Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

searchnu.com/421


  • Please log in to reply

#1
Foutzis

Foutzis

    New Member

  • Member
  • Pip
  • 6 posts
Hello. I have this hijack called ‘searchnu.com/421’ in my computer. I tried ‘Spybot - Search & Destroy’ and ‘Malwarebytes Anti-Malware’. They found other malwares, but nothing about searchnu. So that’s why I came to you for help.

I have AVG antivirus (2012 edition), and there is a message appears sometimes on the bottom right on the screen. It says something about the memory that AVG use.. I don’t really understand. Also AVG found a virus in a exe file of a game. I am pretty sure that this file doesn’t have any virus because it is downloaded from Steam (DOTA 2.exe). Has it any connection with searchnu?I think that i have other malwares in my computer. I really need your help because I heard that searchnu is very bad for the computer. Sorry for my bad English.I have Window 7.

OTL logfile created on: 17/5/2012 10:42:28 μμ - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\user\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

3,49 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 53,79% Memory free
6,98 Gb Paging File | 5,12 Gb Available in Paging File | 73,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,02 Gb Total Space | 622,50 Gb Free Space | 66,86% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/17 22:41:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/05/16 16:56:43 | 000,530,216 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/05/08 04:05:02 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/10/03 00:01:26 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2011/10/02 14:15:02 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/01 00:57:03 | 000,462,576 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\AppUp.exe
PRC - [2011/08/08 17:16:50 | 000,622,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelAppStore\bin\ismagent.exe
PRC - [2011/02/26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/17 18:48:16 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:48:16 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/02 23:18:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
PRC - [2010/06/14 01:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/01/19 05:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\System32\XSrvSetup.exe
PRC - [2009/10/15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/15 15:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/16 16:56:43 | 020,313,384 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/05/16 16:56:43 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/05/16 16:56:43 | 000,895,272 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.DLL
MOD - [2012/05/16 16:56:43 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/05/16 16:56:43 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/05/12 15:50:07 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 15:49:48 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
MOD - [2012/05/12 15:49:43 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/12 15:49:34 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/12 15:49:30 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/12 15:49:27 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/12 15:49:26 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/12 15:49:12 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/05/08 04:05:02 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/04 21:26:09 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011/09/01 00:57:08 | 000,832,752 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\plugin\libpserverplugin.dll
MOD - [2011/09/01 00:57:06 | 005,592,816 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\plugin\libbizlplugin.dll
MOD - [2011/09/01 00:57:03 | 000,462,576 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\AppUp.exe
MOD - [2011/08/08 17:16:48 | 000,195,584 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\libgsoap.dll
MOD - [2011/08/08 17:16:48 | 000,071,168 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\ServiceManagerStarter.dll
MOD - [2011/08/08 17:16:47 | 000,444,416 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\DeviceProfile.dll
MOD - [2011/08/08 17:16:44 | 000,400,384 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\sqlite3.dll
MOD - [2011/08/08 17:16:44 | 000,322,048 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\log4cplus.dll
MOD - [2011/08/08 17:16:44 | 000,015,872 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\featureController.dll
MOD - [2011/08/08 17:16:42 | 000,062,464 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\zlib1.dll
MOD - [2011/04/05 17:46:03 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/11/02 01:53:47 | 008,167,936 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\QtGui4.dll
MOD - [2010/11/02 01:53:46 | 002,281,984 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\QtCore4.dll
MOD - [2010/09/10 17:28:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\imageformats\qico4.dll
MOD - [2010/09/10 17:27:52 | 000,196,608 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\imageformats\qjpeg4.dll
MOD - [2010/09/10 17:20:24 | 010,836,992 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\QtWebKit4.dll
MOD - [2010/09/10 15:07:10 | 001,283,584 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\QtScript4.dll
MOD - [2010/09/10 14:41:54 | 000,266,752 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\phonon4.dll
MOD - [2010/09/10 14:11:38 | 000,911,872 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\QtNetwork4.dll
MOD - [2010/09/10 14:10:02 | 000,339,456 | ---- | M] () -- C:\Program Files\Intel\IntelAppStore\bin\QtXml4.dll
MOD - [2009/07/14 11:09:53 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_el_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/06/27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/16 16:56:43 | 000,530,216 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/08 04:05:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 21:26:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/09/02 23:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/07/28 06:03:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/14 01:05:14 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2010/01/19 05:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\System32\XSrvSetup.exe -- (JMB36X)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\gdrv.sys -- (gdrv)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/01/04 20:43:10 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/11/15 06:50:16 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/12/02 10:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/09/08 15:42:16 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/06/15 01:07:00 | 010,993,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/27 16:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 16:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 16:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 14:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/04/27 12:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2010/03/10 04:48:28 | 000,068,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/01/27 11:58:32 | 000,098,928 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009/12/02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/07/14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/07/14 01:02:49 | 000,052,224 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc21x4vm.sys -- (dc21x4vm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE - HKLM\..\SearchScopes\{0BC409A1-8193-4702-B943-D47667494EAA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://www.searchqu....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://syb.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0BC409A1-8193-4702-B943-D47667494EAA}
IE - HKCU\..\SearchScopes\{03AA54BC-B5A1-426e-83AA-6A3929F7EC76}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0001c6f658592f8
IE - HKCU\..\SearchScopes\{9B171B65-F01A-4095-B432-63C4DFA1825E}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKCU\..\SearchScopes\{9F34F895-ECD0-4464-B78D-28E47C521951}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{B072D19A-D3D3-4162-A4A5-BC89EA046E3C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Searchqu Web Search"
FF - prefs.js..browser.search.order.1: "Searchqu Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/421"
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..keyword.URL: "http://www.searchqu....id=421&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/15 17:58:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/09 18:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\user\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 17:57:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/08 04:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/27 20:50:27 | 000,000,000 | ---D | M]

[2012/05/14 21:34:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012/05/14 22:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions
[2012/02/01 11:51:22 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/05/06 21:03:41 | 000,000,000 | ---D | M] (NeoBux Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{ec66d0dc-ad17-4602-af45-ef595565db02}
[2011/12/08 23:47:36 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\[email protected]
[2012/02/01 11:51:19 | 000,002,520 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v8bu5ez8.default\searchplugins\SearchResults.xml
[2012/05/14 21:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/11/28 08:54:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/15 04:25:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2012/05/08 04:05:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/08 04:05:00 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/08 23:27:30 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/05/08 04:05:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/08 04:05:00 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/26 08:09:18 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicus.xml
[2012/02/01 11:51:19 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/05/08 04:05:00 | 000,001,219 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-el.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: AppUp (Enabled) = C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Facemoods = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Yontoo = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\

O1 HOSTS File: ([2012/05/16 23:08:31 | 000,000,860 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files\Intel\IntelAppStore\bin\ismagent.lnk ()
O4 - HKLM..\Run: [Intel AppUp(SM) center_Nagware] C:\Program Files\Intel\IntelAppStore\bin\AppUp.lnk ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKCU..\Run: [CLIP.EXE] C:\Users\user\AppData\Local\Microsoft Captions Language Interface Pack\CLIP.exe (Microsoft Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A8528AB-ADEA-47F7-BC9D-A6A9177893DE}: DhcpNameServer = 192.168.10.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D82CC622-9128-45A1-8C5B-0466056D82C7}: NameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a0e7c9af-4f03-11e0-b928-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a0e7c9af-4f03-11e0-b928-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{aa64cc0e-36f7-11e1-a5de-1c6f658592f8}\Shell - "" = AutoRun
O33 - MountPoints2\{aa64cc0e-36f7-11e1-a5de-1c6f658592f8}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/17 22:41:48 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/05/17 00:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/17 00:34:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/17 00:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/05/17 00:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/05/17 00:33:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TestApp
[2012/05/16 23:05:10 | 000,101,112 | R--- | C] (GFI Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2012/05/16 23:01:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GetRightToGo
[2012/05/16 17:22:55 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\breaking bad season 3 subs
[2012/05/16 17:18:21 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\DIAFORA
[2012/05/16 17:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/05/15 17:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/14 20:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/14 20:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/14 20:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/14 13:44:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Conduit
[2012/05/14 13:39:09 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/05/14 13:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/05/14 13:06:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SpeedyPC Software
[2012/05/14 13:06:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DriverCure
[2012/05/14 13:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/05/08 18:07:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\SniperV2
[2012/05/08 17:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebellion
[2012/05/08 17:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Rebellion
[2012/05/08 04:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/08 04:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/27 17:25:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CECE0D10-541D-440D-BEE2-970CEC8E440B}
[2012/04/27 03:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/04/24 23:50:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{50428C17-ED0F-4623-91A1-7003D40650A4}
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\windows\System32\drivers\avgidshx.sys
[2011/06/20 11:34:47 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC303.dll
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/17 22:41:50 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/05/17 22:26:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/17 22:11:00 | 000,001,168 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/17 21:23:01 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3356236182-3778818882-630401748-1000UA.job
[2012/05/17 19:23:14 | 000,376,201 | ---- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2012/05/17 14:32:46 | 000,014,816 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/17 14:32:46 | 000,014,816 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/17 14:24:46 | 000,001,164 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/17 14:24:40 | 000,000,300 | -HS- | M] () -- C:\windows\tasks\aghm.job
[2012/05/17 14:24:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/17 14:24:35 | 2811,875,328 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/17 12:27:56 | 098,466,176 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2012/05/17 00:23:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3356236182-3778818882-630401748-1000Core.job
[2012/05/16 23:08:35 | 000,000,240 | ---- | M] () -- C:\windows\System32\drivers\kgpcpy.cfg
[2012/05/16 17:16:19 | 000,609,374 | ---- | M] () -- C:\Users\user\Desktop\Breaking_Bad - season 3.gr.zip
[2012/05/15 19:21:35 | 000,001,186 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012/05/12 15:48:23 | 000,339,872 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/12 07:03:29 | 000,671,198 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/12 07:03:29 | 000,624,678 | ---- | M] () -- C:\windows\System32\perfh008.dat
[2012/05/12 07:03:29 | 000,129,386 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/12 07:03:29 | 000,118,368 | ---- | M] () -- C:\windows\System32\perfc008.dat
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\windows\System32\drivers\avgidshx.sys
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 23:08:35 | 000,000,240 | ---- | C] () -- C:\windows\System32\drivers\kgpcpy.cfg
[2012/05/16 17:16:17 | 000,609,374 | ---- | C] () -- C:\Users\user\Desktop\Breaking_Bad - season 3.gr.zip
[2012/05/04 18:33:31 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/02 19:33:09 | 000,000,036 | ---- | C] () -- C:\windows\mafosav.INI
[2012/02/01 11:51:17 | 000,484,352 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2012/01/17 20:30:31 | 000,036,939 | ---- | C] () -- C:\windows\System32\insrepim.exe
[2011/10/05 01:26:35 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/09/08 06:19:44 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2011/06/09 18:14:41 | 000,000,020 | ---- | C] () -- C:\windows\System32\RADARRSR.DLL
[2011/05/30 01:38:06 | 000,051,270 | ---- | C] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2011/05/12 06:01:15 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{1DAE8E2D-1236-491A-A84A-1511A4896637}
[2011/04/11 21:34:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/03/20 23:08:33 | 000,055,393 | ---- | C] () -- C:\windows\War3Unin.dat
[2011/03/15 16:07:12 | 000,031,272 | ---- | C] () -- C:\windows\System32\AppleChargerSrv.exe
[2011/03/15 16:07:12 | 000,019,496 | ---- | C] () -- C:\windows\System32\drivers\AppleCharger.sys
[2011/03/15 16:06:42 | 000,072,304 | R--- | C] () -- C:\windows\System32\XSrvSetup.exe
[2011/03/15 16:05:05 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/03/15 16:02:23 | 000,000,010 | ---- | C] () -- C:\windows\GSetup.ini

========== LOP Check ==========

[2011/10/04 06:41:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Activision
[2011/10/20 22:56:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2012
[2012/05/15 07:19:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus
[2012/05/09 07:05:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2011/11/02 21:03:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Darer
[2012/01/08 21:41:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations
[2012/05/14 13:06:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DriverCure
[2011/09/19 17:42:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\fltk.org
[2012/02/01 11:52:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeBurner
[2012/05/16 23:02:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GetRightToGo
[2011/08/30 00:02:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\go
[2011/05/19 00:55:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Guitar Pro 6
[2011/03/21 22:51:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hive Cluster
[2011/09/09 10:15:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2011/09/04 07:46:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2012/05/11 05:49:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client
[2011/05/07 11:02:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2012/05/14 13:06:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SpeedyPC Software
[2012/01/11 01:59:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SplitMediaLabs
[2011/11/03 16:16:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sports Interactive
[2011/10/26 10:30:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Systweak
[2012/05/17 00:33:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TestApp
[2011/04/05 17:47:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP
[2011/12/14 23:36:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Unity
[2011/05/10 22:06:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2012/02/02 12:37:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinPump
[2012/05/17 14:24:40 | 000,000,300 | -HS- | M] () -- C:\windows\Tasks\aghm.job
[2012/05/17 00:23:00 | 000,000,902 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3356236182-3778818882-630401748-1000Core.job
[2012/05/17 21:23:01 | 000,000,924 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3356236182-3778818882-630401748-1000UA.job
[2012/04/05 18:33:41 | 000,032,482 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello Foutzis and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.


  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Sorry for delay.

I am pretty sure that this file doesn't have any virus because it is downloaded from Steam (DOTA 2.exe)


Just ignore the warning. It's a false positive from AVG.

Has it any connection with searchnu?

No.

# Step 1 #

  • Open OTL.exe
  • Click in the button Posted Image
  • Now on the Box Extra Registry, click in Use safe list
  • Next, click in the button Posted Image
  • It will be generated a log with a name Extras.txt. Post this log.

# Step 2 #

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
Foutzis

Foutzis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL Extras logfile created on: 20/5/2012 10:17:34 μμ - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\user\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

3,49 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 62,14% Memory free
6,98 Gb Paging File | 5,44 Gb Available in Paging File | 77,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,02 Gb Total Space | 620,07 Gb Free Space | 66,60% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B95B99-E2CD-4B85-9E59-3B19B554B1FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A79601C-DB24-46E9-A7EE-775829296A33}" = lport=139 | protocol=6 | dir=in | app=system |
"{11F31E20-D3C0-4345-9F41-F20396EBC832}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1212727A-EA37-4504-ACE4-460A247AD020}" = lport=2869 | protocol=6 | dir=in | app=system |
"{144A7216-DEA0-46E7-82AF-137B0397802E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1CFA6BE6-1CC1-4D80-9D24-C22F5552EFEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24B65B51-C2C0-47AE-8EB4-F3CBD49BAA4B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{281B1FEA-7303-4E88-81B9-B936241024D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F99106F-EDBD-4B10-BA63-C6B3327240A3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{319DD64F-A09E-446E-86AC-741616837E68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D5D4470-088E-4EF8-B836-6AB93308BCF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4141E811-D996-4FEE-B12C-63A6DA1D38F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41C7AA9A-1EEB-463F-A00A-FEEEC15D69D6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5B3BA81C-28E2-4AF7-B093-0A1992EA4D64}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5BEB59BC-51BE-42E0-AA5A-6A4839031EB7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{694C6118-2CAC-4189-AFA8-D8F45F2D6B00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{76D685EB-047E-41A5-B0EF-1C64F2D090D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7724F1BF-110F-49DC-AB5C-151227049966}" = rport=10243 | protocol=6 | dir=out | app=system |
"{798D2D16-428C-485D-AAE1-178199BEA0F1}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{7DA34DCA-24A2-422B-8E20-6999E4275DA8}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{8826EE3F-DDC2-4EF0-80BB-C25CAAFDF0D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DC32597-48C0-40D4-80A6-4DD17A75065A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AAD3759-C896-4518-BF3E-F5F54F21DFE0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A688E996-D3E1-4DD1-A26E-27CB93EF7569}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{A9084BB0-05DE-4825-94B7-58F26B98479C}" = lport=137 | protocol=17 | dir=in | app=system |
"{BB8DD13A-2351-4149-8C2B-772C12117C1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6FB5B0A-8F07-4F7D-B93D-E0250ACFF60F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D497138A-3905-4F8D-B9CA-927A9F3DE900}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DCB18686-E979-4104-9B48-ACA6FCC86CF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E185EDDA-63DF-4763-BE5E-5134DE2734BC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E2637006-0C9E-44D3-B622-206056BB4EC8}" = lport=445 | protocol=6 | dir=in | app=system |
"{E54EDF6B-EA0A-446B-9EEF-7A369D37F973}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E667A618-DE43-46E5-8B49-0FB903A67FF6}" = rport=137 | protocol=17 | dir=out | app=system |
"{E7795745-A5F6-4712-B0FB-3DFE92A920BB}" = rport=138 | protocol=17 | dir=out | app=system |
"{EAE1448E-2734-4437-BE7E-A86BF5163AA9}" = lport=138 | protocol=17 | dir=in | app=system |
"{EAE6F0AD-6382-4994-863A-A532AC761A77}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EB5B1121-7A8A-4410-B300-BF8DA0257A2A}" = rport=139 | protocol=6 | dir=out | app=system |
"{F137F3B7-8306-415B-B2AA-6357C73D340C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B40C5B-1E81-49A7-9455-EE2E6576E14E}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe |
"{0506989D-FD7B-4A9C-A9DE-15B13F93D41A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{0798D148-8C2C-466F-926B-EBE9862EAAF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07D40381-7F67-4E18-85F4-07D4B95FC5BF}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{1A690BBD-4D30-484C-87E3-B08E72973CCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1CCA9AC3-E532-4E49-AF88-642750A5B85A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20D3D4DF-3DB8-41CE-89AB-9FB14E6695C5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{2EF7978F-FD22-43AA-8B77-51FBC8BA650A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3008CE28-16D5-43CF-A4E3-A52C178FA81F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3426AAA9-3E70-4693-8F9C-705B86489814}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35932A68-4C6D-4FD1-A384-7BD45D7061BA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{37B3690F-E7A8-46EE-B372-DDFAB96D0D80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{39D71C86-E4CB-489F-8715-EF7A2E98E3C4}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{45632866-A8E0-46B0-9C77-126ED325987A}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{45DD2E9B-722D-4FA5-8942-114BC4504310}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{48B9D203-FEE2-4694-AB97-358124F88887}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{4C306F15-7431-451C-948F-41F6B74E1F13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FC7D77A-3E91-4D7F-94D2-FDE1DA85A834}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{5380ECFE-E682-4ED4-8324-76830185A29A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53B85C1B-9805-4354-9D60-BA5321F3582C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{553C1EC4-FDDE-434C-A3B7-97F18FE21D5F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{55F08EB9-7C7B-4ADE-8DBC-5709FF89AE15}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe |
"{58A6E41B-5F14-4988-ADD5-336F3F1B6CB2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{5ECE672D-AFAC-4E4E-877D-D11219549157}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{631DE171-EB39-45FA-881C-6D6F78845EBF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{68D6A143-BD9F-4215-8517-F852A9DB7F29}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{69D825A2-0B40-4B47-A7CB-58537997BFC4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6A43E59C-FBA2-4935-8D61-5F07881D6A83}" = protocol=6 | dir=out | app=system |
"{7518D843-E3DB-4B6E-B85D-EEE276E9AD14}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{75EE78A6-2908-4D81-A78B-1402A1C3DEEA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7783BA15-5ED8-4453-9ED3-F29748362DEC}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{7D772CFB-4CCC-4007-9235-66D56A2AB8FE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{7E57E1BA-8970-4AD0-A569-3B27E097FAFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8259BA8C-A20D-4996-8853-23211A091E54}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{870D6D0A-7870-498F-B211-37805D35A3A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C354316-A790-49AA-9D25-0AFFCC1D88ED}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8C9AC4B4-59D7-4EFE-B687-182DB70939F1}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{909C1FC2-6CCF-482E-ADC2-9A0F55E3C91B}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{9D183318-2972-4574-A4CE-4516A5A34F82}" = protocol=58 | dir=out | [email protected],-28546 |
"{9DAEBFDB-0B81-4117-AEB1-767E3482C7B1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B51132C2-B48F-414A-A844-C5161C318546}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe |
"{BC9285C9-00AB-4577-A67B-EC1AD955439B}" = protocol=1 | dir=in | [email protected],-28543 |
"{BEF02C36-913F-41F7-95FA-7910F8E2209B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C0AA2F10-5BA3-4355-9107-CF5760171D47}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{C7F0758F-C1A4-4F88-A32F-42CA941E5687}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{CAE55D8E-4E04-4E7F-AF4D-BE7ED2AE81D9}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe |
"{D292511B-8D27-41B5-A8B4-6FDA6E998AB2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D9156274-FEA4-4079-B452-613478810AF9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E8E51C0A-8A25-4588-BE4A-BEF24340C62C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2A1D947-79FA-42AE-8937-F8D6C2F99D65}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{F529938B-4055-4DE1-AA75-D39FA03B7BED}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{F6F182CC-5A12-4B1C-BD62-563B06EA31BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7865E91-4873-4A68-8713-02446914F6F8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F921E96C-7278-4E21-920D-B497F116F249}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F96366AA-155E-468C-8CC5-A293FC27A621}" = protocol=58 | dir=in | [email protected],-28545 |
"{FC896F85-AE08-446D-8E2A-289047D8E571}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{FE9C9A46-AE3E-417F-B435-92806C645D86}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{FFF6E53A-5D32-42CB-BF14-A1CE0FF09987}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{01213777-A10D-4F7E-AF8E-A3EF2A669C6C}C:\program files\darer\gproxy\gproxy.exe" = protocol=6 | dir=in | app=c:\program files\darer\gproxy\gproxy.exe |
"TCP Query User{2519B7DA-B490-4ACD-B144-66E83AA5A403}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{2C38B2F7-14BF-4BE7-8CAD-F0FF021599B7}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{2D383D55-818E-4B93-A864-333BB29FAE7C}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{2D657984-AC4D-4914-8C4D-C53AF000C1EB}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"TCP Query User{34D5F2D3-5F92-420A-8737-0803905FE54B}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{4183625E-1C54-494C-AA32-BB1380F36D43}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{556E30CE-9293-4301-84AC-8134E3FD0CD5}C:\users\user\appdata\roaming\winpump\pumpa.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\winpump\pumpa.exe |
"TCP Query User{5E5FD49E-CB3A-421F-83BD-853C4CF455F3}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{7DB34CF2-480F-4410-9321-FC57F65F1923}C:\users\user\desktop\(pc games) empire earth (full game)\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\(pc games) empire earth (full game)\empire earth\empire earth.exe |
"TCP Query User{93E01D23-FE22-4F0C-8134-E21294A3749F}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{AF755D9E-0F81-4AF0-B9E3-A1DAB1DBDC72}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{AFDF821C-4F62-4620-BB3D-15CE67F59A67}C:\program files\dotalicious gaming client\client.exe" = protocol=6 | dir=in | app=c:\program files\dotalicious gaming client\client.exe |
"TCP Query User{C979E13A-FE1C-4864-B3A1-2A368CDB5D26}C:\users\user\documents\vuze downloads\yu gi oh games pc\yu-gi-oh! power of chaos joey the passion\joey_pc.exe" = protocol=6 | dir=in | app=c:\users\user\documents\vuze downloads\yu gi oh games pc\yu-gi-oh! power of chaos joey the passion\joey_pc.exe |
"TCP Query User{D34EC0D8-4DA4-4B5D-A026-A82BD788A06A}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"TCP Query User{EC946FC7-2476-410B-811F-B4410F22A46C}C:\program files\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files\sony\media go\mediago.exe |
"UDP Query User{16894AD2-A523-44B6-9970-AAAB922DBD1D}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{1F95FDA9-BB54-44CE-A34C-0C92AD1F314E}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{37E5C019-167A-436C-8B89-EB809D972FC8}C:\program files\darer\gproxy\gproxy.exe" = protocol=17 | dir=in | app=c:\program files\darer\gproxy\gproxy.exe |
"UDP Query User{3A344681-4250-499E-A1CC-B5112A00B21A}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{3A74D4D1-0B44-458F-8EA3-E88F69174732}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"UDP Query User{3DB78B1C-B333-480A-ADB6-5719511D83D3}C:\program files\dotalicious gaming client\client.exe" = protocol=17 | dir=in | app=c:\program files\dotalicious gaming client\client.exe |
"UDP Query User{54A2C84E-06DE-4F58-BE99-E06A6C30FE6C}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{660F75EC-F816-4202-A8E0-43C8EA29FA59}C:\users\user\documents\vuze downloads\yu gi oh games pc\yu-gi-oh! power of chaos joey the passion\joey_pc.exe" = protocol=17 | dir=in | app=c:\users\user\documents\vuze downloads\yu gi oh games pc\yu-gi-oh! power of chaos joey the passion\joey_pc.exe |
"UDP Query User{6E2C7E45-AAA2-48CE-8A67-FB720B5FB93F}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{6F4EE780-9B1F-450A-991E-B5F1028E82CA}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{769EAFE0-E04D-4BAD-B5B8-A140BE1E1FF1}C:\program files\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files\sony\media go\mediago.exe |
"UDP Query User{85814EBC-580D-4F9E-8563-2F4B1449BA54}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"UDP Query User{A94FE3CB-C898-4516-A456-35AF8EC637B1}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{ACD977BD-51B5-4B09-8CD4-871C9351E781}C:\users\user\appdata\roaming\winpump\pumpa.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\winpump\pumpa.exe |
"UDP Query User{CF944166-C4A6-4F56-93F3-121294989063}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{EF3818A1-D68B-496F-A0C8-CE8AF200E148}C:\users\user\desktop\(pc games) empire earth (full game)\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\(pc games) empire earth (full game)\empire earth\empire earth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{16DABD39-A174-4C6B-A2C4-A492E64933C8}" = AVG 2012
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1CD03741-D0AE-4FF1-B97B-F991B294EECA}" = OpenOffice.org 3.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{20FA8AEE-E785-4F79-98EB-2067A8F395F4}" = Monopoly
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 29
"{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C3AB990-1F33-3D6B-9F34-8D5189FA04D3}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3ABC7CFA-A6F5-3870-A59C-B856DA1DA4F4}" = Microsoft .NET Framework 4 Client Profile ELL Language Pack
"{3BA9D546-B0E3-4549-BB2E-3F4FF65A1B81}" = YouTube Downloader Toolbar v4.4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{402B502A-4735-4B03-B38F-1640CD3C531B}" = Windows Live Sync
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E74D41C-5864-4561-9F6B-069372513A0B}" = AVG 2012
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5542F72D-45E4-371C-BE4B-A7CB70C11E9D}" = Windows Phone Emulator - ENU
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB816C-EFCC-49D2-9F5B-90A4FD1E9104}" = Windows Live Family Safety
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{727DAFCB-E3AF-46E3-8A38-EB9C3EAA0A88}" = AVG 2011
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D004944-C4F1-4C44-AAD4-E7F85190ED00}" = AVG 2012
"{7D543DFE-6459-462A-9A62-B5B012B1DCF1}" = AVG 2011
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2010
"{90140000-0015-0000-0000-0000000FF1CE}_Office14.Access_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.Access_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.Access_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.Access_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.Access_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.Access_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006D-0408-0000-0000000FF1CE}" = Microsoft Office "Χρήση με ένα κλικ" 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.Access_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.Access_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.Access_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0408-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Ελληνικά
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0408-0000-0000000FF1CE}" = Πρόγραμμα προβολής του Microsoft PowerPoint
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9ABC0A6-DC01-4102-BEC9-86974A73B214}" = Windows Live Remote Client Resources
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B293B59B-9153-43BD-9A70-D2C363B95CF9}" = Guitar Pro update
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B86149D3-18A2-41FD-A153-60AF944E47FE}" = Microsoft Windows Phone 7 Developer Resources
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB91CB0-17D9-44EB-BFB2-5307AB7E7DDC}" = Microsoft Visual Studio 2010 Express for Windows Phone - ENU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1193668-4C09-4F49-A80C-DD0205069FDF}" = Microsoft Captions Language Interface Pack
"{D378BEA1-912E-4827-B9DB-D3B2C3D0BD4A}" = Windows Live Remote Service Resources
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F3EF5DE8-1120-4B77-99A3-4DC232E8C129}" = XSplit
"{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AVG" = AVG 2012
"Blend_4.0.20901.0" = Microsoft Expression Blend 4
"Blip Blop" = Blip Blop (remove only)
"Bugs Bunny & Taz - Time Busters" = Bugs Bunny & Taz - Time Busters
"BurnInTest_is1" = BurnInTest v6.0 Pro
"Crazy Machines 2 Complete_is1" = Crazy Machines 2 Complete
"DAEMON Tools Lite" = DAEMON Tools Lite
"Darer_is1" = Darer
"DotAlicious Gaming Client" = DotAlicious Gaming Client
"ExpressRip" = Express Rip
"Free Easy Burner_is1" = Free Easy Burner V 5.1
"Garena" = Garena 2010
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.0
"IDroo" = IDroo 1.0.0.154
"Intel AppUp(SM) center 28264" = Intel AppUp(SM) center
"Kingconvert Video Converter" = Kingconvert Video Converter
"LIMBO" = LIMBO
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware έκδοση 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ELL Language Pack" = Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"Microsoft Visual Studio 2010 Express for Windows Phone - ENU" = Microsoft Windows Phone Developer Tools - ENU
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"Mozilla Firefox 12.0 (x86 el)" = Mozilla Firefox 12.0 (x86 el)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Access" = Microsoft Access 2010
"Office14.Click2Run" = Microsoft Office "Χρήση με ένα κλικ" 2010
"OpenAL" = OpenAL
"Opera 11.51.1087" = Opera 11.51
"PowerISO" = PowerISO
"RealPlayer 15.0" = RealPlayer
"SearchCore for Browsers" = SearchCore for Browsers
"Searchqu 421 MediaBar" = Windows Searchqu Toolbar
"Sniper Elite V2_is1" = Sniper Elite V2
"SopCast" = SopCast 3.5.0
"ST6UNST #1" = TestDrive
"Steam App 570" = Dota 2
"Steam App 99900" = Spiral Knights
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.1
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 3.93 – Εφαρμογή συμπίεσης και διαχείρισης συμπιεσμένων αρχείων
"Worms Reloaded_is1" = Worms Reloaded
"Wubi" = Ubuntu
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"SimAquarium" = SimAquarium
"UnityWebPlayer" = Unity Web Player
"Warcraft III" = Warcraft III: All Products
"WinPump" = WinPump

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/5/2012 10:58:27 πμ | Computer Name = user-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 15/5/2012 10:58:27 πμ | Computer Name = user-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 15/5/2012 10:58:28 πμ | Computer Name = user-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 15/5/2012 10:58:28 πμ | Computer Name = user-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 15/5/2012 10:58:29 πμ | Computer Name = user-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 15/5/2012 10:58:29 πμ | Computer Name = user-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 15/5/2012 10:58:30 πμ | Computer Name = user-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 15/5/2012 10:58:30 πμ | Computer Name = user-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 15/5/2012 10:58:31 πμ | Computer Name = user-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 15/5/2012 10:58:31 πμ | Computer Name = user-PC | Source = MsiInstaller | ID = 1013
Description =

[ System Events ]
Error - 13/12/2011 2:44:26 μμ | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Δεν ήταν δυνατή η καταχώρηση του ονόματος "USER-PC :0" στη
διασύνδεση με διεύθυνση IP 192.168.1.64. Ο υπολογιστής με διεύθυνση IP 192.168.1.66
δεν επέτρεψε την απόκτηση του ονόματος από αυτόν τον υπολογιστή.

Error - 13/12/2011 2:44:26 μμ | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Δεν ήταν δυνατή η καταχώρηση του ονόματος "USER-PC :0" στη
διασύνδεση με διεύθυνση IP 192.168.1.64. Ο υπολογιστής με διεύθυνση IP 192.168.1.66
δεν επέτρεψε την απόκτηση του ονόματος από αυτόν τον υπολογιστή.

Error - 13/12/2011 2:44:33 μμ | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Δεν ήταν δυνατή η καταχώρηση του ονόματος "USER-PC :0" στη
διασύνδεση με διεύθυνση IP 192.168.1.64. Ο υπολογιστής με διεύθυνση IP 192.168.1.66
δεν επέτρεψε την απόκτηση του ονόματος από αυτόν τον υπολογιστή.

Error - 13/12/2011 2:44:33 μμ | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Δεν ήταν δυνατή η καταχώρηση του ονόματος "USER-PC :0" στη
διασύνδεση με διεύθυνση IP 192.168.1.64. Ο υπολογιστής με διεύθυνση IP 192.168.1.66
δεν επέτρεψε την απόκτηση του ονόματος από αυτόν τον υπολογιστή.

Error - 13/12/2011 2:44:34 μμ | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Δεν ήταν δυνατή η καταχώρηση του ονόματος "USER-PC :0" στη
διασύνδεση με διεύθυνση IP 192.168.1.64. Ο υπολογιστής με διεύθυνση IP 192.168.1.66
δεν επέτρεψε την απόκτηση του ονόματος από αυτόν τον υπολογιστή.

Error - 13/12/2011 2:44:36 μμ | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Δεν ήταν δυνατή η καταχώρηση του ονόματος "USER-PC :0" στη
διασύνδεση με διεύθυνση IP 192.168.1.64. Ο υπολογιστής με διεύθυνση IP 192.168.1.66
δεν επέτρεψε την απόκτηση του ονόματος από αυτόν τον υπολογιστή.

Error - 13/12/2011 2:44:37 μμ | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Δεν ήταν δυνατή η καταχώρηση του ονόματος "USER-PC :0" στη
διασύνδεση με διεύθυνση IP 192.168.1.64. Ο υπολογιστής με διεύθυνση IP 192.168.1.66
δεν επέτρεψε την απόκτηση του ονόματος από αυτόν τον υπολογιστή.

Error - 13/12/2011 2:44:38 μμ | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Δεν ήταν δυνατή η καταχώρηση του ονόματος "USER-PC :0" στη
διασύνδεση με διεύθυνση IP 192.168.1.64. Ο υπολογιστής με διεύθυνση IP 192.168.1.66
δεν επέτρεψε την απόκτηση του ονόματος από αυτόν τον υπολογιστή.

Error - 13/12/2011 2:44:38 μμ | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Δεν ήταν δυνατή η καταχώρηση του ονόματος "USER-PC :0" στη
διασύνδεση με διεύθυνση IP 192.168.1.64. Ο υπολογιστής με διεύθυνση IP 192.168.1.66
δεν επέτρεψε την απόκτηση του ονόματος από αυτόν τον υπολογιστή.

Error - 13/12/2011 2:44:58 μμ | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = Δεν ήταν δυνατή η καταχώρηση του ονόματος "USER-PC :0" στη
διασύνδεση με διεύθυνση IP 192.168.1.64. Ο υπολογιστής με διεύθυνση IP 192.168.1.66
δεν επέτρεψε την απόκτηση του ονόματος από αυτόν τον υπολογιστή.


< End of report >
  • 0

#5
Foutzis

Foutzis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-20 22:22:51
-----------------------------
22:22:51.123 OS Version: Windows 6.1.7600
22:22:51.123 Number of processors: 4 586 0x1E05
22:22:51.124 ComputerName: USER-PC UserName: user
22:23:07.862 Initialize success
22:23:45.991 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port0Path0Target0Lun0
22:23:45.995 Disk 0 Vendor: WDC_____ 500. Size: 953869MB BusType: 8
22:23:46.003 Disk 0 MBR read successfully
22:23:46.007 Disk 0 MBR scan
22:23:46.011 Disk 0 Windows 7 default MBR code
22:23:46.015 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
22:23:46.023 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953367 MB offset 1026048
22:23:46.030 Disk 0 scanning sectors +1953521664
22:23:46.080 Disk 0 scanning C:\windows\system32\drivers
22:23:50.179 Service scanning
22:23:58.388 Modules scanning
22:24:01.276 Disk 0 trace - called modules:
22:24:01.294 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll SCSIPORT.SYS jraid.sys
22:24:01.297 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88ae2648]
22:24:01.301 3 CLASSPNP.SYS[8d39559e] -> nt!IofCallDriver -> [0x86f42f08]
22:24:01.519 5 ACPI.sys[8ccbf3b2] -> nt!IofCallDriver -> \Device\Scsi\JRAID1Port0Path0Target0Lun0[0x86f42030]
22:24:01.530 Scan finished successfully
22:24:24.413 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
22:24:24.417 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:
  • Vuze Remote Toolbar
  • Windows Searchqu Toolbar
  • SearchCore for Browsers


# Step 2 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    
    
    [font="Arial"]:OTL
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://www.searchqu....q={searchTerms}
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0001c6f658592f8
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://www.searchqu....q={searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "Searchqu Web Search"
    FF - prefs.js..browser.search.order.1: "Searchqu Web Search"
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/421"
    FF - prefs.js..extensions.enabledItems: [email protected]:4.3
    FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=0&systemid=421&sr=0&q="
    [2012/02/01 11:51:22 | 000,000,000 | ---D | M] (Searchqu Toolbar) --  C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2012/05/06 21:03:41 | 000,000,000 | ---D | M] (NeoBux Community  Toolbar) --  C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{ec66d0dc-ad17-4602-af45-ef595565db02}
    [2011/12/08 23:47:36 | 000,000,000 | ---D | M] (Yontoo) --  C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\[email protected]
    [2012/02/01 11:51:19 | 000,002,520 | ---- | M] () --  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v8bu5ez8.default\searchplugins\SearchResults.xml
    [2011/10/26 08:09:18 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicus.xml
    [2012/02/01 11:51:19 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
    CHR - Extension: Facemoods =  C:\Users\user\AppData\Local\Google\Chrome\User  Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\
    CHR - Extension: Yontoo = C:\Users\user\AppData\Local\Google\Chrome\User  Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (SearchCore for Browsers) -  {9D717F81-9148-4f12-8568-69135F087DB0} -  C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL (Bandoo Media, inc)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc}  - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) -  {99079a25-328f-4bd4-be04-00955acaa0a7} -  C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) -  {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program  Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) -  {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program  Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE (Bandoo Media, inc)
    [2012/05/14 13:44:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Conduit[/font]:Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • 0

#7
Foutzis

Foutzis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <:OTL> in the current context!
Error: Unable to interpret <IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://www.searchqu....={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...001c6f658592f8> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://www.searchqu....={searchTerms}> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "Searchqu Web Search"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "Searchqu Web Search"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/421"> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: [email protected]:4.3> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "http://www.searchqu....d=421&sr=0&q="> in the current context!
Error: Unable to interpret <[2012/02/01 11:51:22 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}> in the current context!
Error: Unable to interpret <[2012/05/06 21:03:41 | 000,000,000 | ---D | M] (NeoBux Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{ec66d0dc-ad17-4602-af45-ef595565db02}> in the current context!
Error: Unable to interpret <[2011/12/08 23:47:36 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\[email protected]> in the current context!
Error: Unable to interpret <[2012/02/01 11:51:19 | 000,002,520 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v8bu5ez8.default\searchplugins\SearchResults.xml> in the current context!
Error: Unable to interpret <[2011/10/26 08:09:18 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicus.xml> in the current context!
Error: Unable to interpret <[2012/02/01 11:51:19 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml> in the current context!
Error: Unable to interpret <CHR - Extension: Facemoods = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\> in the current context!
Error: Unable to interpret <CHR - Extension: Yontoo = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\> in the current context!
Error: Unable to interpret <O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()> in the current context!
Error: Unable to interpret <O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL (Bandoo Media, inc)> in the current context!
Error: Unable to interpret <O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE (Bandoo Media, inc)> in the current context!
Error: Unable to interpret <[2012/05/14 13:44:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Conduit
:Commands> in the current context!

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 10181991 bytes
->Temporary Internet Files folder emptied: 313453893 bytes
->Java cache emptied: 862550 bytes
->FireFox cache emptied: 1162385804 bytes
->Google Chrome cache emptied: 7019780 bytes
->Opera cache emptied: 33605336 bytes
->Flash cache emptied: 3986546 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1615436 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125046 bytes
RecycleBin emptied: 1005703 bytes

Total Files Cleaned = 1.463,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.43.0 log created on 05222012_075218

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#8
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

Hi Foutzis,

I need you to run the OTL script again.

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://www.searchqu....q={searchTerms}
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0001c6f658592f8
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://www.searchqu....q={searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "Searchqu Web Search"
    FF - prefs.js..browser.search.order.1: "Searchqu Web Search"
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/421"
    FF - prefs.js..extensions.enabledItems: [email protected]:4.3
    FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=0&systemid=421&sr=0&q="
    [2012/02/01 11:51:22 | 000,000,000 | ---D | M] (Searchqu Toolbar)  --  C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2012/05/06 21:03:41 | 000,000,000 | ---D | M] (NeoBux  Community  Toolbar)  --  C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{ec66d0dc-ad17-4602-af45-ef595565db02}
    [2011/12/08 23:47:36 | 000,000,000 | ---D | M] (Yontoo)  --  C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\[email protected]
    [2012/02/01 11:51:19 | 000,002,520 | ---- | M] ()  --  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v8bu5ez8.default\searchplugins\SearchResults.xml
    [2011/10/26 08:09:18 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicus.xml
    [2012/02/01 11:51:19 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
    CHR - Extension: Facemoods  =  C:\Users\user\AppData\Local\Google\Chrome\User  Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\
    CHR - Extension: Yontoo =  C:\Users\user\AppData\Local\Google\Chrome\User  Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (SearchCore for Browsers)  -  {9D717F81-9148-4f12-8568-69135F087DB0}  -  C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL (Bandoo Media, inc)
    O2 - BHO: (Vuze Remote Toolbar) -  {ba14329e-9550-4989-b3f2-9732e92d17cc}  - C:\Program  Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar)  -  {99079a25-328f-4bd4-be04-00955acaa0a7}  -  C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar)  -  {ba14329e-9550-4989-b3f2-9732e92d17cc} -  C:\Program  Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar)  -  {BA14329E-9550-4989-B3F2-9732E92D17CC} -  C:\Program  Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE (Bandoo Media, inc)
    [2012/05/14 13:44:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Conduit
    
    
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • 0

#9
Foutzis

Foutzis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuz0.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuz0.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}\ not found.
Prefs.js: "Searchqu Web Search" removed from browser.search.defaultenginename
Prefs.js: "Searchqu Web Search" removed from browser.search.order.1
Prefs.js: "http://www.searchqu.com/421" removed from browser.startup.homepage
Prefs.js: [email protected]:4.3 removed from extensions.enabledItems
Prefs.js: "http://www.searchqu....id=421&sr=0&q=" removed from keyword.URL
Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{ec66d0dc-ad17-4602-af45-ef595565db02}\searchplugin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{ec66d0dc-ad17-4602-af45-ef595565db02}\Plugins folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{ec66d0dc-ad17-4602-af45-ef595565db02}\modules folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{ec66d0dc-ad17-4602-af45-ef595565db02}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{ec66d0dc-ad17-4602-af45-ef595565db02}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{ec66d0dc-ad17-4602-af45-ef595565db02}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{ec66d0dc-ad17-4602-af45-ef595565db02}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\{ec66d0dc-ad17-4602-af45-ef595565db02} folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\[email protected]\content folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\v8bu5ez8.default\extensions\[email protected] folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v8bu5ez8.default\searchplugins\SearchResults.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicus.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml moved successfully.
File C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0 not found.
File C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
File C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\- BHO: (SearchCore for Browsers)\ not found.
File {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuz0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files\Yontoo\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\LM\..\Toolbar: (Searchqu Toolbar) not found.
File 328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\LM\..\Toolbar: (Vuze Remote Toolbar) not found.
File 9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\CU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) not found.
File 9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE not found.
C:\Users\user\AppData\Local\Conduit folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 38066 bytes
->Temporary Internet Files folder emptied: 46366 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 960313062 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2039 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 360 bytes
RecycleBin emptied: 259313 bytes

Total Files Cleaned = 916,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.43.0 log created on 05232012_093309

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#10
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi Foutzis

Disable your antivirus software
  • Acess the Eset Online Scanner website using Internet Explorer navigator.
    http://www.eset.com/us/online-scanner/
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
    PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
  • Post that log.

  • 0

#11
Foutzis

Foutzis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
  • 0

#12
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove OTL:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove OTL:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP