harry_hatchit

Searchnu/406 why o why

12 posts in this topic

Hello,

I have encountered the searchnu malware on my system and it has taken over my search engine (firefox) and slowed down my processing speed.

I have noticed other people have posted te same problem and would really appreciate any assitence in removing this beast.

I have downloaded the OTL and selected all users and ran a quick scan as recommended on another forum.

Any help would be forever appreciated....

Harry A

Share this post


Link to post
Share on other sites

Hello Harry and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please post your OTL log files.

Share this post


Link to post
Share on other sites

OTL logfile created on: 28/03/2012 16:30:15 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\harry\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.07% Memory free

5.98 Gb Paging File | 4.45 Gb Available in Paging File | 74.37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 80.78 Gb Total Space | 20.70 Gb Free Space | 25.63% Space Free | Partition Type: NTFS

Computer Name: HARRY-PC | User Name: harry | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/28 15:57:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\harry\Downloads\OTL.exe

PRC - [2012/03/22 14:12:31 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/03/14 18:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

PRC - [2012/03/07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/03/06 19:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

PRC - [2012/02/15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\harry\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/01/31 12:41:27 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.99\GoogleCrashHandler.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2011/04/10 17:29:14 | 001,646,936 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

PRC - [2007/05/11 10:01:40 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe

PRC - [2007/05/11 09:59:20 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe

PRC - [2007/03/02 16:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/22 14:12:30 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/03/16 10:21:17 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2011/04/10 17:28:46 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll

MOD - [2009/09/15 18:20:52 | 000,177,152 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\madbasic_.bpl

MOD - [2009/09/15 18:20:52 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\maddisAsm_.bpl

MOD - [2009/09/15 18:20:46 | 000,345,088 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\madexcept_.bpl

MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll

MOD - [2005/06/14 17:08:28 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Lexmark 7300 Series\iptk.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2007/02/01 22:14:04 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcicoms.exe -- (lxci_device)

SRV:64bit: - [2006/08/05 10:48:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)

SRV - [2012/03/14 18:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/02/01 22:13:46 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcicoms.exe -- (lxci_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/07 00:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/03/07 00:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/03/07 00:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/03/07 00:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/03/07 00:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/03/07 00:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/11/07 22:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)

DRV:64bit: - [2011/05/12 09:08:45 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/05/12 09:08:45 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/03/03 21:40:39 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)

DRV:64bit: - [2011/03/03 21:40:10 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)

DRV:64bit: - [2011/03/03 21:40:10 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)

DRV:64bit: - [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/10/07 13:11:50 | 007,533,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwLv64.sys -- (NETwLv64) Intel®

DRV:64bit: - [2009/09/23 13:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 21:34:35 | 000,087,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b44amd64.sys -- (bcm44amd64)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/25 16:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)

DRV:64bit: - [2009/03/25 16:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)

DRV:64bit: - [2009/03/25 16:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)

DRV:64bit: - [2009/03/25 16:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)

DRV:64bit: - [2009/03/25 16:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)

DRV:64bit: - [2009/03/25 16:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)

DRV:64bit: - [2009/03/25 16:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)

DRV:64bit: - [2007/07/05 03:58:36 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxu6.sys -- (athrusb6)

DRV:64bit: - [2006/10/19 04:33:34 | 001,513,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2006/10/19 04:31:12 | 000,296,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2006/10/19 04:30:10 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2006/08/05 10:42:48 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)

DRV:64bit: - [2006/06/20 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV - [2011/12/15 19:57:33 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)

DRV - [2011/11/07 22:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)

DRV - [2011/11/07 22:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway.com/GGmain.jhtml?id=YH&ptb=F5AB8A30-EC28-4B4F-B6CE-714CA47601A3&psa=&ind=2010110820&ptnrS=YH&si=&st=sb&n=&searchfor={searchTerms}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406

IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 CE CC 11 16 A9 CC 01 [binary data]

IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway.com/GGmain.jhtml?id=YH&ptb=F5AB8A30-EC28-4B4F-B6CE-714CA47601A3&psa=&ind=2010110820&ptnrS=YH&si=&st=sb&n=&searchfor={searchTerms}

IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\..\SearchScopes\{CBD2536B-F0FD-46FB-A961-0113024A48DE}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.order.2: "Google"

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/27 12:51:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 14:12:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 22:30:14 | 000,000,000 | ---D | M]

[2012/02/09 00:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\harry\AppData\Roaming\Mozilla\Extensions

[2012/02/09 19:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\harry\AppData\Roaming\Mozilla\Firefox\Profiles\4hw35m1j.default\extensions

[2010/12/10 01:42:54 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\harry\AppData\Roaming\Mozilla\Firefox\Profiles\4hw35m1j.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2011/05/12 09:48:29 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\harry\AppData\Roaming\Mozilla\Firefox\Profiles\4hw35m1j.default\extensions\es-es@dictionaries.addons.mozilla.org

[2012/02/08 20:11:02 | 000,002,519 | ---- | M] () -- C:\Users\harry\AppData\Roaming\Mozilla\Firefox\Profiles\4hw35m1j.default\searchplugins\Search_Results.xml

[2012/02/09 00:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/08/02 08:31:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/12/19 23:36:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/04/10 22:19:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2012/03/27 12:51:43 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/03/22 14:12:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/07 20:35:02 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/02/07 20:35:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/02/07 20:35:02 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/02/07 20:35:02 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/02/08 20:11:02 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012/02/07 20:35:02 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll File not found

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (no name) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll File not found

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe (Lexmark International Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [LXCICATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCItime.DLL (Lexmark International Inc.)

O4:64bit: - HKLM..\Run: [lxcimon.exe] C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2659688299-512856948-2600300164-1001..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)

O4 - HKU\S-1-5-21-2659688299-512856948-2600300164-1001..\Run: [EPSON BX305 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\Windows\TEMP\E_S346B.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\harry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8:64bit: - Extra context menu item: Download Using &BitSpirit - C:\Program Files (x86)\BitSpirit\bsurl.htm ()

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files (x86)\BitSpirit\bsurl.htm ()

O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Key error. File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D90DC6B-22AD-4C13-963E-A3624E8F58EB}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8098327D-C75F-4560-AD71-16E84D14B0E9}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18 - Protocol\Handler\gopher - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0e0e5dae-23b2-11e0-bf4c-0016d4aa69f2}\Shell - "" = AutoRun

O33 - MountPoints2\{0e0e5dae-23b2-11e0-bf4c-0016d4aa69f2}\Shell\AutoRun\command - "" = E:\Startme.exe

O33 - MountPoints2\{181caddf-00a0-11df-8ce4-0016d4aa69f2}\Shell - "" = AutoRun

O33 - MountPoints2\{181caddf-00a0-11df-8ce4-0016d4aa69f2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/27 12:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012/03/27 12:52:32 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012/03/27 12:52:31 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012/03/27 12:52:24 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012/03/27 12:52:24 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012/03/27 12:52:22 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012/03/27 12:52:20 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012/03/27 12:52:19 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012/03/27 12:50:55 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/03/27 12:50:53 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012/03/27 12:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/03/27 12:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/03/27 11:43:43 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Malwarebytes

[2012/03/27 11:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/27 11:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/03/27 11:43:22 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/03/27 11:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/03/27 11:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/03/27 11:17:21 | 000,000,000 | ---D | C] -- C:\Users\harry\Desktop\Downloads

[2012/03/27 11:17:11 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\GetRightToGo

[2012/03/03 00:10:52 | 000,000,000 | ---D | C] -- C:\CDBData

[2012/03/03 00:05:03 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\SysWow64\vsflex7l.ocx

[2012/03/03 00:05:03 | 000,071,136 | ---- | C] (Sheridan) -- C:\Windows\SysWow64\SSPNG2.DLL

[2012/03/03 00:05:03 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Customer Database Pro

[2012/03/03 00:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Customer Database Pro

[2012/03/03 00:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Customer Database Pro

========== Files - Modified Within 30 Days ==========

[2012/03/28 15:59:55 | 000,013,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/03/28 15:59:55 | 000,013,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/03/28 15:52:17 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/28 15:51:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/03/28 15:50:59 | 2408,144,896 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/27 21:46:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/03/27 16:10:37 | 000,729,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/03/27 16:10:37 | 000,630,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/03/27 16:10:37 | 000,112,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/03/27 12:52:35 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/03/27 12:52:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012/03/27 11:43:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/22 18:02:07 | 000,001,272 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk

[2012/03/22 18:02:02 | 000,001,221 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk

[2012/03/15 11:47:29 | 000,435,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/03/07 00:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/03/07 00:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012/03/07 00:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012/03/07 00:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012/03/07 00:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012/03/07 00:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012/03/07 00:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012/03/07 00:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012/03/07 00:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012/03/04 23:00:00 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job

[2012/03/03 00:05:04 | 000,001,063 | ---- | M] () -- C:\Users\harry\Desktop\Customer Database Pro.lnk

[2012/03/02 21:34:32 | 000,000,997 | ---- | M] () -- C:\Users\harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012/03/02 21:34:31 | 000,001,017 | ---- | M] () -- C:\Users\harry\Desktop\Dropbox.lnk

========== Files Created - No Company Name ==========

[2012/03/27 12:52:35 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/03/27 12:52:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2012/03/27 11:43:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/03 00:05:04 | 000,001,063 | ---- | C] () -- C:\Users\harry\Desktop\Customer Database Pro.lnk

[2011/05/20 21:10:08 | 000,000,179 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2011/05/20 21:10:08 | 000,000,129 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/05/18 17:33:38 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll

[2011/05/07 15:28:37 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcicomx.dll

[2011/05/07 15:28:37 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxciinst.dll

[2011/05/07 15:28:36 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciusb1.dll

[2011/05/07 15:28:36 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipmui.dll

[2011/05/07 15:28:36 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciinpa.dll

[2011/05/07 15:28:36 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciiesc.dll

[2011/05/07 15:28:35 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciserv.dll

[2011/05/07 15:28:35 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcihbn3.dll

[2011/05/07 15:28:35 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcilmpm.dll

[2011/05/07 15:28:35 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciih.exe

[2011/05/07 15:28:35 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcippls.exe

[2011/05/07 15:28:35 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciprox.dll

[2011/05/07 15:28:35 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipplc.dll

[2011/05/07 15:28:34 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomc.dll

[2011/05/07 15:28:34 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicoms.exe

[2011/05/07 15:28:34 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomm.dll

[2011/05/07 15:28:34 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicfg.exe

[2011/03/14 20:01:07 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/08/03 13:35:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2010/02/25 12:44:46 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer

[2010/02/25 12:44:46 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer

[2011/05/31 22:21:52 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\12Pay

[2011/01/25 16:48:38 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\AVG10

[2011/04/18 22:08:50 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/02/10 16:41:27 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\BitSpirit

[2011/03/08 22:00:14 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\DriverCure

[2012/03/28 15:52:52 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\Dropbox

[2011/04/26 20:38:21 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\EndNote

[2011/08/01 14:30:37 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\Epson

[2012/03/27 11:22:29 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\GetRightToGo

[2012/03/27 13:34:28 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\HMRC

[2012/03/27 13:25:35 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\IObit

[2011/01/20 22:33:41 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\Sony

[2011/01/20 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\Sony Setup

[2011/03/08 23:33:39 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\SystemRequirementsLab

[2010/01/12 17:46:18 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\Trusteer

[2010/01/13 21:14:18 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\UDC Profiles

[2012/02/25 16:33:55 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/03/04 23:00:00 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnddddddddddddddddddddddddddddddddddddd

OTL Extras logfile created on: 28/03/2012 16:30:15 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\harry\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.07% Memory free

5.98 Gb Paging File | 4.45 Gb Available in Paging File | 74.37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 80.78 Gb Total Space | 20.70 Gb Free Space | 25.63% Space Free | Partition Type: NTFS

Computer Name: HARRY-PC | User Name: harry | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2659688299-512856948-2600300164-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support

"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP

"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall

"HDMI" = Intel® Graphics Media Accelerator Driver

"Lexmark 7300 Series" = Lexmark 7300 Series

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility

"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{3D44766D-EA16-4B28-85F4-116858345748}" = 12Pay Payroll

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{41888B21-922B-4241-4594-EF1E6828A72B}" = BBC iPlayer Desktop

"{46FA686D-91E4-4933-A84C-B3B4C1AA4178}" = Sage Planning for Business

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6E9B1EA1-B4C3-44F7-A873-DC1211E73420}" = Sage Invoicing and Start-up

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76CE5B47-F5A4-4E5C-99A0-CEFF6146EA4A}" = System Requirements Lab for Intel

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95468B00-C081-4B27-AC96-0A2A31359E60}" = Adobe Flash Player 10 ActiveX

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader

"{C6AC04F5-5916-4A02-BC36-AF5BC0A3CBD4}" = Media Go

"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Advanced SystemCare 5_is1" = Advanced SystemCare 5

"avast" = avast! Free Antivirus

"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop

"BitSpirit_is1" = BitSpirit v3.6.0.403 Stable

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Customer Database Pro" = Customer Database Pro

"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests 2011 Edition (Update 3)

"EPSON BX305 Series Manual" = EPSON BX305 Series Manual

"EPSON BX305 Series Network Guide" = EPSON BX305 Series Network Guide

"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver

"EPSON Scanner" = EPSON Scan

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{46FA686D-91E4-4933-A84C-B3B4C1AA4178}" = Sage Planning for Business

"InstallShield_{6E9B1EA1-B4C3-44F7-A873-DC1211E73420}" = Sage Invoicing and Start-up

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)

"Rapport_msi" = Rapport

"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper

"Smart Defrag 2_is1" = Smart Defrag 2

"Update Service" = Sony Ericsson Update Service

"VLC media player" = VLC media player 1.0.3

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2659688299-512856948-2600300164-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 12/03/2012 10:03:41 | Computer Name = harry-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 14/03/2012 12:38:55 | Computer Name = harry-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 15/03/2012 06:43:30 | Computer Name = harry-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 16/03/2012 06:55:42 | Computer Name = harry-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 16/03/2012 08:58:58 | Computer Name = harry-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 20/03/2012 08:47:40 | Computer Name = harry-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 22/03/2012 06:58:03 | Computer Name = harry-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 23/03/2012 05:18:09 | Computer Name = harry-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 24/03/2012 09:13:07 | Computer Name = harry-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 27/03/2012 10:35:42 | Computer Name = harry-PC | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

[ Media Center Events ]

Error - 09/03/2010 07:13:24 | Computer Name = harry-PC | Source = MCUpdate | ID = 0

Description = 11:13:23 - Failed to retrieve Directory (Error: The operation has

timed out)

Error - 11/09/2010 11:48:02 | Computer Name = harry-PC | Source = MCUpdate | ID = 0

Description = 16:48:02 - Error connecting to the internet. 16:48:02 - Unable

to contact server..

Error - 13/09/2010 01:00:29 | Computer Name = harry-PC | Source = MCUpdate | ID = 0

Description = 16:48:07 - Error connecting to the internet. 16:48:07 - Unable

to contact server..

Error - 18/09/2010 09:00:07 | Computer Name = harry-PC | Source = MCUpdate | ID = 0

Description = 14:00:07 - Error connecting to the internet. 14:00:07 - Unable

to contact server..

Error - 18/09/2010 09:00:22 | Computer Name = harry-PC | Source = MCUpdate | ID = 0

Description = 14:00:12 - Error connecting to the internet. 14:00:12 - Unable

to contact server..

Error - 18/03/2011 06:50:21 | Computer Name = harry-PC | Source = MCUpdate | ID = 0

Description = 10:50:20 - Error connecting to the internet. 10:50:21 - Unable

to contact server..

Error - 18/03/2011 06:50:31 | Computer Name = harry-PC | Source = MCUpdate | ID = 0

Description = 10:50:26 - Error connecting to the internet. 10:50:26 - Unable

to contact server..

[ System Events ]

Error - 27/03/2012 06:36:59 | Computer Name = harry-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

Error - 27/03/2012 06:37:09 | Computer Name = harry-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

Error - 27/03/2012 06:37:44 | Computer Name = harry-PC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 27/03/2012 08:16:02 | Computer Name = harry-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

Error - 27/03/2012 08:16:13 | Computer Name = harry-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

Error - 27/03/2012 10:57:35 | Computer Name = harry-PC | Source = DCOM | ID = 10010

Description =

Error - 27/03/2012 10:50:32 | Computer Name = harry-PC | Source = Microsoft-Windows-HAL | ID = 12

Description = The platform firmware has corrupted memory across the previous system

power transition. Please check for updated firmware for your system.

Error - 27/03/2012 14:11:42 | Computer Name = harry-PC | Source = Microsoft-Windows-HAL | ID = 12

Description = The platform firmware has corrupted memory across the previous system

power transition. Please check for updated firmware for your system.

Error - 28/03/2012 10:50:53 | Computer Name = harry-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

Error - 28/03/2012 10:51:05 | Computer Name = harry-PC | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

< End of report >

Share this post


Link to post
Share on other sites

It is enough for now.

Step 1

Please uninstall BitSpirit, because of our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Also, anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I suggest you to uninstall Microsoft Security Essentials and to leave Avast. It is your choice.

Step 2

You have some leftovers from a third antivirus program - AVG Anti-Virus 10. We should take care for them. Please download and run their official removal tool:

http://www.avg.com/ww-en/faq.num-2303

Follow the instructions.

Step 3

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway.com/GGmain.jhtml?id=YH&ptb=F5AB8A30-EC28-4B4F-B6CE-714CA47601A3&psa=&ind=2010110820&ptnrS=YH&si=&st=sb&n=&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
    IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\..\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}: "URL" = http://results.myway.com/GGmain.jhtml?id=YH&ptb=F5AB8A30-EC28-4B4F-B6CE-714CA47601A3&psa=&ind=2010110820&ptnrS=YH&si=&st=sb&n=&searchfor={searchTerms}
    IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-2659688299-512856948-2600300164-1001\..\SearchScopes\{CBD2536B-F0FD-46FB-A961-0113024A48DE}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.selectedEngine: "Search Results"
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q="
    [2012/02/08 20:11:02 | 000,002,519 | ---- | M] () -- C:\Users\harry\AppData\Roaming\Mozilla\Firefox\Profiles\4hw35m1j.default\searchplugins\Search_Results.xml
    [2012/02/08 20:11:02 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    [2011/01/25 16:48:38 | 000,000,000 | ---D | M] -- C:\Users\harry\AppData\Roaming\AVG10

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{099EF85B-3260-4b87-9239-33355EE6A548}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.

HKU\S-1-5-21-2659688299-512856948-2600300164-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-2659688299-512856948-2600300164-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2659688299-512856948-2600300164-1001\Software\Microsoft\Internet Explorer\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{099EF85B-3260-4b87-9239-33355EE6A548}\ not found.

Registry key HKEY_USERS\S-1-5-21-2659688299-512856948-2600300164-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_USERS\S-1-5-21-2659688299-512856948-2600300164-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CBD2536B-F0FD-46FB-A961-0113024A48DE}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBD2536B-F0FD-46FB-A961-0113024A48DE}\ not found.

Prefs.js: "Search Results" removed from browser.search.defaultenginename

Prefs.js: "Search Results" removed from browser.search.order.1

Prefs.js: "Search Results" removed from browser.search.selectedEngine

Prefs.js: "http://www.searchqu.com/406" removed from browser.startup.homepage

Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" removed from keyword.URL

C:\Users\harry\AppData\Roaming\Mozilla\Firefox\Profiles\4hw35m1j.default\searchplugins\Search_Results.xml moved successfully.

C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

C:\Users\harry\AppData\Roaming\AVG10\cfgall folder moved successfully.

C:\Users\harry\AppData\Roaming\AVG10 folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: harry

->Temp folder emptied: 42797848 bytes

->Temporary Internet Files folder emptied: 13330534 bytes

->Java cache emptied: 3164493 bytes

->FireFox cache emptied: 249163948 bytes

->Flash cache emptied: 1917 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3392554 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119119 bytes

RecycleBin emptied: 6239139 bytes

Total Files Cleaned = 304.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 03302012_135511

Files\Folders moved on Reboot...

C:\Users\harry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Everything appears to be working perfectly!

When I load up my browser there is no sign of the searchnu virus.

I cant thank you enough... I'm studying a lot at the moment and really need my computer...

I will be sure to leave a donation to show my gratitude..

Is there anything else that I need to do?

Thanks again

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.