Searchnu.com/102 removal HELP!

[lennyclassix]

Please help me remove the searchnu.com/102 redirect issue. Here are the OTL logs:

OTL logfile created on: 4/26/2012 6:19:15 PM - Run 1

OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\nesto\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 63.29% Memory free

6.97 Gb Paging File | 5.42 Gb Available in Paging File | 77.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 145.69 Gb Free Space | 62.56% Space Free | Partition Type: NTFS

Computer Name: NESTO-PC | User Name: nesto | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/26 18:03:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\nesto\Desktop\OTL.exe

PRC - [2012/04/15 16:12:24 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe

PRC - [2012/02/27 00:15:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe

PRC - [2012/02/26 10:42:28 | 000,632,320 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla server.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe

PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe

PRC - [2011/12/14 07:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2011/12/14 07:59:18 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe

PRC - [2011/12/14 07:41:54 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe

PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe

PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe

PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2011/08/17 11:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/03/03 21:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/08/31 18:19:40 | 000,131,440 | ---- | M] () -- C:\Program Files\EZ-RC\ez-rc-tray.exe

PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/20 15:46:04 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll

MOD - [2011/11/20 15:45:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll

MOD - [2011/11/20 15:45:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll

MOD - [2011/11/20 15:45:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll

MOD - [2011/11/20 15:45:24 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll

MOD - [2011/11/20 15:45:19 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll

MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll

MOD - [2011/09/04 01:13:56 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2011/09/04 01:13:56 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll

MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2011/03/30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

MOD - [2011/03/01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2011/03/01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2011/03/01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2011/03/01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2011/03/01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2011/03/01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

MOD - [2010/08/31 18:19:40 | 000,131,440 | ---- | M] () -- C:\Program Files\EZ-RC\ez-rc-tray.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/04/15 21:22:31 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/02/26 10:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)

SRV - [2011/12/14 07:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/09/16 20:26:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/09/03 03:00:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/08/17 11:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2011/03/03 21:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - [2011/11/12 12:18:10 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (Leapfrog-USBLAN)

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/03/03 21:30:26 | 004,333,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C525(UVC)

DRV - [2011/03/03 21:29:00 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2011/03/03 21:27:20 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)

DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

DRV - [2009/07/13 18:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®

DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®

DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/09/18 17:03:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)

DRV - [2008/06/03 09:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2A A5 82 36 F8 9B D8 4C 82 5A DB 7A A3 1B BB B3 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2A A5 82 36 F8 9B D8 4C 82 5A DB 7A A3 1B BB B3 [binary data]

IE - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/102

IE - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC C4 E7 0D EA 69 CC 01 [binary data]

IE - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2A A5 82 36 F8 9B D8 4C 82 5A DB 7A A3 1B BB B3 [binary data]

IE - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nesto\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nesto\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\nesto\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 21:07:14 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - Extension: No name found = C:\Users\nesto\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Reg Error: Value error.) - {3682A52A-9BF8-4CD8-825A-DB7AA31BBBB3} - C:\Users\nesto\AppData\Local\InternetWOW64.dll File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()

O4 - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar" File not found

O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar" File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\nesto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2667463400-2828277676-1731983280-1001\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BE421F8-3E6E-4F5E-8E18-4FE661B65DBE}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B84FBA0C-B18F-409A-AA3F-82B557A5975E}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 18:03:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\nesto\Desktop\OTL.exe

[2012/04/26 17:53:04 | 000,000,000 | ---D | C] -- C:\Users\nesto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner

[2012/04/26 17:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner

[2012/04/25 19:47:21 | 000,000,000 | ---D | C] -- C:\Users\nesto\Desktop\ninetofive.1.6.8

[2012/04/25 19:47:21 | 000,000,000 | ---D | C] -- C:\Users\nesto\Desktop\__MACOSX

[2012/04/24 19:42:50 | 000,000,000 | ---D | C] -- C:\Users\nesto\Desktop\ninetofive

[2012/04/24 19:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar

[2012/04/24 19:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/04/24 19:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\jZip

[2012/04/23 20:49:03 | 000,000,000 | ---D | C] -- C:\Users\nesto\Desktop\jobberbase-1.9.1

[2012/04/22 19:34:00 | 000,000,000 | ---D | C] -- C:\Users\nesto\AppData\Local\Xara

[2012/04/22 19:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara

[2012/04/22 19:33:05 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information

[2012/04/22 19:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\Xara

[2012/04/22 19:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Xara

[2012/04/22 19:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield

[2012/04/22 09:54:22 | 000,000,000 | ---D | C] -- C:\Users\nesto\Desktop\feedburner-widget

[2012/04/15 22:15:59 | 000,000,000 | ---D | C] -- C:\Users\nesto\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1

[2012/04/15 22:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai

[2012/04/15 16:12:24 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/04/01 14:15:23 | 000,000,000 | ---D | C] -- C:\Users\nesto\Desktop\Bodybuilding_com - Lee Labrada's Lean Body-Friendly Recipes!_files

[2012/03/28 21:25:42 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll

[2012/03/28 21:25:42 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll

[2012/03/28 21:24:47 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll

[2012/03/28 21:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins

[2012/03/28 21:24:46 | 000,000,000 | ---D | C] -- C:\Users\nesto\Documents\Image-Line

[2012/03/28 21:24:38 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm

[2012/03/28 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\nesto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

[2012/03/28 21:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim

[2012/03/28 21:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/26 18:03:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\nesto\Desktop\OTL.exe

[2012/04/26 18:01:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2667463400-2828277676-1731983280-1001UA.job

[2012/04/26 18:01:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2667463400-2828277676-1731983280-1001Core.job

[2012/04/26 17:53:04 | 000,001,048 | ---- | M] () -- C:\Users\nesto\Desktop\Toolbar Cleaner.lnk

[2012/04/26 17:51:00 | 096,333,007 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2012/04/26 17:47:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/26 17:47:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/25 20:30:09 | 000,007,571 | ---- | M] () -- C:\Users\nesto\Desktop\JOBHAUL.x3d

[2012/04/25 20:29:58 | 000,004,561 | ---- | M] () -- C:\Users\nesto\Desktop\jobhaul.jpg

[2012/04/25 19:51:59 | 000,386,419 | ---- | M] () -- C:\Users\nesto\Desktop\ninetofivenew.zip

[2012/04/24 19:43:14 | 000,356,005 | ---- | M] () -- C:\Users\nesto\Desktop\ninetofive.zip

[2012/04/22 19:55:17 | 000,008,323 | ---- | M] () -- C:\Users\nesto\Desktop\LENNY CLASSIX.x3d

[2012/04/22 19:54:57 | 000,036,008 | ---- | M] () -- C:\Users\nesto\Desktop\newlenny.gif

[2012/04/22 19:45:21 | 000,044,984 | ---- | M] () -- C:\Users\nesto\Desktop\lennyclassix.gif

[2012/04/22 19:38:10 | 000,021,569 | ---- | M] () -- C:\Users\nesto\Desktop\lennyclassix.png

[2012/04/22 19:33:06 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\Xara3D6.lnk

[2012/04/22 11:58:11 | 000,023,988 | ---- | M] () -- C:\Users\nesto\Desktop\housecentipede.jpg

[2012/04/22 08:30:06 | 000,003,760 | ---- | M] () -- C:\Users\nesto\Desktop\animated_favicon1.gif

[2012/04/21 21:01:13 | 000,039,966 | ---- | M] () -- C:\Users\nesto\Desktop\family.jpg

[2012/04/21 21:00:47 | 000,029,091 | ---- | M] () -- C:\Users\nesto\Desktop\jumper.jpg

[2012/04/21 20:59:41 | 000,050,394 | ---- | M] () -- C:\Users\nesto\Desktop\studio.jpg

[2012/04/21 20:58:27 | 000,027,135 | ---- | M] () -- C:\Users\nesto\Desktop\inthebooth.jpg

[2012/04/21 19:27:50 | 014,203,974 | ---- | M] () -- C:\Users\nesto\Desktop\LOGO.psd

[2012/04/18 04:26:16 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/04/18 04:26:16 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/04/16 21:08:38 | 000,250,734 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

[2012/04/16 09:33:16 | 000,015,124 | ---- | M] () -- C:\Users\nesto\Desktop\Dekar Light.otf

[2012/04/16 09:33:08 | 000,017,240 | ---- | M] () -- C:\Users\nesto\Desktop\Dekar.otf

[2012/04/15 23:01:08 | 000,182,272 | ---- | M] () -- C:\Users\nesto\Documents\original song lyrics.msam

[2012/04/15 22:44:28 | 000,132,096 | ---- | M] () -- C:\Users\nesto\Documents\demo singers.msam

[2012/04/15 22:40:31 | 000,197,632 | ---- | M] () -- C:\Users\nesto\Documents\basketball training.msam

[2012/04/15 22:35:04 | 000,105,472 | ---- | M] () -- C:\Users\nesto\Documents\songwriting collaboration.msam

[2012/04/15 22:15:55 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk

[2012/04/15 21:22:31 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/04/15 21:22:31 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/04/15 16:11:07 | 2809,057,280 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/14 20:55:45 | 000,002,401 | ---- | M] () -- C:\Users\nesto\Desktop\Google Chrome.lnk

[2012/04/07 09:23:32 | 000,029,935 | ---- | M] () -- C:\Users\nesto\Desktop\cd31e1647c1f683ae68b3cb7510d3b91.jpeg

[2012/04/07 08:16:26 | 044,063,905 | ---- | M] () -- C:\Users\nesto\Desktop\SPI016.mp3

[2012/04/07 08:16:24 | 052,991,658 | ---- | M] () -- C:\Users\nesto\Desktop\SPI017.mp3

[2012/04/06 19:40:00 | 039,991,753 | ---- | M] () -- C:\Users\nesto\Desktop\SPI015.mp3

[2012/04/01 14:15:24 | 000,117,230 | ---- | M] () -- C:\Users\nesto\Desktop\Bodybuilding_com - Lee Labrada's Lean Body-Friendly Recipes!.html

[2012/04/01 14:14:09 | 000,001,323 | ---- | M] () -- C:\Users\nesto\Desktop\7-day-meal-plan - Shortcut.lnk

[2012/03/30 18:57:22 | 000,445,857 | ---- | M] () -- C:\Users\nesto\Desktop\001 (2).jpg

[2012/03/28 21:25:42 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll

[2012/03/28 21:25:42 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll

[2012/03/28 21:24:47 | 000,001,108 | ---- | M] () -- C:\Users\nesto\Desktop\FL Studio 10.lnk

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/26 17:53:04 | 000,001,048 | ---- | C] () -- C:\Users\nesto\Desktop\Toolbar Cleaner.lnk

[2012/04/25 20:30:09 | 000,007,571 | ---- | C] () -- C:\Users\nesto\Desktop\JOBHAUL.x3d

[2012/04/25 20:29:36 | 000,004,561 | ---- | C] () -- C:\Users\nesto\Desktop\jobhaul.jpg

[2012/04/25 19:51:58 | 000,386,419 | ---- | C] () -- C:\Users\nesto\Desktop\ninetofivenew.zip

[2012/04/24 19:43:13 | 000,356,005 | ---- | C] () -- C:\Users\nesto\Desktop\ninetofive.zip

[2012/04/22 19:54:30 | 000,036,008 | ---- | C] () -- C:\Users\nesto\Desktop\newlenny.gif

[2012/04/22 19:45:17 | 000,044,984 | ---- | C] () -- C:\Users\nesto\Desktop\lennyclassix.gif

[2012/04/22 19:38:10 | 000,021,569 | ---- | C] () -- C:\Users\nesto\Desktop\lennyclassix.png

[2012/04/22 19:36:16 | 000,008,323 | ---- | C] () -- C:\Users\nesto\Desktop\LENNY CLASSIX.x3d

[2012/04/22 19:33:06 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\Xara3D6.lnk

[2012/04/22 12:03:49 | 000,023,988 | ---- | C] () -- C:\Users\nesto\Desktop\housecentipede.jpg

[2012/04/22 09:39:22 | 000,003,760 | ---- | C] () -- C:\Users\nesto\Desktop\animated_favicon1.gif

[2012/04/21 21:01:19 | 000,039,966 | ---- | C] () -- C:\Users\nesto\Desktop\family.jpg

[2012/04/21 21:00:21 | 000,029,091 | ---- | C] () -- C:\Users\nesto\Desktop\jumper.jpg

[2012/04/21 20:59:53 | 000,050,394 | ---- | C] () -- C:\Users\nesto\Desktop\studio.jpg

[2012/04/21 20:58:43 | 000,027,135 | ---- | C] () -- C:\Users\nesto\Desktop\inthebooth.jpg

[2012/04/21 20:55:50 | 000,061,139 | -H-- | C] () -- C:\Users\nesto\Desktop\n36608661_30825351_2966.jpg

[2012/04/21 20:54:30 | 000,995,776 | -H-- | C] () -- C:\Users\nesto\Desktop\100_0666.JPG

[2012/04/21 20:54:22 | 000,915,188 | -H-- | C] () -- C:\Users\nesto\Desktop\100_0309.JPG

[2012/04/21 19:11:38 | 014,203,974 | ---- | C] () -- C:\Users\nesto\Desktop\LOGO.psd

[2012/04/21 12:36:59 | 000,017,240 | ---- | C] () -- C:\Users\nesto\Desktop\Dekar.otf

[2012/04/21 12:36:59 | 000,015,124 | ---- | C] () -- C:\Users\nesto\Desktop\Dekar Light.otf

[2012/04/15 22:47:51 | 000,182,272 | ---- | C] () -- C:\Users\nesto\Documents\original song lyrics.msam

[2012/04/15 22:40:47 | 000,132,096 | ---- | C] () -- C:\Users\nesto\Documents\demo singers.msam

[2012/04/15 22:35:20 | 000,197,632 | ---- | C] () -- C:\Users\nesto\Documents\basketball training.msam

[2012/04/15 22:18:15 | 000,105,472 | ---- | C] () -- C:\Users\nesto\Documents\songwriting collaboration.msam

[2012/04/15 22:15:55 | 000,000,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk

[2012/04/15 22:15:55 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk

[2012/04/15 16:12:28 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/07 09:23:44 | 000,029,935 | ---- | C] () -- C:\Users\nesto\Desktop\cd31e1647c1f683ae68b3cb7510d3b91.jpeg

[2012/04/07 08:14:46 | 052,991,658 | ---- | C] () -- C:\Users\nesto\Desktop\SPI017.mp3

[2012/04/07 08:14:41 | 044,063,905 | ---- | C] () -- C:\Users\nesto\Desktop\SPI016.mp3

[2012/04/06 19:39:38 | 039,991,753 | ---- | C] () -- C:\Users\nesto\Desktop\SPI015.mp3

[2012/04/03 21:29:23 | 006,777,277 | ---- | C] () -- C:\Users\nesto\Desktop\Border Patrol.mp3

[2012/04/03 21:29:23 | 005,873,440 | ---- | C] () -- C:\Users\nesto\Desktop\OVER MY HEAD.mp3

[2012/04/01 14:15:22 | 000,117,230 | ---- | C] () -- C:\Users\nesto\Desktop\Bodybuilding_com - Lee Labrada's Lean Body-Friendly Recipes!.html

[2012/04/01 14:14:09 | 000,001,323 | ---- | C] () -- C:\Users\nesto\Desktop\7-day-meal-plan - Shortcut.lnk

[2012/03/30 18:57:22 | 000,445,857 | ---- | C] () -- C:\Users\nesto\Desktop\001 (2).jpg

[2012/03/28 21:24:46 | 000,001,108 | ---- | C] () -- C:\Users\nesto\Desktop\FL Studio 10.lnk

[2011/09/03 21:43:13 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011/09/03 21:42:02 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/09/03 00:34:34 | 000,000,781 | ---- | C] () -- C:\Users\nesto\AppData\Roaming\net.telestream.wirecast.xml

[2011/09/02 23:52:43 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll

[2011/09/02 23:52:43 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe

[2011/09/02 23:52:43 | 001,507,328 | ---- | C] () -- C:\Windows\System32\nView.dll

[2011/09/02 23:52:43 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll

[2011/09/02 23:52:43 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll

[2011/09/02 23:52:43 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe

[2011/09/02 23:52:43 | 000,267,296 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe

[2011/03/03 21:26:22 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll

[2011/03/03 21:26:22 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe

[2011/03/03 21:26:16 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll

[2011/03/03 21:14:50 | 000,027,362 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

< End of report >

Extras

OTL Extras logfile created on: 4/26/2012 6:19:15 PM - Run 1

OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\nesto\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 63.29% Memory free

6.97 Gb Paging File | 5.42 Gb Available in Paging File | 77.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 145.69 Gb Free Space | 62.56% Space Free | Partition Type: NTFS

Computer Name: NESTO-PC | User Name: nesto | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07F9F29A-0066-408A-8306-1B4432090C93}" = lport=445 | protocol=6 | dir=in | app=system |

"{09D1389D-BB35-405B-B2F6-4965729072ED}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{1363B82B-A379-414C-BEE5-DA0C97FFC4FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{1CC89126-FB24-421D-A943-56439B47FD8C}" = lport=137 | protocol=17 | dir=in | app=system |

"{1F607AA9-864B-454D-9F33-646EECB122D5}" = rport=137 | protocol=17 | dir=out | app=system |

"{2D61537E-D9D6-4B92-909C-B6FFD0AF0239}" = rport=10243 | protocol=6 | dir=out | app=system |

"{314C77E6-852F-4444-A576-95D8A69C1D33}" = lport=138 | protocol=17 | dir=in | app=system |

"{4340BDE3-A9EB-439C-BD9E-78DA486E10CD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4A24DEE3-E608-48DE-8177-A12E9FF1B2B4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5572195E-38B8-49B8-90AF-9B2BB675ADEB}" = rport=138 | protocol=17 | dir=out | app=system |

"{572935E5-F6A2-4712-BA25-5E32123002B9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6364030B-C82A-4F94-9D71-380090BACC52}" = lport=2869 | protocol=6 | dir=in | app=system |

"{64CA6FD5-A9CE-4C04-B78E-C641A8EAD023}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6B9EEEC9-514E-4C9D-9425-DF0BA448EEE9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{770C1B2B-6DA5-4374-9AA1-A77888CA930E}" = rport=139 | protocol=6 | dir=out | app=system |

"{78658641-E76A-4D91-8191-272E2D740AFD}" = lport=139 | protocol=6 | dir=in | app=system |

"{7B3D4FD5-2600-4C06-A439-51D4518E349F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7B59C07A-F63C-4606-9D83-92A32061924C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A6101BCC-44D1-468F-8E55-7F2CDFA7CE33}" = lport=10243 | protocol=6 | dir=in | app=system |

"{A610C833-70BC-4A66-AE21-715770BCE608}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{B383EDD6-D3C5-4D72-BCAC-EA58BA92CBE6}" = rport=445 | protocol=6 | dir=out | app=system |

"{D8DA7069-4DBB-4D5F-9B69-8CEF90281BE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{DBEE3DDE-D317-48A6-BF8E-F2546372C25E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E72DC602-1637-4BE8-96B1-FF8269CCBB26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09C70E25-A11F-4CC3-B9E6-5C76E056126F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{10B02D49-BDAD-4F98-B141-66ADE5C91038}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{17CF1CFE-BED2-4E04-85C9-AA3ACB3B36ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{23D77E80-DC51-49B5-9B1D-53C673F2B3CD}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{262BE4EF-8BA9-436B-B377-ABEF1DBE9684}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |

"{28B7502E-D3E4-41D4-BF91-3240F4FB29D6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2F3C0D5E-67C1-4462-81F5-0B944DDB8720}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |

"{32E1A69F-4516-4E37-8C43-7936111B5A3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3A860E20-5ED0-4F27-AC87-FF0285BA24F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{3B61D5E4-3769-44A3-BCCC-1399249FA631}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3D754B80-45BC-45B6-8FA2-EA2F7485CFDC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{438A3F6B-3273-4522-936E-A2760740D584}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |

"{5207DEE3-BBD3-41B8-BFAD-6F73EA1F044E}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |

"{52D20EE8-988A-4EBD-90CA-8F1BDF33B3A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{5F589B2D-191C-4CCE-8E6D-59BFC9724E88}" = protocol=6 | dir=in | app=c:\program files\deskshare\auto ftp manager 5\auto ftp manager.exe |

"{6AB173C5-8338-430E-8F2E-46A80BFDC830}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |

"{6EF56184-9F2F-49AA-B782-D664C83596EF}" = protocol=6 | dir=out | app=system |

"{72CE34F0-49AC-4955-A946-41B35F48C6A7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

"{7AB8A210-B831-4FCC-A6E4-814F73358F30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{81E95378-6B24-4D27-BF8E-B5A6F15709A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{87436C20-0D43-4573-BF4B-CEBEC56637BE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{885513C1-ABC3-472A-A531-D7ABB134FC6E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{8C0DC539-4296-4EFC-89FB-A532E429A048}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{90F54E22-57D2-4D5E-BD1E-713FD7058BF1}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{97D23A49-2EB9-429D-B38A-97C0BA3F7060}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |

"{985E1E28-350C-4ED5-8CF3-175A89F7848B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9EC751E9-D0D3-485D-A12D-D27AFA13D14E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{A3B29B35-6B63-4748-BEEB-3A944DB01721}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A5B73D02-DFF9-4E7E-838C-C9C0055D3A5B}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{A634BCB4-955B-41D9-9238-7449E3D058C2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |

"{B6E9901D-6800-4374-ACF6-150CAC10D5ED}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{C3216B6A-D54E-451D-84FF-87BCF5C0E9D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C37267D8-9594-4DA8-8CAC-91C18EF2F9D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CA45D8C0-23AF-4355-BE3B-4AD6197751B9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |

"{CDD307FD-BAA6-467C-8F2F-A69E1D0C998D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{D20FFD75-7BFC-48A9-9C4F-CDF40B875CFF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |

"{DEBBB1E8-116D-42AC-A516-45F6C4FCCD93}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |

"{E2F6757A-C1D6-4381-B2BF-3E011A8D46C0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

"{E45CA8C8-7795-470D-93EA-539A6FC375BC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |

"{EB200213-DB40-43AB-92EA-E2938D13823A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{F981B4A5-DCE2-4761-B05A-D8A40609D439}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |

"{FB5666FE-C3CA-4B58-8BAC-339918B829F9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |

"TCP Query User{4C7C36CF-D113-4072-B515-E6F243EF4E53}C:\program files\telestream\wirecast\rsrc\desktop presenter.exe" = protocol=6 | dir=in | app=c:\program files\telestream\wirecast\rsrc\desktop presenter.exe |

"UDP Query User{5284E6AD-D0A5-4E40-8F88-3A3502D39A80}C:\program files\telestream\wirecast\rsrc\desktop presenter.exe" = protocol=17 | dir=in | app=c:\program files\telestream\wirecast\rsrc\desktop presenter.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{1743DB16-33CD-4642-BCAC-22DC89992272}" = Wirecast

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{40631ADD-7633-F1F1-32D2-D1FB6374BAFB}" = Market Samurai

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{5CDC6B95-7011-4EF5-9896-3CAEE030B598}" = Desktop Presenter

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud

"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4

"Auto FTP Manager 5.0_is1" = Auto FTP Manager 5.0

"AVG" = AVG 2012

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)

"EZ-RC" = EZ-RC

"FileZilla Server" = FileZilla Server

"FL Studio 10" = FL Studio 10

"IL Download Manager" = IL Download Manager

"ImgBurn" = ImgBurn

"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)

"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Drivers" = NVIDIA Drivers

"nView Desktop Manager" = NVIDIA nView Desktop Manager

"Paper Jamz Pro" = Paper Jamz Pro 1.8.0

"PrimeTime Draft Football 2011" = PrimeTime Draft™ Football 2011

"TeamViewer 6" = TeamViewer 6

"TeamViewer 7" = TeamViewer 7

"Toolbar Cleaner" = Toolbar Cleaner 1.0

"UPCShell" = LeapFrog Connect

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.1

"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2667463400-2828277676-1731983280-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1" = Ruby 1.9.3-p0

"Google Chrome" = Google Chrome

"SOE-DC Universe Online Live" = DC Universe Online Live

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/22/2012 7:32:47 PM | Computer Name = nesto-PC | Source = VSS | ID = 8194

Description =

Error - 4/23/2012 6:03:00 AM | Computer Name = nesto-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/23/2012 6:03:00 AM | Computer Name = nesto-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2013

Error - 4/23/2012 6:03:00 AM | Computer Name = nesto-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2013

Error - 4/25/2012 8:31:19 PM | Computer Name = nesto-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,

time stamp: 0x4d76255d Faulting module name: MSHTML.dll, version: 9.0.8112.16437,

time stamp: 0x4e5eef87 Exception code: 0xc0000005 Fault offset: 0x003a9616 Faulting

process id: 0x19e8 Faulting application start time: 0x01cd21b50da54750 Faulting application

path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll

Report

Id: 240ff2af-8f37-11e1-a7f5-0024e8c20897

Error - 4/25/2012 9:00:35 PM | Computer Name = nesto-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/25/2012 9:00:36 PM | Computer Name = nesto-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 15553

Error - 4/25/2012 9:00:36 PM | Computer Name = nesto-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 15553

Error - 4/26/2012 3:24:36 AM | Computer Name = nesto-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/26/2012 3:24:36 AM | Computer Name = nesto-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 14415

[ System Events ]

Error - 3/16/2012 6:28:08 PM | Computer Name = nesto-PC | Source = Service Control Manager | ID = 7030

Description = The FileZilla Server FTP server service is marked as an interactive

service. However, the system is configured to not allow interactive services.

This service may not function properly.

Error - 3/16/2012 8:24:59 PM | Computer Name = nesto-PC | Source = DCOM | ID = 10001

Description =

Error - 3/17/2012 9:00:23 PM | Computer Name = nesto-PC | Source = DCOM | ID = 10001

Description =

Error - 3/26/2012 6:27:26 PM | Computer Name = nesto-PC | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 3/26/2012 6:27:44 PM | Computer Name = nesto-PC | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 2 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 3/26/2012 6:28:44 PM | Computer Name = nesto-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Apple Mobile Device service,

but this action failed with the following error: %%1056

Error - 4/14/2012 9:03:02 PM | Computer Name = nesto-PC | Source = DCOM | ID = 10010

Description =

Error - 4/15/2012 4:11:14 PM | Computer Name = nesto-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 12:20:41 PM on ?4/?15/?2012 was unexpected.

Error - 4/20/2012 11:11:45 PM | Computer Name = nesto-PC | Source = Schannel | ID = 36887

Description = The following fatal alert was received: 20.

Error - 4/21/2012 5:54:38 AM | Computer Name = nesto-PC | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.1.7

with the system having network hardware address 00-26-59-0E-94-D4. Network operations

on this system may be disrupted as a result.

< End of report >

Thanks in advance, if there is anything else I need to include please let me know.

[Maurice Naggar]

Hello lennyclassix and welcome to MalwareBytes forums,

Your system had the Bandoo Web Search (Searchqu/Searchnu) redirector (highly unwanted).

Next, what I'd like for you to do, is to manually review the toolbars in each browser you have. Internet Explorer first, then, Firefox & or Chrome, as appropriate.

The following is a very good write-up to follow. Look at it, print it out, and look for any toolbar from Bandoo or even iLivid.

If you find one by these, then disable it and write down the name for me.

See http://deletemalware.blogspot.com/2011/05/how-to-remove-searchqu-uninstall-guide.html

Skip the first section about "antimalware". Start with the section "Remove Searchqu Toolbar in Internet Explorer:

1. Open Internet Explorer. Go to Tools → Manage Add-ons."

and onwards.

Do the section for Internet Explorer.

Only if you have Chrome, do the section on Chrome.

Only if you have Firefox, do the section on Firefox.

Once you have checked in your browsers, proceed to Step 2 below.

Do NOT do any manual registry deletions or tweaks/fixes on your own.

Step 2 Custom Scan with OTL

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

• Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %SYSTEMDRIVE%\*.exe
  c:|Fun4IM;true;true;true; /FP
  c:|Bandoo;true;true;true; /FP
  c:|Searchn;true;true;true; /FP
  c:|Searchq;true;true;true; /FP
  c:|datamngr;true;true;true; /FP
  c:|iLivid;true;true;true; /FP
  c:|whitesmoke;true;true;true; /FP
  %systemroot%\*. /mp /s
  CLEARALLRESTOREPOINTS
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on Run Scan.
  
• The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
  When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  These are saved in the same location as OTL.
  
• Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote.

[Maurice Naggar]

Hello,

Kindly provide a status update and log I asked for.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!