Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

searhnu help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

searhnu help!

Unread postby janeemorgan » June 11th, 2012, 3:04 am

My husband downloaded the software to watch live sport streaming and this very annoying search engine hijacker came with it. I uninstalled on add/remove programmes but it hasn't gone completely. I tried to use the Hijack This software but had no idea what files to remove.

DDS Report -

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jane at 7:49:46 on 2012-06-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4010.2357 [GMT 1:00]
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
============== Pseudo HJT Report ===============
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [Google Update] "C:\Users\Jane\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [EPSON Stylus DX7400 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE /FU "C:\windows\TEMP\E_S5929.tmp" /EF "HKCU"
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe -update activex
mRun: [KNOWHOW(TM) APP CENTRE] "C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer =
TCP: Interfaces\{0A424628-AA03-4703-8303-7F769CD60C63} : DhcpNameServer =
TCP: Interfaces\{0A424628-AA03-4703-8303-7F769CD60C63}\8456272796F64702E4564777F627B6 : DhcpNameServer =
TCP: Interfaces\{0A424628-AA03-4703-8303-7F769CD60C63}\C6F6368602C696E6E6865602C6F64676563702275607 : DhcpNameServer =
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [KNOWHOW(TM) APP CENTRE] "C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
============= SERVICES / DRIVERS ===============
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-11 1997416]
R2 SGDrv;SGDrv;C:\windows\system32\DRIVERS\SGdrv64.sys --> C:\windows\system32\DRIVERS\SGdrv64.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-11 2656536]
R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\windows\system32\DRIVERS\AMPPAL.sys --> C:\windows\system32\DRIVERS\AMPPAL.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\windows\system32\DRIVERS\amppal.sys --> C:\windows\system32\DRIVERS\amppal.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
=============== Created Last 30 ================
2012-06-11 06:04:45 -------- d-----w- C:\Users\Jane\AppData\Local\{92AEDE3D-1666-4A41-8A10-46F89FB41AEA}
2012-06-11 06:04:24 -------- d-----w- C:\Users\Jane\AppData\Local\{DC53426F-5370-44E1-9333-334C77C79BCD}
2012-06-10 14:27:27 -------- d-----w- C:\Users\Jane\AppData\Local\{4A593925-4EDC-4D39-9E98-D6D5F3CC290E}
2012-06-10 14:27:15 -------- d-----w- C:\Users\Jane\AppData\Local\{DCA7977D-178D-4444-9B7A-D6D491DD9887}
2012-06-10 14:26:00 -------- d-----w- C:\ProgramData\boost_interprocess
2012-06-10 11:40:34 -------- d-----w- C:\Users\Jane\AppData\Local\Ilivid Player
2012-06-10 11:15:21 -------- d-----w- C:\Users\Jane\AppData\Local\{D8140818-65F8-48A6-B6D6-795CA10BDDB0}
2012-06-10 11:15:05 -------- d-----w- C:\Users\Jane\AppData\Local\{DD7B2261-22B5-4184-A6B5-784B299A2D13}
2012-06-07 06:38:20 -------- d-----w- C:\Users\Jane\AppData\Local\{081F983C-58B6-4969-BB76-12BCB7F6B52C}
2012-06-07 06:38:05 -------- d-----w- C:\Users\Jane\AppData\Local\{F9B60BBB-7496-41D4-8CDA-FEB31678FCB2}
2012-05-31 06:19:26 -------- d-----w- C:\Users\Jane\AppData\Local\{C5A0D6F8-279D-4172-A7F8-B8A3E432C71E}
2012-05-31 06:19:13 -------- d-----w- C:\Users\Jane\AppData\Local\{2EBEC61A-C7B5-44F4-A66A-6010E780DDEF}
2012-05-30 15:52:35 -------- d-----w- C:\Users\Jane\AppData\Local\{614D056F-9CB2-4ADB-B32D-CE8AAF3AE3E1}
2012-05-30 15:52:23 -------- d-----w- C:\Users\Jane\AppData\Local\{32C39292-A2E1-4E5B-A655-066F0A3D745E}
2012-05-29 13:18:35 -------- d-----w- C:\Users\Jane\AppData\Local\{9CDFA3B2-1FC6-4489-93DE-410E2DEC0587}
2012-05-29 13:18:24 -------- d-----w- C:\Users\Jane\AppData\Local\{3657BF9C-F688-410F-B4A1-6056036D883B}
2012-05-29 13:11:02 -------- d-----w- C:\Users\Jane\AppData\Local\{05A05F6F-1936-452D-9C16-AE691F73180B}
2012-05-29 13:10:51 -------- d-----w- C:\Users\Jane\AppData\Local\{186C68A4-A617-4294-AE6F-4EC44B028AE7}
2012-05-27 17:29:00 -------- d-----w- C:\Users\Jane\AppData\Local\{21F27F71-CE34-427A-B1DE-248246D175A8}
2012-05-27 17:28:48 -------- d-----w- C:\Users\Jane\AppData\Local\{53671E0D-7F8C-43BA-A829-BC6892C9E50B}
2012-05-27 08:13:37 -------- d-----w- C:\Users\Jane\AppData\Local\{2A043961-114F-4A0E-A81C-A44782803350}
2012-05-27 08:13:25 -------- d-----w- C:\Users\Jane\AppData\Local\{BBF1F3E3-54AB-4266-925F-233B36C94140}
2012-05-24 15:10:05 -------- d-----w- C:\Users\Jane\AppData\Local\{AECE7F9A-0672-495B-BBB8-10B42AD91191}
2012-05-24 15:09:43 -------- d-----w- C:\Users\Jane\AppData\Local\{D09BEEBA-3E98-47C0-B276-F517209DF8C7}
2012-05-24 15:08:44 -------- d-----w- C:\Users\Jane\AppData\Local\{42884B75-C47D-45C2-A96E-B0F19C02B0F6}
2012-05-24 15:08:19 -------- d-----w- C:\Users\Jane\AppData\Local\{379195F6-2DA2-4BB7-8795-70A4EB3C351C}
2012-05-24 15:07:49 -------- d-----w- C:\Users\Jane\AppData\Local\{CD488169-E56A-4F7A-9E40-7AB7D4335011}
2012-05-24 15:07:27 -------- d-----w- C:\Users\Jane\AppData\Local\{BB4C4B7C-D5C9-43E2-A716-02F4A09D3667}
2012-05-24 15:06:16 -------- d-----w- C:\Users\Jane\AppData\Local\{B823C0D1-3A8F-465C-BFDA-10903EAED643}
2012-05-24 15:04:12 -------- d-----w- C:\Users\Jane\AppData\Local\{FB1D93BE-8949-4F1D-8AF3-D7B84761CF1A}
2012-05-24 15:03:53 -------- d-----w- C:\Users\Jane\AppData\Local\{41383E38-3CB3-46CB-B316-43FE20171F84}
2012-05-24 15:02:53 -------- d-----w- C:\Users\Jane\AppData\Local\{F6620838-2E4F-4C4C-8196-67438B1CEACD}
2012-05-24 15:02:31 -------- d-----w- C:\Users\Jane\AppData\Local\{4877CB43-F0C3-433E-9122-A3B0CCF88838}
2012-05-24 15:01:56 -------- d-----w- C:\Users\Jane\AppData\Local\{A3AE2515-EFFE-4F1D-88C7-BFB8D699D908}
2012-05-24 15:01:33 -------- d-----w- C:\Users\Jane\AppData\Local\{3AFAF957-BD68-4944-868C-B8C9880E4840}
2012-05-24 15:00:43 -------- d-----w- C:\Users\Jane\AppData\Local\{C1303E2C-EA2E-4E3D-B29A-BF7AE521DB9B}
2012-05-24 15:00:22 -------- d-----w- C:\Users\Jane\AppData\Local\{00B49FE0-F3DE-4F7D-8053-3926038063A3}
2012-05-24 14:59:23 -------- d-----w- C:\Users\Jane\AppData\Local\{D9D94427-01B0-4D70-A3EC-F1C7E01BF477}
2012-05-24 14:59:08 -------- d-----w- C:\Users\Jane\AppData\Local\{3A7C36F6-867A-4290-9633-5EAD1ECA0973}
2012-05-24 14:58:26 -------- d-----w- C:\Users\Jane\AppData\Local\{C49D3600-9689-4109-A061-47C696EA3836}
2012-05-24 14:57:57 -------- d-----w- C:\Users\Jane\AppData\Local\{5FBFDBA5-B2EA-49EA-BA2E-0AA6F1B3133E}
2012-05-24 14:56:36 -------- d-----w- C:\Users\Jane\AppData\Local\{C3E6F9B6-7090-4188-B67F-7E2F470EA571}
2012-05-24 14:56:23 -------- d-----w- C:\Users\Jane\AppData\Local\{8563AC4C-FB08-4551-9A3F-AD2208D02221}
2012-05-24 14:55:10 -------- d-----w- C:\Users\Jane\AppData\Local\{AC5CE097-5DD6-4C3E-A6C9-28D2F2AE5F16}
2012-05-24 14:54:53 -------- d-----w- C:\Users\Jane\AppData\Local\{6D080017-3F96-4E59-9A55-8B1E40931918}
2012-05-24 14:54:04 -------- d-----w- C:\Users\Jane\AppData\Local\{4DC33CD6-1F91-4DAC-AFF1-EC794FE5E45E}
2012-05-24 14:53:52 -------- d-----w- C:\Users\Jane\AppData\Local\{86CE24FD-1A3D-40CF-9D09-0125D585242D}
2012-05-24 14:53:01 -------- d-----w- C:\Users\Jane\AppData\Local\{BFAFE684-7A91-4100-8FE6-9BACA32EDDC6}
2012-05-24 14:52:50 -------- d-----w- C:\Users\Jane\AppData\Local\{5423D2C6-B401-44A1-9C11-8D2B3EC2DD1D}
2012-05-24 14:52:10 -------- d-----w- C:\Users\Jane\AppData\Local\{46DC5A48-5ADA-424A-9EAB-6B964C7EF02E}
2012-05-24 14:51:57 -------- d-----w- C:\Users\Jane\AppData\Local\{88FD0B5E-A06A-4E6B-90F1-31670F590ECE}
2012-05-24 14:50:36 -------- d-----w- C:\Users\Jane\AppData\Local\{ED9B0E23-044D-43C3-A405-D25BD15649BB}
2012-05-24 14:50:24 -------- d-----w- C:\Users\Jane\AppData\Local\{208395CE-7AF5-444A-886E-6552014D0FF1}
2012-05-24 14:49:16 -------- d-----w- C:\Users\Jane\AppData\Local\{A004AD17-01B0-4E83-A376-71E1E27B6035}
2012-05-24 14:49:03 -------- d-----w- C:\Users\Jane\AppData\Local\{FBF289F9-5ABE-4CC9-BFDF-ED74918FAC57}
2012-05-23 08:22:42 -------- d-----w- C:\Users\Jane\AppData\Local\{9979BBE6-DF26-4555-9A97-2272F8E32D1D}
2012-05-23 08:22:30 -------- d-----w- C:\Users\Jane\AppData\Local\{030415C8-C24A-4EC9-B8E5-FEEF77274AA5}
2012-05-20 07:54:24 -------- d-----w- C:\Users\Jane\AppData\Local\{2B54F72D-CCD0-4C50-9231-8250C1C6D01C}
2012-05-20 07:54:11 -------- d-----w- C:\Users\Jane\AppData\Local\{E30D4887-1CFD-46E6-A085-F9DAA08FA5D4}
2012-05-17 11:23:23 -------- d-----w- C:\Users\Jane\AppData\Local\{7556E9AF-1264-471B-BA1F-AC219B04AA68}
2012-05-17 11:23:10 -------- d-----w- C:\Users\Jane\AppData\Local\{97DFBF13-2FEB-45C1-9599-32E7E66FFAEC}
2012-05-17 09:36:53 -------- d-----w- C:\Users\Jane\AppData\Local\{CB717C98-AC92-4F23-AB6F-790DFDA9B714}
2012-05-17 09:36:38 -------- d-----w- C:\Users\Jane\AppData\Local\{E2A458FB-DC80-401D-8DDD-4FE0EC7BD14A}
2012-05-16 21:06:52 -------- d-----w- C:\Users\Jane\AppData\Local\{CC33409A-7B9B-49B0-8C43-054F4342F688}
2012-05-16 21:06:29 -------- d-----w- C:\Users\Jane\AppData\Local\{2A6596D7-CABC-4050-9318-E9AD237F34EA}
2012-05-16 13:03:05 -------- d-----w- C:\Users\Jane\AppData\Local\{13C48F98-56F6-437E-9D45-D4ED8C8D5F0C}
2012-05-16 13:02:46 -------- d-----w- C:\Users\Jane\AppData\Local\{15FA2686-E47F-485C-903B-BEAFED2F1997}
2012-05-16 12:58:14 -------- d-----w- C:\Users\Jane\AppData\Local\{FA953A33-2B22-4311-B8D7-766D14A59B28}
2012-05-16 12:58:03 -------- d-----w- C:\Users\Jane\AppData\Local\{4532B1DC-2F39-472A-AE15-65562BD3CF8F}
2012-05-16 10:40:03 -------- d-----w- C:\Users\Jane\AppData\Local\{6819C4B7-74DD-4AED-B440-0249D59AE501}
2012-05-16 10:39:52 -------- d-----w- C:\Users\Jane\AppData\Local\{43192438-5C69-4477-A2CE-404C0D1A1049}
2012-05-16 05:30:43 -------- d-----w- C:\Users\Jane\AppData\Local\{ACEB0F1D-A584-49AD-B4D0-BE7975D73A6E}
2012-05-16 05:30:26 -------- d-----w- C:\Users\Jane\AppData\Local\{65EE0EDD-DE1B-4807-BEDE-C4A92A590529}
2012-05-15 08:36:27 -------- d-----w- C:\Users\Jane\AppData\Local\{A29BC816-32C6-4F27-9269-5B3481A36F56}
2012-05-15 08:36:14 -------- d-----w- C:\Users\Jane\AppData\Local\{237655F7-3B56-4C39-9DA2-F647BBE48CA8}
2012-05-15 08:34:57 -------- d-----w- C:\Users\Jane\AppData\Local\{94914F9B-4C2C-4112-BD61-6710922E6612}
2012-05-15 08:34:43 -------- d-----w- C:\Users\Jane\AppData\Local\{B55F8CB9-8BDE-4D39-BCEA-06B648336084}
2012-05-15 08:32:06 -------- d-----w- C:\Users\Jane\AppData\Local\{D90BA7D2-92D1-436E-8106-894DEC9D46A6}
2012-05-15 08:31:55 -------- d-----w- C:\Users\Jane\AppData\Local\{FA6BDAF6-5328-4C99-89F9-3DBFC9286E3F}
2012-05-14 05:41:39 -------- d-----w- C:\Users\Jane\AppData\Local\{C3E96D79-A95C-4DE6-97D3-6C5C0B40CE8A}
2012-05-14 05:41:26 -------- d-----w- C:\Users\Jane\AppData\Local\{8FF1F34F-47AB-41F4-A854-9C111829F327}
2012-05-12 15:24:45 -------- d-----w- C:\Users\Jane\AppData\Local\{F4481993-D191-40BA-9E47-C195365D16E9}
2012-05-12 15:24:34 -------- d-----w- C:\Users\Jane\AppData\Local\{2E2698BD-5223-462A-BF25-A4C1BF2328D8}
2012-05-12 15:17:15 -------- d-----w- C:\Users\Jane\AppData\Local\{BC9E35C2-746E-47F7-A129-084A18D5D338}
2012-05-12 15:17:03 -------- d-----w- C:\Users\Jane\AppData\Local\{C30FC34C-EF81-4C6B-9863-AAA656D5C1F0}
==================== Find3M ====================
2012-04-19 03:50:26 28480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-03-19 04:17:26 383808 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2012-03-17 07:58:57 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
============= FINISH: 7:50:36.57 ===============

The attach bit -

DDS (Ver_2011-08-26.01)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 18/01/2012 21:01:17
System Uptime: 11/06/2012 07:02:55 (0 hours ago)
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 300E4A/300E5A/300E7A
Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz | CPU | 1100/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 179 GiB total, 62.954 GiB free.
D: is FIXED (NTFS) - 266 GiB total, 266.342 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP61: 15/05/2012 14:09:50 - Installed AVG 2012
RP62: 23/05/2012 18:15:13 - Scheduled Checkpoint
RP63: 07/06/2012 07:39:40 - Windows Update
==== Installed Programs ======================
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 10
Adobe Reader X (10.1.3)
Agatha Christie - Death on the Nile
Apple Application Support
Apple Software Update
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
Bejeweled 2 Deluxe
Bing Bar
Chuzzle Deluxe
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink YouCam
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Easy File Share
Easy Migration
Easy Settings
Easy Software Manager
Easy Support Center 1.0
Elements 10 Organizer
Empire: Total War
Farm Frenzy
Football Manager 2009
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Google Chrome
Insaniquarium Deluxe
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
John Deere Drive Green
Junk Mail filter update
Mesh Runtime
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Multimedia POP
Napoleon: Total War
Norton Online Backup
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Pošta Windows Live
PSE10 STI Installer
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Samsung Recovery Solution 5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 4.2
Software Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
User Guide
Visual Studio 2008 x64 Redistributables
Warhammer® 40,000™: Dawn of War® II
WildTangent Games
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
World in Conflict: Soviet Assault
Zuma Deluxe
==== End Of File ===========================

Hope you can help me before I combust with rage!!
Active Member
Posts: 4
Joined: June 11th, 2012, 2:53 am
Register to Remove

Re: searhnu help!

Unread postby mambass » June 11th, 2012, 10:47 am

Hi janeemorgan, :)

Welcome to the forum.

My nickname is mambass and I'll be helping you with any malware problems.

Before we begin...please read and follow these important guidelines so things will proceed smoothly.

  1. If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. Please read all instructions carefully before executing them and perform the steps in the order given.
    lf you have any questions or problems executing these instructions then <<STOP>> do not proceed but rather post back with the question or problem.
  4. Your security programs may give warnings for some of the tools I will ask you to use. Be assured that any links I give are safe.
  5. You must have Administrator rights permissions for this computer.
  6. DO NOT run any other fix or removal tools unless instructed to do so!
  7. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  8. Only post your problem at one (1) help site. Applying fixes from multiple help sites can cause problems.
  9. Only reply to this thread. Do not start another thread.
  10. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  11. You might want to place a link to this thread in your Favorites/Bookmarks for easy access.
  12. No Reply Within 3 Days Will Result In Your Topic Being Closed! Please let me know in advance if you will not be able to reply within this time limit.
  13. The logs I request can take a while to research so please be patient.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection. I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system or to necessitate you taking your computer to a repair shop.

Because of this I advise you to backup any personal files and folders before you start.

How to back up or transfer your data on a Windows-based computer


I am currently reviewing your log and will return as soon as possible with additional instructions.


User avatar
Retired Graduate
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: searhnu help!

Unread postby janeemorgan » June 11th, 2012, 11:12 am

Thank you, everything is backed up here so I shall await further instructions :)
Active Member
Posts: 4
Joined: June 11th, 2012, 2:53 am

Re: searhnu help!

Unread postby mambass » June 11th, 2012, 12:34 pm

Hi Jane, :)

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. Create a System Restore Point
    1. Go to Start, right-click on Computer and select Properties.
    2. In the left pane under Tasks, click System protection.
    3. If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
    4. Select System Protection ...then choose Create.
    5. In the System Restore dialog box, type a description for the restore point (e.g., Start of malware removal process) and click Create again.
    6. A window should pop up with "The Restore Point was created successfully" message.
    7. Click OK and close the System Restore dialog.

      Note: If the message window was not displayed stating that the system restore point was created successfully then STOP - Do not continue with the steps below but rather reply to let me know what happened.

  2. Run the Initial Searchqu OTL Fix
    1. Right-click on the filename link below and select "Save target as..." or "Save Link as...", and save it to your Desktop as filename: Fix.txt.


    2. Click here to download OTL.exe by Old Timer and save it to your Desktop.
    3. Right-click the OTL icon on your Desktop and select Run As Administrator to run OTL.
    4. Click the Run Fix button at the top. You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel".
    5. Click the OK button. An Open dialog will be displayed.
    6. Navigate to the Desktop, scroll to find the file named Fix.txt and click Open button. Some text will appear in the Custom scans/Fixes box.
    7. Click the Run Fix button.
    8. Let the program run unhindered and reboot the PC when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    9. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

  3. Run SystemLook
    1. Click here to download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
    2. Right-click SystemLook_x64.exe and select Run As Administrator to run it.
    3. Copy and paste the contents of the following codebox into the main textfield (do not include the word code:):
      Code: Select all
    4. Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    5. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

  4. Run a Scan with OTL
    1. Right-click the OTL icon on your Desktop and select Run As Administrator to run the program.
    2. Check the boxes labeled :
      • Include 64 bit scans
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    3. Make sure all other windows are closed so that it can run uninterrupted.
    4. Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan won't take long.
    5. When the scan completes, it will open two notepad windows. OTL.Txt will be displayed and Extras.Txt will be minimized. These are saved in the same location as OTL. (desktop)
    6. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

Please include in your reply (use separate posts if more convenient):
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the OTL Fix log.
  3. The contents of the SystemLook.txt log.
  4. The contents of the OTL.txt and Extras.txt logs.

User avatar
Retired Graduate
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: searhnu help!

Unread postby janeemorgan » June 14th, 2012, 2:08 am

Sorry, I have been away - I am about to attempt this.
Active Member
Posts: 4
Joined: June 11th, 2012, 2:53 am

Re: searhnu help!

Unread postby mambass » June 15th, 2012, 12:43 pm

Hi Jane, :)

Thanks for the update. Let me know if you have any problems.

User avatar
Retired Graduate
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: searhnu help!

Unread postby mambass » June 20th, 2012, 7:47 pm

Hi Jane,

Do you still need help?

User avatar
Retired Graduate
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: searhnu help!

Unread postby deltalima » June 22nd, 2012, 4:33 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Register to Remove

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware