48:46 | 000,395,152 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    PRC - [2011/06/30 14:47:14 | 002,638,152 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    PRC - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
    PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/20 22:13:50 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/07/04 17:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
    MOD - [2010/07/04 15:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
    MOD - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
    MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/11/10 03:11:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/10/20 22:14:33 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/09 22:42:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
    SRV - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
    SRV - [2012/06/14 10:57:20 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
    SRV - [2012/03/08 02:50:22 | 000,115,520 | ---- | M] (Cloud Engines) [Auto | Running] -- C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe -- (DokanCEMounter)
    SRV - [2011/06/30 14:50:10 | 001,191,408 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
    SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/15 23:48:53 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2012/10/15 23:48:31 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
    DRV:64bit: - [2012/10/15 23:48:27 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
    DRV:64bit: - [2012/10/15 23:48:20 | 000,275,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2012/10/12 16:35:26 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/10/09 20:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/09/22 17:45:22 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/10 03:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/11/10 02:12:46 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2012/03/08 02:50:22 | 000,066,880 | ---- | M] (Cloud Engines) [File_System | Auto | Running] -- C:\Program Files (x86)\PogoplugBackup\dokance.sys -- (DokanCEDriver)
    DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=nv...BzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1971203690
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=6434908431664136&q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1971203690
    IE - HKLM\..\SearchScopes\{2ACC9101-D1A6-0CE1-84C5-022FD22F899F}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979
    IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227980
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=7981&bi=400
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 C4 EA 89 84 50 CD 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=7981&bi=400
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {b97ed18c-1a8a-4acc-884f-b4fe7415adf2} - No CLSID value found
    IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes,DefaultScope = {2F5B3A35-D8AD-439C-B006-5F52D9734059}
    IE - HKCU\..\SearchScopes\{2F5B3A35-D8AD-439C-B006-5F52D9734059}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{7468ABCE-9808-46BD-99A7-4BA3A0514603}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtB0EtA0EtBtAyC0E0DzytN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1127200979"
    FF - prefs.js..keyword.URL: "Google"
    FF - prefs.js..browser.search.selectedEngine: "Funmoods"
    FF - prefs.js..browser.search.defaultenginename: "Funmoods"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
    FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Primary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Primary\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Primary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Primary\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Primary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/20 22:14:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/13 22:42:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/13 22:42:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2012/10/23 18:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Extensions
    [2012/10/29 21:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions
    [2012/10/20 15:34:08 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    [2012/10/20 15:34:00 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
    [2012/10/20 15:34:01 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    [2012/10/29 02:25:07 | 000,000,000 | ---D | M] (BlockSite Plus) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\extensions\{6d43fee4-72e7-4290-b75a-b898e4f4676d}
    [2012/10/20 13:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\y8w4ggb9.default\extensions
    [2012/10/25 21:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\Firefox\Profiles\y8w4ggb9.default\extensions\staged
    [2012/10/20 15:33:58 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,020,387 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,018,310 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/26 18:14:17 | 000,052,154 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,128,599 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/21 20:05:02 | 000,154,926 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 14:46:39 | 000,013,094 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,013,168 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,108,792 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,030,669 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,139,801 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,258,434 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/29 18:47:36 | 000,001,469 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
    [2012/10/20 15:34:00 | 000,079,135 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
    [2012/10/20 15:34:00 | 000,018,589 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi
    [2012/10/20 15:34:00 | 000,077,698 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{1feca320-6b4d-11df-a08a-0800200c9a66}.xpi
    [2012/10/20 14:47:39 | 000,318,456 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
    [2012/10/25 13:56:13 | 000,049,303 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
    [2012/10/25 20:22:08 | 000,013,331 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}.xpi
    [2012/10/25 19:59:28 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
    [2012/10/20 15:34:01 | 000,372,140 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
    [2012/10/20 15:34:01 | 000,017,971 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi
    [2012/10/20 15:34:01 | 000,061,700 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
    [2012/10/20 15:27:29 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/10/20 15:34:01 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
    [2012/10/20 15:34:01 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2012/10/20 15:34:01 | 000,038,787 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{d93e6838-8272-4382-a0fb-36a56db176c5}.xpi
    [2012/10/20 15:34:01 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
    [2012/10/29 02:22:14 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
    [2012/10/20 15:34:01 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    [2012/10/20 15:34:01 | 000,004,139 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}.xpi
    [2012/10/20 15:34:01 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
    [2012/10/21 20:05:02 | 001,556,566 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
    [2012/10/27 01:01:39 | 000,057,702 | ---- | M] () (No name found) -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi
    [2012/10/20 13:21:40 | 000,000,775 | ---- | M] () -- C:\Users\Primary\AppData\Roaming\mozilla\firefox\profiles\y8w4ggb9.default\searchplugins\Funmoods.xml
    [2012/10/23 18:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/20 22:14:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/23 18:41:02 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
    [2012/10/20 22:13:49 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/10/02 21:36:14 | 000,001,115 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.ambit.com
    O1 - Hosts: 127.0.0.1 search.babylon.com/?affID=14335&tt=3512_6&babsrc=HP_ss&mntrId=d8f66ed90000000000000023542e3e23
    O1 - Hosts: 127.0.0.1 www.comodo.com/secure-dns/*/
    O1 - Hosts: 127.0.0.1 www.comodo.com/*/*/*/*/
    O1 - Hosts: 127.0.0.1 www.comodo.com/.../internet-security/free-internet-security/*/
    O1 - Hosts: 127.0.0.1
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
    O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
    O4 - HKLM..\Run: [STARTPAGE] C:\NOSPY.ORG\start1.exe File not found
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
    O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
    O4 - HKCU..\Run: [SkyDrive] C:\Users\Primary\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{703EEC82-4BE4-4A8A-9EFE-FB3FDFD9C47E}: NameServer = 208.67.222.222,208.67.220.220
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{2d667252-cbb1-11e1-b8e4-0023542e3e23}\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/29 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Firefox
    [2012/10/29 00:49:47 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\final reagan
    [2012/10/29 00:48:17 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\searchnu tools
    [2012/10/28 16:41:11 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/10/28 15:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/10/28 15:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/10/28 13:38:32 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\rkill
    [2012/10/28 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\ProcessMonitor
    [2012/10/28 13:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Softland
    [2012/10/28 13:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2012/10/28 13:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBackup 4
    [2012/10/28 13:11:03 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Softland
    [2012/10/28 13:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softland
    [2012/10/28 13:07:14 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\NeoSmart_Technologies
    [2012/10/28 13:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
    [2012/10/28 13:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
    [2012/10/27 05:06:23 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\photos
    [2012/10/27 01:23:28 | 009,330,176 | ---- | C] (Irfan Skiljan) -- C:\Users\Primary\Favorites\Desktop prime\irfanview_plugins_433_setup.exe
    [2012/10/26 23:48:36 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Spyware
    [2012/10/26 12:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/10/25 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
    [2012/10/24 11:15:27 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\NeroVision
    [2012/10/24 10:39:46 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\main
    [2012/10/23 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
    [2012/10/23 18:33:14 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
    [2012/10/23 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\FreeBurner
    [2012/10/23 18:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2012/10/23 17:54:20 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\neo burn
    [2012/10/22 19:07:56 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Nero
    [2012/10/22 18:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
    [2012/10/22 18:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
    [2012/10/22 18:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
    [2012/10/22 18:53:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
    [2012/10/22 18:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
    [2012/10/22 18:26:32 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{4DB50C1E-93CF-43C6-8D5C-125DF30B8374}
    [2012/10/22 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\BM
    [2012/10/22 16:35:53 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\RRCA
    [2012/10/20 22:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/20 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\raw-hdr
    [2012/10/19 18:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
    [2012/10/18 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Primary\.gimp-2.8
    [2012/10/17 19:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
    [2012/10/17 19:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
    [2012/10/17 13:09:26 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain
    [2012/10/17 12:53:33 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Bit Torrent Transferred
    [2012/10/17 12:38:21 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Extra Step
    [2012/10/17 12:22:12 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Hacks
    [2012/10/17 12:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google Hacks
    [2012/10/16 22:01:48 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\My Documents
    [2012/10/16 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\New ISOs
    [2012/10/16 19:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/10/16 13:52:52 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Beatles Search
    [2012/10/16 13:35:21 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\mp3 1
    [2012/10/15 23:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
    [2012/10/15 23:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
    [2012/10/15 23:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Seagate
    [2012/10/15 23:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
    [2012/10/15 23:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
    [2012/10/15 23:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/10/14 13:04:41 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\Step Folder 2
    [2012/10/14 07:13:00 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\GoforFiles
    [2012/10/14 07:01:22 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Audacity
    [2012/10/14 06:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
    [2012/10/14 06:28:24 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
    [2012/10/13 23:21:23 | 000,000,000 | ---D | C] -- C:\Users\Primary\Favorites\Desktop prime\undeletable
    [2012/10/13 01:30:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
    [2012/10/13 01:26:52 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\Western_Digital
    [2012/10/12 21:51:01 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
    [2012/10/11 05:02:57 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{68BC8EE9-C571-40EC-BC49-679770AD920A}
    [2012/10/10 01:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
    [2012/10/09 20:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirefoxPreloader
    [2012/10/08 07:27:59 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{04F45F3E-68C5-467F-9CC6-77FBAEEDE8CF}
    [2012/10/07 18:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
    [2012/10/06 20:36:10 | 000,000,000 | ---D | C] -- C:\Wow Gospel - CD 1
    [2012/10/05 14:57:40 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{87C8B400-0B14-4529-837D-8E3B67D60B52}
    [2012/10/04 23:48:54 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{C073A1FD-46E4-482D-B718-4D9A84808FF0}
    [2012/10/04 18:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
    [2012/10/03 15:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/10/01 13:09:23 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2012/10/01 03:34:31 | 000,000,000 | ---D | C] -- C:\Users\Primary\AppData\Local\{07EB5B35-93B9-4B58-BF46-E614B919C961}
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ]
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/29 22:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/29 22:18:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/29 22:14:54 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/29 22:14:54 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/29 22:07:44 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/29 22:07:44 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2012/10/29 22:07:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/29 22:06:56 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/29 22:01:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2310302133-1125941473-504086252-1002UA.job
    [2012/10/29 21:14:12 | 000,001,028 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Continue Best Codec Pack installation.lnk
    [2012/10/29 20:50:20 | 000,152,392 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Word 2010 Return.png
    [2012/10/29 19:01:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2310302133-1125941473-504086252-1002Core.job
    [2012/10/29 18:11:01 | 000,419,734 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\1 extensions.png
    [2012/10/29 13:59:56 | 000,466,275 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\googlemap.png
    [2012/10/28 16:25:14 | 000,339,430 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\clean reagan.png1.png
    [2012/10/28 15:42:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/10/28 14:15:46 | 000,900,708 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\flying main.png
    [2012/10/28 14:09:00 | 000,013,685 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\ProcessMonitor.lnk
    [2012/10/28 14:07:11 | 000,001,797 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\ProcessMonitor.lnk
    [2012/10/28 13:11:17 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\FBackup 4.lnk
    [2012/10/28 13:06:58 | 000,024,576 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\EasyBCD Backup (2012-10-28).bcd
    [2012/10/28 13:06:14 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk
    [2012/10/27 14:10:51 | 000,065,576 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\flag Untitled.png
    [2012/10/27 14:10:32 | 000,152,264 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Untitled.pdn
    [2012/10/27 14:05:49 | 000,888,967 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\flying flags.png
    [2012/10/27 04:16:26 | 239,698,070 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\GoFlex_Slim_ProSW.zip
    [2012/10/27 00:04:22 | 000,876,595 | ---- | M] () -- C:\Users\Primary\AppData\Local\census.cache
    [2012/10/27 00:00:43 | 000,127,705 | ---- | M] () -- C:\Users\Primary\AppData\Local\ars.cache
    [2012/10/26 17:25:09 | 000,000,036 | ---- | M] () -- C:\Users\Primary\AppData\Local\housecall.guid.cache
    [2012/10/25 21:42:12 | 000,005,677 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\bm search ms.search-ms
    [2012/10/24 10:57:10 | 000,000,227 | ---- | M] () -- C:\Users\Primary\AppData\Roaming\default.rss
    [2012/10/24 10:56:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2012/10/24 10:49:49 | 000,001,319 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\CDC Label.ncd
    [2012/10/24 01:43:05 | 000,001,661 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Jobs News, Videos, Reviews and Gossip - Lifehacker.htm - Shortcut.lnk
    [2012/10/22 18:56:54 | 000,002,710 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
    [2012/10/22 18:53:59 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
    [2012/10/22 18:38:28 | 000,001,300 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Revo Uninstaller.lnk
    [2012/10/22 18:37:12 | 000,000,526 | ---- | M] () -- C:\Users\Primary\AppData\Roaming\burnaware.ini
    [2012/10/22 10:42:31 | 000,830,650 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/10/22 10:42:31 | 000,687,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/22 10:42:31 | 000,131,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/21 23:16:44 | 000,023,084 | ---- | M] () -- C:\Users\Primary\png.png
    [2012/10/20 22:06:40 | 000,497,064 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Warp_Velocity_by_Mxyzptlk246.jpg
    [2012/10/20 18:51:16 | 000,440,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/10/20 14:44:34 | 000,813,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/20 07:26:01 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/20 04:39:37 | 000,012,792 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\images.jpg
    [2012/10/19 23:41:58 | 000,000,622 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\TakeOwnership.zip
    [2012/10/19 21:06:27 | 003,077,634 | ---- | M] () -- C:\Users\Primary\best supreeem.png
    [2012/10/17 19:59:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/10/17 19:05:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/10/17 19:05:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
    [2012/10/16 15:35:29 | 000,093,394 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\LeviathanWallHanging.gif
    [2012/10/15 23:48:59 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Seagate DiscWizard.lnk
    [2012/10/15 23:34:36 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
    [2012/10/15 23:32:35 | 021,476,536 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\SeaToolsforWindowsSetup-1206.exe
    [2012/10/14 13:28:02 | 000,126,844 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Going_into_warp_by_Balsavor.jpg
    [2012/10/14 07:34:04 | 006,619,729 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\preview.mp3
    [2012/10/14 07:31:31 | 003,727,360 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\60379.mp3
    [2012/10/14 07:22:42 | 004,866,587 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\10 I'd Rather Be Dead.mp3
    [2012/10/14 06:58:55 | 000,001,015 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Audacity.lnk
    [2012/10/14 06:28:24 | 000,001,898 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView Thumbnails.lnk
    [2012/10/14 06:28:24 | 000,001,006 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView.lnk
    [2012/10/14 06:24:30 | 009,330,176 | ---- | M] (Irfan Skiljan) -- C:\Users\Primary\Favorites\Desktop prime\irfanview_plugins_433_setup.exe
    [2012/10/14 06:11:40 | 000,002,842 | ---- | M] () -- C:\Users\Primary\AppData\Local\recently-used.xbel
    [2012/10/14 01:59:54 | 000,001,074 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Glary Utilities.lnk
    [2012/10/13 22:35:43 | 000,000,448 | ---- | M] () -- C:\OS (C) - Shortcut.lnk
    [2012/10/11 04:04:24 | 000,003,478 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\25 The Name's Bond... James Bond.m4a - Shortcut.lnk
    [2012/10/10 01:28:47 | 000,001,411 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Internet Explorer (64-bit).lnk
    [2012/10/10 01:24:52 | 000,225,336 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\OpenDNS-Updater-2.2.1.exe
    [2012/10/09 22:43:17 | 000,001,304 | ---- | M] () -- C:\Users\Primary\Favorites\Desktop prime\Notepad.lnk
    [2012/10/04 23:23:03 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
    [2012/10/04 23:18:20 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
    [2012/10/04 22:54:28 | 000,000,151 | ---- | M] () -- C:\Windows\PhotoSnapViewer.INI
    [2012/10/03 15:57:05 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/10/02 21:36:14 | 000,001,115 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Program Files (x86)\Common Files\*.tmp files -> C:\Program Files (x86)\Common Files\*.tmp -> ]
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/29 20:50:15 | 000,152,392 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Word 2010 Return.png
    [2012/10/29 18:11:00 | 000,419,734 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\1 extensions.png
    [2012/10/29 13:59:55 | 000,466,275 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\googlemap.png
    [2012/10/28 16:25:13 | 000,339,430 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\clean reagan.png1.png
    [2012/10/28 15:41:57 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/10/28 14:12:50 | 000,900,708 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\flying main.png
    [2012/10/28 14:09:00 | 000,013,685 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\ProcessMonitor.lnk
    [2012/10/28 14:07:11 | 000,001,797 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\ProcessMonitor.lnk
    [2012/10/28 13:11:17 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\FBackup 4.lnk
    [2012/10/28 13:06:57 | 000,024,576 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\EasyBCD Backup (2012-10-28).bcd
    [2012/10/28 13:05:40 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk
    [2012/10/27 14:10:47 | 000,065,576 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\flag Untitled.png
    [2012/10/27 14:10:31 | 000,152,264 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Untitled.pdn
    [2012/10/27 14:05:44 | 000,888,967 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\flying flags.png
    [2012/10/27 04:38:42 | 002,828,466 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\ubble.png
    [2012/10/27 00:04:22 | 000,876,595 | ---- | C] () -- C:\Users\Primary\AppData\Local\census.cache
    [2012/10/27 00:00:43 | 000,127,705 | ---- | C] () -- C:\Users\Primary\AppData\Local\ars.cache
    [2012/10/26 17:25:09 | 000,000,036 | ---- | C] () -- C:\Users\Primary\AppData\Local\housecall.guid.cache
    [2012/10/25 21:42:12 | 000,005,677 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\bm search ms.search-ms
    [2012/10/24 10:49:49 | 000,001,319 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\PrimarytoPain\Documents\CDC Label.ncd
    [2012/10/22 21:03:24 | 000,001,028 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Continue Best Codec Pack installation.lnk
    [2012/10/22 19:16:03 | 000,000,227 | ---- | C] () -- C:\Users\Primary\AppData\Roaming\default.rss
    [2012/10/22 19:11:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2012/10/22 18:56:54 | 000,002,710 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
    [2012/10/22 18:53:59 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
    [2012/10/22 18:38:28 | 000,001,300 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Revo Uninstaller.lnk
    [2012/10/21 23:16:39 | 000,023,084 | ---- | C] () -- C:\Users\Primary\png.png
    [2012/10/20 04:39:35 | 000,012,792 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\images.jpg
    [2012/10/19 23:41:56 | 000,000,622 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\TakeOwnership.zip
    [2012/10/19 21:06:21 | 003,077,634 | ---- | C] () -- C:\Users\Primary\best supreeem.png
    [2012/10/18 03:24:05 | 000,001,661 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Jobs News, Videos, Reviews and Gossip - Lifehacker.htm - Shortcut.lnk
    [2012/10/18 03:13:27 | 000,003,478 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\25 The Name's Bond... James Bond.m4a - Shortcut.lnk
    [2012/10/17 19:59:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
    [2012/10/17 19:05:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2012/10/17 19:05:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
    [2012/10/17 19:05:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/10/16 15:35:27 | 000,093,394 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\LeviathanWallHanging.gif
    [2012/10/16 00:01:05 | 239,698,070 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\GoFlex_Slim_ProSW.zip
    [2012/10/15 23:48:59 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Seagate DiscWizard.lnk
    [2012/10/15 23:34:36 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
    [2012/10/15 23:32:27 | 021,476,536 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\SeaToolsforWindowsSetup-1206.exe
    [2012/10/14 07:33:43 | 006,619,729 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\preview.mp3
    [2012/10/14 07:29:54 | 003,727,360 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\60379.mp3
    [2012/10/14 07:21:12 | 004,866,587 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\10 I'd Rather Be Dead.mp3
    [2012/10/14 06:58:55 | 000,001,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    [2012/10/14 06:58:55 | 000,001,015 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Audacity.lnk
    [2012/10/14 06:28:24 | 000,001,898 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView Thumbnails.lnk
    [2012/10/14 06:28:24 | 000,001,006 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\IrfanView.lnk
    [2012/10/14 06:11:40 | 000,002,842 | ---- | C] () -- C:\Users\Primary\AppData\Local\recently-used.xbel
    [2012/10/14 01:59:54 | 000,001,074 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Glary Utilities.lnk
    [2012/10/14 01:59:54 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
    [2012/10/13 22:35:43 | 000,000,448 | ---- | C] () -- C:\OS (C) - Shortcut.lnk
    [2012/10/13 22:33:51 | 000,000,526 | ---- | C] () -- C:\Users\Primary\AppData\Roaming\burnaware.ini
    [2012/10/10 01:28:47 | 000,001,411 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Internet Explorer (64-bit).lnk
    [2012/10/10 01:25:06 | 000,002,022 | ---- | C] () -- C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
    [2012/10/10 01:24:47 | 000,225,336 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\OpenDNS-Updater-2.2.1.exe
    [2012/10/09 22:43:17 | 000,001,304 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Notepad.lnk
    [2012/10/05 23:44:13 | 000,459,873 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\926 12.html
    [2012/10/05 15:36:05 | 000,497,064 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Warp_Velocity_by_Mxyzptlk246.jpg
    [2012/10/05 15:33:29 | 000,126,844 | ---- | C] () -- C:\Users\Primary\Favorites\Desktop prime\Going_into_warp_by_Balsavor.jpg
    [2012/10/04 23:18:20 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
    [2012/10/04 18:08:33 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
    [2012/10/03 15:57:05 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/10/03 15:57:04 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/09/23 03:32:39 | 000,830,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/09/19 14:49:02 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
    [2012/09/04 13:29:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/08/18 20:36:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2012/05/24 13:31:21 | 000,031,786 | ---- | C] () -- C:\Users\Primary\AppData\Local\Saturn-5-6-121-580x580.jpg
    [2012/03/02 16:34:34 | 002,345,378 | ---- | C] () -- C:\Windows\Windows 7 Loader.exe
    [2011/11/10 02:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2011/11/10 02:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/07/25 07:02:32 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/07/25 18:10:32 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\100 Greatest Classics Disc 5
    [2012/10/20 03:09:41 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Audacity
    [2012/03/10 16:50:19 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\AVG2012
    [2012/07/21 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Blurity
    [2012/10/07 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\com.earthbrowser.air.E6AAAE80A01B4127788876406C965C3EDE131099.1
    [2012/09/01 20:11:27 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\CrystalSpace
    [2012/10/23 18:41:54 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\FreeBurner
    [2012/10/14 01:59:47 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\GlarySoft
    [2012/05/06 20:39:49 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Gmail Backup
    [2012/10/15 17:44:55 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\GoforFiles
    [2012/10/14 06:28:24 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\IrfanView
    [2012/09/14 23:53:50 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Leadertech
    [2012/07/26 18:45:27 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\LockHunter
    [2012/09/19 05:08:18 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Memeo
    [2012/09/02 09:20:30 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\mjusbsp
    [2012/09/25 02:56:56 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\OpenDNS Updater
    [2012/07/22 06:43:50 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\OutWit
    [2012/06/28 02:26:34 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\ParallelGraphics
    [2012/07/07 06:16:26 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Pictures Videos
    [2012/07/15 16:27:14 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\qBittorrent
    [2012/07/26 18:06:11 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\QuickScan
    [2012/09/02 09:19:05 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\RCP 6
    [2012/09/02 09:20:30 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Skyscraper
    [2012/10/28 13:11:03 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Softland
    [2012/07/26 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Thunderbird
    [2012/07/10 08:14:12 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\Windows Live Writer
    [2012/07/10 08:24:53 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\WinPatrol
    [2012/07/12 01:03:00 | 000,000,000 | ---D | M] -- C:\Users\Primary\AppData\Roaming\WinZip

    ========== Purity Check ==========



    < End of report >
     
  12. msavoy

    msavoy Thread Starter

    Joined:
    Oct 26, 2012
    Messages:
    19
    Very Sorry about the double post.
     
  13. msavoy

    msavoy Thread Starter

    Joined:
    Oct 26, 2012
    Messages:
    19
    SystemLook 30.07.11 by jpshortstuff
    Log created at 23:04 on 29/10/2012 by Primary
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Fun4IM*"
    No files found.

    Searching for "*Bandoo*"
    No files found.

    Searching for "*Searchnu*"
    C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\8.0\SystemFiles\Kernel\SystemResources\Windows\Algebra\SearchNumberTheory.mx --a---- 103132 bytes [03:16 21/07/2012] [00:40 04/10/2011] 89EBEEF5D86A5DE0A82E0804DFC37197
    C:\Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\searchnu tools.lnk --a---- 569 bytes [02:59 30/10/2012] [03:04 30/10/2012] 45E87692CD7632D9327D6B359A29525F
    C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsoft\Office\Recent\process to remove searchnu.com.docx.LNK --a---- 1298 bytes [17:46 28/10/2012] [17:46 28/10/2012] 21964AF55F51966372DDF3C9637EF0C5
    C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\1process to remove searchnu.com.docx.lnk --a---- 765 bytes [15:07 27/10/2012] [15:07 27/10/2012] 5FFBB0CDFDDF88D679FD03A5D0F3F9D5
    C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\process to remove searchnu.com.docx.lnk --a---- 760 bytes [15:02 27/10/2012] [17:46 28/10/2012] A2144B20DAA3FB892873EDD3B363F319
    C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\AppData\Roaming\Microsoft\Windows\Recent\searchnu imposter.txt.lnk --a---- 698 bytes [04:33 27/10/2012] [04:33 27/10/2012] 7B5599BAA65B105111B534372EF224A0
    C:\_OTL\MovedFiles\10282012_201304\C_Users\Primary\Favorites\Desktop prime\searchnu imposter.txt --a---- 47 bytes [04:33 27/10/2012] [04:33 27/10/2012] FB1F05083F832BA7D47CC06C6E6B0D9B

    Searching for "*Searchqu*"
    No files found.

    Searching for "*iLivid*"
    No files found.

    Searching for "*whitesmoke*"
    No files found.

    Searching for "*datamngr*"
    No files found.

    Searching for "*trolltech*"
    No files found.

    ========== folderfind ==========

    Searching for "*Fun4IM*"
    No folders found.

    Searching for "*Bandoo*"
    No folders found.

    Searching for "*Searchnu*"
    C:\Users\Primary\Favorites\Desktop prime\searchnu tools d------ [04:48 29/10/2012]

    Searching for "*Searchqu*"
    No folders found.

    Searching for "*iLivid*"
    No folders found.

    Searching for "*whitesmoke*"
    No folders found.

    Searching for "*datamngr*"
    No folders found.

    Searching for "*trolltech*"
    No folders found.

    ========== Regfind ==========

    Searching for "Fun4IM"
    No data found.

    Searching for "Bandoo"
    No data found.

    Searching for "Searchnu"
    [HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\OTL.exe]
    "Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"
    [HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\SystemLook_x64.exe]
    "Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\SystemLook_x64.exe"
    [HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\OTL.exe]
    "Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"
    [HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\SystemLook_x64.exe]
    "Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\SystemLook_x64.exe"
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"="OTL.exe"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\IntelliPoint\AppSpecific\OTL.exe]
    "Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\IntelliPoint\AppSpecific\SystemLook_x64.exe]
    "Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\SystemLook_x64.exe"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\IntelliType Pro\AppSpecific\OTL.exe]
    "Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Microsoft\IntelliType Pro\AppSpecific\SystemLook_x64.exe]
    "Path"="C:\Users\Primary\Favorites\Desktop prime\searchnu tools\SystemLook_x64.exe"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"="OTL.exe"
    [HKEY_USERS\S-1-5-21-2310302133-1125941473-504086252-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Primary\Favorites\Desktop prime\searchnu tools\OTL.exe"="OTL.exe"

    Searching for "Searchqu"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=6434908431664136&qu={searchTerms}&ft=json"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"

    Searching for "iLivid"
    No data found.

    Searching for "whitesmoke"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
    "E9EFB8E6C50FF4F4BA4ABF289FFAF289"="C:\Program Files (x86)\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm"

    Searching for "datamngr"
    [HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]

    Searching for "kelkoopartners"
    No data found.

    Searching for "trolltech"
    No data found.

    -= EOF =-
     
  14. msavoy

    msavoy Thread Starter

    Joined:
    Oct 26, 2012
    Messages:
    19
    I'm going through a terrible time with the malware being stuck in the middle of the worst hurricane, here in New York. I received this OTL Extras filelog that I'm including only because I am not sure whether you need it and want to include it to be sure.

    Thanks Very Much,
    Marc Savoy
     
  15. msavoy

    msavoy Thread Starter

    Joined:
    Oct 26, 2012
    Messages:
    19
    OTL Extras logfile created on: 10/29/2012 10:50:48 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Primary\Favorites\Desktop prime\searchnu tools
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.62% Memory free
    8.00 Gb Paging File | 6.34 Gb Available in Paging File | 79.30% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 698.54 Gb Total Space | 214.50 Gb Free Space | 30.71% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 335.70 Gb Free Space | 72.08% Space Free | Partition Type: NTFS
    Drive L: | 1862.98 Gb Total Space | 1228.84 Gb Free Space | 65.96% Space Free | Partition Type: NTFS

    Computer Name: MIKE-PC | User Name: Primary | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{10F3DC06-0482-41CA-9DB4-92FCBCD5A5AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{112FD5D6-20D4-41A4-805D-D90EF44CAEBA}" = lport=137 | protocol=17 | dir=in | app=system |
    "{15050768-CE92-411F-94ED-B307A6D97AB5}" = lport=10245 | protocol=6 | dir=in | app=system |
    "{19EC0E5E-BCD2-4957-90EC-B5180FB82349}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2188562C-61C3-4477-954F-DEB1A6423916}" = rport=137 | protocol=17 | dir=out | app=system |
    "{34EA7EEB-D107-421A-B3CF-2F8AC2E3D073}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{469493F6-D3BF-4A58-A3AA-BE3830A68A29}" = lport=445 | protocol=6 | dir=in | app=system |
    "{4E808E38-08F5-4BA1-A16C-9DCD58C77F95}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{534044AA-5722-4A7C-BCD3-73A16CF6A4BF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{64854DF5-E88A-40E6-B839-485229C36AD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7168EA80-970B-4D5F-9CB8-260DF4179E29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{79584D59-640B-4D82-AB99-20CAA787FB04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8491E173-1315-420E-971A-F2885A7F64A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8BC77324-3189-4FBE-B9BA-F99C318638D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{95A059CE-1D48-4B95-8426-98A87CBE70B8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{AAEF2C5E-F04F-4B42-9A44-7388E14FFC4F}" = lport=139 | protocol=6 | dir=in | app=system |
    "{AF6A0CB5-6888-4A6E-AFD4-8491E98501E9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{B308B707-C7A0-4597-8DB9-9523CA36B9D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{BED1E6F2-9F4D-4B1E-B345-8B959D3171B1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{C11A791C-9537-456D-A065-1346DFFECD04}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C52241D7-2B93-48B6-A07D-49AF6E613DB6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{CD8530EE-4188-4BA3-A58F-5DB3417C7037}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{DA51DE89-8269-4535-A5D5-345A7FCF0F0F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{E40E7939-713D-43E2-AE46-252AAB4EEEC4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E7921B80-1E4C-4F29-8821-79D27E248338}" = rport=445 | protocol=6 | dir=out | app=system |
    "{EDD34263-5ADA-44EC-934B-03F8505506FC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{F0F2EA7E-6300-4E0F-B4D7-6A5DA3B117B9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{FB03AAE7-755F-415D-834A-97F86872D246}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FD6DC2DE-F2DE-4D85-A3B9-EE205CA6492E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{FFF159E4-0DC2-4683-A869-2BFC207B689D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0AE27781-9B43-4C37-BDB3-EB098274F86A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{10E8EF97-E33B-4921-8E8B-463194C4E9BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{12753043-E14A-4E5E-97E2-721DEDEF4A82}" = protocol=17 | dir=in | app=c:\users\primary\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{1EB245A4-0BB4-4EA7-AB07-930EEF8E9F15}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{1F0AC70B-00D4-4410-8577-12133BA4E6A4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{1F61D2D6-838A-4921-9908-9C46E462B977}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
    "{24488A42-7618-4A80-95CD-744B5FE8D86F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{33C780CC-9879-47CF-BF8E-90BC0D2B2AE7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{36B09205-C2A0-4DC0-AE2F-CEE2029F4ED5}" = dir=in | app=c:\program files\comodo\comodo internet security\fp.exe-h |
    "{3B5E7350-9148-4520-BB22-71AADA9D89C6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{3D843A99-F6D1-4C6B-AAE8-F95C6332A3BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{413D8325-B4FA-49A9-A36E-D9ABFB7143FD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{4FF13998-4138-4469-A6E0-112CE7E2EACC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{5006B89F-6F06-424A-B684-71B83A0F71BC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{5DC225A2-69E5-446D-9D2D-9923EF69ECC1}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "{610B2FF6-E8F8-451B-9734-16CDEAFEE75D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{66C5746E-8F7C-4893-B82F-665164595515}" = dir=in | app=c:\users\primary\appdata\local\microsoft\skydrive\skydrive.exe |
    "{6DE9D917-B6A0-40F8-8215-53C17F81746E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{6F1986A9-E76A-4B7E-A10D-5E3E60A06EBA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{76AF47FF-CD63-4FE2-8F5F-7876AB63BB0E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{8A740C29-F2D2-439B-A156-611CDFD598E9}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "{8ABDDEDE-7073-45E7-87D1-653D95C371D9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
    "{97D220C2-2730-4583-B8F4-614C64FB8E08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{9EA4B18D-9A2B-44A6-B1C9-B88102B4299D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{A310CCC7-B256-4948-A122-D0866A578718}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{A460A07E-453B-430A-81EA-DB16F5B80B0D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{A6E4AA1F-128D-4B97-A492-BEAC4BEF659C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{AC6B9857-AC43-45E0-89AD-E1C999CA8138}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{B455F953-03D6-4937-85A3-A31E1E63A285}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{B4FB2BD3-9319-4626-94A8-054FD808A8C1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{B75B9BA1-C768-493E-A24E-501B14F56DF4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
    "{C4727793-86EE-4CB6-B61F-CFFA63012EC4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{D47A2AE7-3763-4FF0-8AD1-DA0CFC71A875}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{DFB5644A-B52F-44BC-8151-8B97A4F4091C}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
    "{EA811945-EA24-46B1-9E30-C7E0AACBE635}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{ED74CBB2-F653-4773-B811-E8FBCFDBE038}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{F62FC304-DD3C-4409-B190-945C60D7353C}" = protocol=6 | dir=in | app=c:\users\primary\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "TCP Query User{46EAE88C-89FC-4FC1-99C4-8B74DBD1B023}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
    "TCP Query User{87943EDB-C95E-4572-9D80-C08714AD9EAA}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
    "TCP Query User{A4654B36-D27B-4CB5-BED0-D41CBA58A60B}C:\program files (x86)\everything\everything.exe" = protocol=6 | dir=in | app=c:\program files (x86)\everything\everything.exe |
    "TCP Query User{EBDA7AE4-CAED-4C7A-86E6-12D05FB17ACF}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "UDP Query User{55A2CBA7-15B7-445A-8373-DF3A39381375}C:\program files (x86)\everything\everything.exe" = protocol=17 | dir=in | app=c:\program files (x86)\everything\everything.exe |
    "UDP Query User{56007239-061F-4DCF-8159-04623632229C}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
    "UDP Query User{7C86D33B-9190-4A80-9248-02F4F1A31175}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
    "UDP Query User{D4AB03DE-E8F4-493D-A9D8-940A16815991}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{0308919C-E317-4293-8D3C-97EF307BCDBC}" = HP Officejet Pro 8500 A910 Product Improvement Study
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1E95102E-27A4-416F-A9D1-308C9603F14A}" = HP Print View Software
    "{22A51951-1F45-4C8A-B888-306527F9C45F}" = WD SmartWare
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
    "{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
    "{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DEACDFFA-D424-416F-B849-FA282F55B2CE}" = Cortona3D Viewer
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "A-WIN-Extras 8.0.4 2609412_is1" = Mathematica Extras 8.0 (2609412)
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "FileMenu Tools_is1" = FileMenu Tools
    "GIMP-2_is1" = GIMP 2.8.2
    "LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Drivers" = NVIDIA Drivers
    "PogoplugBackup" = Pogoplug Backup
    "Speccy" = Speccy
    "Unlocker" = Unlocker 1.9.1-x64
    "WinRAR archiver" = WinRAR 4.11 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6E8BFE9E-F05C-4F4F-ABA4-FB82F9AF2F98}" = SketchUp Pro 8
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7bb15b26-acef-42c0-9c18-763a2d740655}" = Nero 9 Essentials
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}" = 3DVIA player 5.0.0.20
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{BF55B950-4227-49DF-914B-A8F63D236DB8}" = Amazon Cloud Drive
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
    "{DB01EE59-8EEB-4F28-9F4F-2396BBC96343}" = freeWRL
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
    "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Audacity_is1" = Audacity 2.0.2
    "Control Center for KODAK Webcams" = Control Center for KODAK Webcams
    "EasyBCD" = EasyBCD 2.2
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Everything" = Everything 1.2.1.371
    "FBackup 4_is1" = FBackup 4
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "Glary Utilities_is1" = Glary Utilities 2.49.0.1600
    "gmailbackup" = Gmail Backup
    "HP Marketing Resources" = HP Print View Software
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
    "Mozilla Thunderbird 15.0.1 (x86 en-US)" = Mozilla Thunderbird 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "M-WIN-D 8.0.4 2609533_is1" = Wolfram CDF Player (M-WIN-D 8.0.4 2609533)
    "OpenDNS Updater" = OpenDNS Updater 2.2.1
    "Picasa 3" = Picasa 3
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "Star Trek Online" = Star Trek Online
    "VLC media player" = VLC media player 2.0.1
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "SkyDriveSetup.exe" = Microsoft SkyDrive
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/23/2012 7:04:52 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16450,
    time stamp: 0x503723f6 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x006b5a41 Faulting process id:
    0x6f4 Faulting application start time: 0x01cdb172ab1f74f0 Faulting application path:
    C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
    Report
    Id: 0cd34028-1d66-11e2-94bf-0023542e3e23

    Error - 10/23/2012 7:05:23 PM | Computer Name = Mike-PC | Source = Microsoft Office 12 | ID = 2001
    Description = Rejected Safe Mode action : Microsoft Office Research task pane.

    Error - 10/23/2012 7:18:19 PM | Computer Name = Mike-PC | Source = Microsoft Office 12 | ID = 2001
    Description = Rejected Safe Mode action : Microsoft Office Research task pane.

    Error - 10/23/2012 8:14:42 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
    Description = The program WINWORD.EXE version 12.0.6662.5003 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 14cc Start
    Time: 01cdb17c824cbe48 Termination Time: 40 Application Path: C:\Program Files (x86)\Microsoft
    Office\Office12\WINWORD.EXE Report Id: c949b739-1d6f-11e2-b65a-0023542e3e23

    Error - 10/23/2012 10:47:15 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
    Description = The program MRT.exe version 4.13.6701.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 4ec Start Time:
    01cdb17b9bffaa90 Termination Time: 780 Application Path: C:\Windows\system32\MRT.exe

    Report
    Id:

    Error - 10/24/2012 10:51:05 AM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
    Description = The program NeroExpress.exe version 9.4.44.100 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 5d40 Start
    Time: 01cdb1f68eba63cc Termination Time: 24962 Application Path: C:\Program Files
    (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe Report Id: 2694d6dd-1dea-11e2-b65a-0023542e3e23


    Error - 10/26/2012 12:23:07 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
    Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 16e8 Start
    Time: 01cdb395cba85e74 Termination Time: 10 Application Path: C:\Program Files (x86)\Spybot
    - Search & Destroy\SpybotSD.exe Report Id:

    Error - 10/26/2012 8:07:15 PM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 10/27/2012 5:33:56 AM | Computer Name = Mike-PC | Source = Windows Backup | ID = 4104
    Description =

    Error - 10/28/2012 12:51:20 PM | Computer Name = Mike-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 16.0.1.4666 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: dbc Start
    Time: 01cdb5264367f6e0 Termination Time: 175 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: ae330c21-211f-11e2-a13b-0023542e3e23

    Error - 10/29/2012 1:52:52 AM | Computer Name = Mike-PC | Source = Microsoft Office 12 | ID = 2001
    Description = Rejected Safe Mode action : Microsoft Office Research task pane.

    [ Media Center Events ]
    Error - 7/22/2012 1:02:47 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
    Description = 12:50:00 AM - Failed to retrieve Directory (Error: The operation has
    timed out)

    Error - 7/22/2012 1:47:30 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
    Description = 1:31:49 AM - Failed to retrieve NetTV (Error: The operation has timed
    out)

    Error - 7/22/2012 1:52:47 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
    Description = 1:50:33 AM - Failed to retrieve MCEClientUX (Error: The operation
    has timed out)

    Error - 7/22/2012 2:08:34 AM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
    Description = 2:06:58 AM - Failed to retrieve SportsV2 (Error: The operation has
    timed out)

    Error - 10/25/2012 10:57:26 PM | Computer Name = Mike-PC | Source = MCUpdate | ID = 0
    Description = 10:57:22 PM - Failed to retrieve Directory (Error: The operation has
    timed out)

    [ System Events ]
    Error - 9/2/2012 5:54:55 AM | Computer Name = Mike-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 15.5.0.0 Update Source: %%815 Update Stage:
    %%854 Source Path: Signature Type: %%886 Update Type: %%803 User: NT AUTHORITY\SYSTEM

    Current
    Engine Version: Previous Engine Version: 2.1.8600.0 Error code: 0x80070002 Error
    description: The system cannot find the file specified.

    Error - 9/2/2012 5:54:55 AM | Computer Name = Mike-PC | Source = Microsoft Antimalware | ID = 2003
    Description = %%860 has encountered an error trying to update the engine. New Engine
    Version: Previous Engine Version: 2.1.8600.0 Engine Type: %%886 User: NT AUTHORITY\SYSTEM

    Error
    Code: 0x80070002 Error description: The system cannot find the file specified.

    Error - 9/2/2012 5:55:00 AM | Computer Name = Mike-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.135.323.0 Update Source: %%859 Update Stage:
    %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error
    code: 0x80070643 Error description: Fatal error during installation.

    Error - 9/2/2012 5:55:05 AM | Computer Name = Mike-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%886 Error Code: 0x80070002 Error description: The system cannot find the file specified.
    Reason: %%892

    Error - 9/2/2012 5:55:23 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022
    Description = The Windows Search service hung on starting.

    Error - 9/2/2012 5:55:51 AM | Computer Name = Mike-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138
    (Definition 1.135.323.0).

    Error - 9/2/2012 6:31:28 AM | Computer Name = Mike-PC | Source = Microsoft Antimalware | ID = 2004
    Description = %%860 has encountered an error trying to load signatures and will
    attempt reverting back to a known-good set of signatures. Signatures Attempted: %%825

    Error
    Code: 0x8050a004 Error description: This package does not contain up-to-date definition
    files for this program. For more information, see Help and Support. Signature version:
    1.135.233.0;1.135.233.0 Engine version: 1.1.8601.0

    Error - 9/2/2012 6:41:08 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Presentation Foundation Font Cache 3.0.0.0 service to connect.

    Error - 9/2/2012 6:41:08 AM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7000
    Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
    to start due to the following error: %%1053

    Error - 9/2/2012 6:48:10 AM | Computer Name = Mike-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%886 Error Code: 0x80070002 Error description: The system cannot find the file specified.
    Reason: %%892


    < End of report >
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1074262