We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Help with removing mywebsearch

Crispy_Ambulance
Crispy_Ambulance Posts: 3,829 Forumite
Part of the Furniture Name Dropper Combo Breaker
in Techie Stuff
Hi

I've been trying to remove "mywebsearch" but have reached the end of my capability. I've run Malwearbytes, Spybot and SuperAntiSpyware along with Avast and they have found lots of nasties and removed/quarantined them but the pesky thing is still there. I looked at another thread and downloaded OTL as another poster had advised - would someone mind having a look at the logs?

OTL logfile created on: 14/12/2012 08:43:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elizabeth\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 43.54% Memory free
3.98 Gb Paging File | 2.19 Gb Available in Paging File | 54.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 14.00 Gb Free Space | 18.82% Space Free | Partition Type: NTFS
Drive E: | 73.21 Gb Total Space | 68.69 Gb Free Space | 93.82% Space Free | Partition Type: NTFS

Computer Name: TAMMY | User Name: Elizabeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/14 08:42:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elizabeth\Documents\Downloads\OTL(1).exe
PRC - [2012/11/29 08:27:34 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/01 19:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/31 16:48:26 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Elizabeth\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/05/24 18:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Elizabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/01/07 21:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/09/16 13:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/02/09 15:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/09 19:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 18:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/24 10:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 11:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/04/24 18:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 09:22:10 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
PRC - [2008/04/24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/16 23:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 13:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/21 02:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/07/10 08:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/10/04 13:16:46 | 000,040,960 | ---- | M] (Avanquest Publishing USA, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/29 08:27:37 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/28 03:43:17 | 000,460,904 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
MOD - [2012/11/28 03:43:16 | 012,456,040 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
MOD - [2012/11/28 03:43:15 | 004,008,040 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012/11/28 03:42:30 | 000,587,880 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012/11/28 03:42:29 | 000,124,520 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012/11/28 03:42:22 | 000,157,304 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012/11/28 03:42:21 | 002,168,952 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012/11/28 03:42:21 | 000,275,576 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2012/11/21 15:58:54 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/20 21:36:39 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
MOD - [2012/11/16 18:16:33 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll
MOD - [2012/11/16 18:16:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll
MOD - [2012/11/16 18:16:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012/11/16 18:14:36 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fb3f7dcfc0e32eb2db9d481ae090714c\System.Xml.ni.dll
MOD - [2012/11/16 18:14:01 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012/11/16 18:13:52 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012/11/16 18:13:12 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\09ab834223f9c860f08de8d58688b1a3\PresentationCore.ni.dll
MOD - [2012/11/16 18:13:00 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0e3cff5f58a9a75de7fcac112c8bbca0\WindowsBase.ni.dll
MOD - [2012/11/16 18:12:57 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/16 18:12:49 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2011/01/07 21:09:34 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/01/07 21:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/01/07 21:09:32 | 000,352,256 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/01/07 21:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/01/07 21:09:32 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/01/07 21:09:32 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/07/29 12:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008/03/06 10:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 12:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/14 21:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/10/10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/12/13 15:58:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/29 08:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/09/16 13:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 18:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 14:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 22:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/23 09:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/06/09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/11/07 06:15:00 | 000,041,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2008/07/18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/05/19 18:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 08:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\..\SearchScopes,DefaultScope = {01C2FCCE-DA1A-487E-8B4A-94EA586E55BD}
IE - HKLM\..\SearchScopes\{01C2FCCE-DA1A-487E-8B4A-94EA586E55BD}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bbc.co.uk/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {01C2FCCE-DA1A-487E-8B4A-94EA586E55BD}
IE - HKCU\..\SearchScopes\{01C2FCCE-DA1A-487E-8B4A-94EA586E55BD}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_en-GB
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=5nzum5BMgXiY0vxD5rWxXfLWiAI?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "My Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3493
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=87E56982-2615-4309-B267-720A3755E906&n=77ee86f1&ind=2012120817&p2=^HJ^xdm018^YY^gb&si=pconverter&searchfor="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elizabeth\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/18 15:54:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/11 16:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/31 09:19:01 | 000,000,000 | ---D | M]

[2009/03/11 20:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Extensions
[2012/12/11 16:24:11 | 000,000,000 | ---D | M] (No name found) --
"Harry, I'm going to let you in on a little secret. Every day, once a day, give yourself a present. Don't plan it. Don't wait for it. Just let it happen. It could be a new shirt at the men's store, a catnap in your office chair, or two cups of good, hot black coffee."
«1

Comments

  • Crispy_Ambulance
    Crispy_Ambulance Posts: 3,829 Forumite
    Part of the Furniture Name Dropper Combo Breaker
    C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\hnidvlib.default\extensions
    [2012/10/19 12:01:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\hnidvlib.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/02/07 21:49:11 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\hnidvlib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2011/11/04 12:05:43 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\hnidvlib.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2012/12/08 17:02:12 | 000,009,615 | ---- | M] () -- C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\hnidvlib.default\searchplugins\my-web-search.xml
    [2012/12/11 16:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/10/31 09:18:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/11/01 21:26:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/11/18 15:54:55 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
    [2012/11/29 08:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/11/29 08:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/11/29 08:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Elizabeth\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: avast! WebRep = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
    CHR - Extension: Gmail = C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BrowserPlugInHelper] C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe File not found
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" File not found
    O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
    O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
    O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Elizabeth\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe (Avanquest Publishing USA, Inc.)
    O4 - Startup: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Elizabeth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
    O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?!!!!!Toshibaukbholink-21&site=home File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9EFF456-DE9B-4C94-A99F-F46C9EA69AE5}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE06F5B7-6A9A-406F-A9EF-2C2B87A132DC}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{8902d19c-0ce6-11de-af74-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{8902d19c-0ce6-11de-af74-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/13 17:22:01 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\SUPERAntiSpyware.com
    [2012/12/13 17:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/12/13 17:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/12/13 17:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/12/11 16:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/12/08 17:14:00 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
    [2012/12/08 17:13:59 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
    [2012/12/08 17:13:59 | 000,070,656 | ---- | C] (https://www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
    [2012/12/08 17:13:59 | 000,070,656 | ---- | C] (https://www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
    [2012/12/08 17:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
    [2012/12/08 17:10:40 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
    [2012/12/08 17:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
    [2012/12/08 17:10:39 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
    [2012/12/08 17:10:39 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
    [2012/12/08 17:10:39 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
    [2012/12/08 17:10:39 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
    [2012/12/08 17:10:39 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
    [2012/12/08 17:10:39 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
    [2012/12/08 17:10:39 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
    [2012/12/08 17:10:39 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
    [2012/12/08 17:10:38 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
    [2012/12/08 17:10:37 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
    [2012/12/08 17:10:37 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
    [2012/12/08 17:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
    [2012/12/08 17:02:51 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\TrafficSpaceLLC
    [2012/12/08 17:02:48 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\Documents\Video Download Converter
    [2012/12/08 16:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
    [2012/12/08 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\Documents\Aimersoft Video Converter Ultimate
    [2012/12/08 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Roaming\Aimersoft Video Converter Ultimate
    [2012/12/08 16:56:24 | 000,000,000 | ---D | C] -- C:\Users\Elizabeth\AppData\Local\Aimersoft
    [2012/12/08 16:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Aimersoft
    [2012/12/08 16:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Aimersoft Video Converter Ultimate
    [2012/12/08 16:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Aimersoft
    [3 C:\Users\Elizabeth\Documents\*.tmp files -> C:\Users\Elizabeth\Documents\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/12/14 08:36:52 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-708466495-1334651087-2902899843-1000UA.job
    [2012/12/14 08:36:34 | 000,002,067 | ---- | M] () -- C:\Users\Elizabeth\Desktop\Google Chrome.lnk
    [2012/12/14 08:36:34 | 000,002,029 | ---- | M] () -- C:\Users\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/12/14 08:25:35 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/14 08:15:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/14 08:10:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/14 08:10:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/14 08:10:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/14 08:09:35 | 2009,067,520 | -HS- | M] () -- C:\hiberfil.sys
    [2012/12/13 19:58:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/12/13 17:21:55 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/12/13 17:11:12 | 000,002,595 | ---- | M] () -- C:\Users\Elizabeth\Desktop\Microsoft Word.lnk
    [2012/12/13 16:30:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-708466495-1334651087-2902899843-1000Core.job
    [2012/12/11 16:23:20 | 000,000,875 | ---- | M] () -- C:\Users\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/12/11 16:23:20 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/12/08 17:35:34 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/08 17:10:40 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
    [2012/12/08 17:01:57 | 000,178,136 | ---- | M] () -- C:\Program Files\4zres.dll
    [2012/12/08 16:46:30 | 000,045,056 | ---- | M] () -- C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/12/08 09:59:17 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/12/08 09:59:17 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/11/27 13:47:29 | 000,101,833 | ---- | M] () -- C:\Users\Elizabeth\Documents\Prospective Money Advice Students for SSG.pdf
    [2012/11/27 12:25:28 | 004,410,213 | ---- | M] () -- C:\Users\Elizabeth\Documents\Letters [Jessica Bird].pdf
    [2012/11/22 18:07:10 | 000,128,630 | ---- | M] () -- C:\Users\Elizabeth\Documents\Luis Potter SFE Grant letters.pdf
    [2012/11/18 15:54:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/11/16 18:09:27 | 000,310,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/11/15 14:34:09 | 000,096,235 | ---- | M] () -- C:\Users\Elizabeth\Documents\Routine Telephone Calls.pdf
    [2012/11/15 14:33:05 | 000,096,879 | ---- | M] () -- C:\Users\Elizabeth\Documents\Routine Letter - Fax - Email.pdf
    [2012/11/15 14:27:51 | 000,089,365 | ---- | M] () -- C:\Users\Elizabeth\Documents\Preparing Appeal.pdf
    [2012/11/15 14:23:39 | 000,092,326 | ---- | M] () -- C:\Users\Elizabeth\Documents\General Casework.pdf
    [2012/11/15 14:21:37 | 000,095,821 | ---- | M] () -- C:\Users\Elizabeth\Documents\File or Case Review.pdf
    [2012/11/15 14:14:28 | 000,088,738 | ---- | M] () -- C:\Users\Elizabeth\Documents\Attend University Hearing.pdf
    [2012/11/15 14:12:06 | 000,096,750 | ---- | M] () -- C:\Users\Elizabeth\Documents\Interviews.pdf
    [3 C:\Users\Elizabeth\Documents\*.tmp files -> C:\Users\Elizabeth\Documents\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/12/13 17:21:55 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/12/11 16:23:20 | 000,000,875 | ---- | C] () -- C:\Users\Elizabeth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/12/11 16:23:20 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/12/11 16:23:20 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/12/08 17:35:34 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/08 17:29:55 | 000,178,136 | ---- | C] () -- C:\Program Files\4zres.dll
    [2012/12/08 17:13:59 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2012/12/08 17:10:40 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
    [2012/12/08 17:10:39 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax
    [2012/12/08 17:10:39 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
    [2012/12/08 17:10:39 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
    [2012/12/08 17:10:38 | 000,195,584 | RHS- | C] () -- C:\Windows\System32\MatroskaDX.ax
    [2012/12/08 17:10:38 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
    [2012/12/08 17:10:38 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
    [2012/12/08 17:10:38 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
    [2012/12/08 17:10:38 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
    [2012/12/08 17:10:37 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
    [2012/12/08 17:10:37 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
    [2012/12/08 17:10:37 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
    [2012/11/27 13:47:28 | 000,101,833 | ---- | C] () -- C:\Users\Elizabeth\Documents\Prospective Money Advice Students for SSG.pdf
    [2012/11/27 12:25:28 | 004,410,213 | ---- | C] () -- C:\Users\Elizabeth\Documents\Letters [Jessica Bird].pdf
    [2012/11/22 18:07:10 | 000,128,630 | ---- | C] () -- C:\Users\Elizabeth\Documents\Luis Potter SFE Grant letters.pdf
    [2012/11/15 14:34:09 | 000,096,235 | ---- | C] () -- C:\Users\Elizabeth\Documents\Routine Telephone Calls.pdf
    [2012/11/15 14:33:05 | 000,096,879 | ---- | C] () -- C:\Users\Elizabeth\Documents\Routine Letter - Fax - Email.pdf
    [2012/11/15 14:27:50 | 000,089,365 | ---- | C] () -- C:\Users\Elizabeth\Documents\Preparing Appeal.pdf
    [2012/11/15 14:23:38 | 000,092,326 | ---- | C] () -- C:\Users\Elizabeth\Documents\General Casework.pdf
    [2012/11/15 14:21:37 | 000,095,821 | ---- | C] () -- C:\Users\Elizabeth\Documents\File or Case Review.pdf
    [2012/11/15 14:14:28 | 000,088,738 | ---- | C] () -- C:\Users\Elizabeth\Documents\Attend University Hearing.pdf
    [2012/11/15 14:12:05 | 000,096,750 | ---- | C] () -- C:\Users\Elizabeth\Documents\Interviews.pdf
    [2012/06/24 11:19:51 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2012/06/24 11:18:23 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
    [2011/10/14 17:27:25 | 000,042,228 | ---- | C] () -- C:\Users\Elizabeth\AppData\Roaming\UserTile.png
    [2010/06/13 06:28:13 | 000,103,784 | ---- | C] () -- C:\Users\Elizabeth\GoToAssistDownloadHelper.exe
    [2010/06/06 17:32:52 | 000,007,243 | ---- | C] () -- C:\Users\Elizabeth\pilot.aup
    [2009/07/06 11:05:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/04/30 18:56:40 | 000,045,056 | ---- | C] () -- C:\Users\Elizabeth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    "Harry, I'm going to let you in on a little secret. Every day, once a day, give yourself a present. Don't plan it. Don't wait for it. Just let it happen. It could be a new shirt at the men's store, a catnap in your office chair, or two cups of good, hot black coffee."
  • Crispy_Ambulance
    Crispy_Ambulance Posts: 3,829 Forumite
    Part of the Furniture Name Dropper Combo Breaker
    ========== LOP Check ==========

    [2012/12/08 16:57:10 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Aimersoft Video Converter Ultimate
    [2010/08/31 15:11:56 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Amazon
    [2011/01/16 11:48:50 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Audacity
    [2012/12/14 08:17:53 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Dropbox
    [2009/03/14 12:16:30 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\FirstClass
    [2009/12/28 10:39:26 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\GARMIN
    [2011/05/23 19:02:21 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\HTC
    [2011/05/23 19:02:31 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2009/12/20 17:25:28 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\ImgBurn
    [2010/08/29 16:23:18 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\myphotobook
    [2011/01/16 11:47:28 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\NCH Swift Sound
    [2009/05/19 14:25:53 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\OpenOffice.org
    [2012/11/16 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Spotify
    [2009/03/10 11:05:05 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\Toshiba
    [2010/01/05 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\VCOM
    [2011/02/15 16:58:38 | 000,000,000 | ---D | M] -- C:\Users\Elizabeth\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    < End of report >
    "Harry, I'm going to let you in on a little secret. Every day, once a day, give yourself a present. Don't plan it. Don't wait for it. Just let it happen. It could be a new shirt at the men's store, a catnap in your office chair, or two cups of good, hot black coffee."
  • Crispy_Ambulance
    Crispy_Ambulance Posts: 3,829 Forumite
    Part of the Furniture Name Dropper Combo Breaker
    OTL Extras logfile created on: 14/12/2012 08:43:18 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elizabeth\Documents\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.87 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 43.54% Memory free
    3.98 Gb Paging File | 2.19 Gb Available in Paging File | 54.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74.37 Gb Total Space | 14.00 Gb Free Space | 18.82% Space Free | Partition Type: NTFS
    Drive E: | 73.21 Gb Total Space | 68.69 Gb Free Space | 93.82% Space Free | Partition Type: NTFS

    Computer Name: TAMMY | User Name: Elizabeth | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [File Finder...] -- C:\Program Files\VCOM\PowerDesk\pdfind.exe /PATH:%1 (Avanquest Publishing USA, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EAB9075A-B54C-495B-817F-E771DE776535}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{006B1A17-F5F4-47FD-9CCD-894547C1E3E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2CFBEE6C-5E5F-4F50-A1EF-02D70AEBAEF6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{35A48D09-30C1-4952-B83D-FC877B67C84D}" = protocol=17 | dir=in | app=c:\users\elizabeth\appdata\roaming\dropbox\bin\dropbox.exe |
    "{443971CD-7C09-46AC-A45F-756FBB71147A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{67320639-F5C7-41C8-AB86-40CBF1514730}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{93467D7B-3695-4154-A0C7-74076417C27C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{95D39A73-AF44-4523-8992-F499F8E90112}" = dir=in | app=d:\itunes\itunes.exe |
    "{F548FDA4-0F79-4DBC-A482-28912EF641E8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{FD4A7695-8FA4-4E26-82DC-9C0E3D373BB5}" = protocol=6 | dir=in | app=c:\users\elizabeth\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{04C3AA80-6195-49C9-8E61-F05D59752E40}C:\users\elizabeth\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\elizabeth\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{272E3818-8BDD-49E9-9605-E8F44945C0A0}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
    "UDP Query User{3CFC38EE-01C7-420C-833E-67C0113F533F}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
    "UDP Query User{D38F77ED-1DF2-4618-970C-FB654EDE60F7}C:\users\elizabeth\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\elizabeth\appdata\roaming\spotify\spotify.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
    "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
    "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
    "{5645FB61-898F-4F59-AF80-52FEF3D63A64}" = HTC Sync
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{8B53527D-BBB2-43A5-91D7-9ED772FD737F}" = Skype web features
    "{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
    "{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B93251B5-9209-4DAB-867C-AA98D91584CD}" = PowerDesk 6
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
    "{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
    "AudibleManager" = AudibleManager
    "avast" = avast! Free Antivirus
    "CCleaner" = CCleaner (remove only)
    "Google Desktop" = Google Desktop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ImgBurn" = ImgBurn
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
    "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
    "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "myphotobook" = myphotobook 3.6
    "Picasa2" = Picasa 2
    "Spotify" = Spotify
    "Switch" = Switch Sound File Converter
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "VLC media player" = VLC media player 0.9.8a
    "WAV to MP3 Encoder" = WAV to MP3 Encoder
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Works2003Setup" = Microsoft Works 2003 Setup Launcher

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/09/2011 16:25:42 | Computer Name = Tammy | Source = Application Error | ID = 1005
    Description = Windows cannot access the file for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored
    on, or the storage drivers installed on this computer; or the disk is missing.
    Windows closed the program iTunes.exe because of this error. Program: iTunes.exe File:
    The error value is listed in the Additional Data section. User Action 1. Open the
    file again. This situation might be a temporary problem that corrects itself when
    the program runs again. 2. If the file still cannot be accessed and - It is on the
    network, your network administrator should verify that there is not a problem with
    the network and that the server can be contacted. - It is on a removable disk, for
    example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the
    computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
    click Start, click Run, type CMD, and then click OK. At the command prompt, type
    CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
    a backup copy. 5. Determine whether other files on the same disk can be opened.
    If not, the disk might be damaged. If it is a hard disk, contact your administrator
    or computer hardware vendor for further assistance. Additional Data Error value:
    C000000E Disk type: 0

    Error - 13/09/2011 16:12:35 | Computer Name = Tammy | Source = WinMgmt | ID = 10
    Description =

    Error - 14/09/2011 15:21:30 | Computer Name = Tammy | Source = WinMgmt | ID = 10
    Description =

    Error - 15/09/2011 12:12:00 | Computer Name = Tammy | Source = WinMgmt | ID = 10
    Description =

    Error - 16/09/2011 12:19:09 | Computer Name = Tammy | Source = WinMgmt | ID = 10
    Description =

    Error - 21/09/2011 15:50:30 | Computer Name = Tammy | Source = WinMgmt | ID = 10
    Description =

    Error - 22/09/2011 10:58:13 | Computer Name = Tammy | Source = WinMgmt | ID = 10
    Description =

    Error - 22/09/2011 15:30:31 | Computer Name = Tammy | Source = WinMgmt | ID = 10
    Description =

    Error - 23/09/2011 10:55:49 | Computer Name = Tammy | Source = WinMgmt | ID = 10
    Description =

    Error - 26/09/2011 10:57:42 | Computer Name = Tammy | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 31/10/2012 14:07:46 | Computer Name = Tammy | Source = DCOM | ID = 10010
    Description =

    Error - 15/11/2012 12:45:23 | Computer Name = Tammy | Source = DCOM | ID = 10010
    Description =

    Error - 16/11/2012 10:16:40 | Computer Name = Tammy | Source = Dhcp | ID = 1001
    Description = Your computer was not assigned an address from the network (by the
    DHCP Server) for the Network Card with network address 002163F545BA. The following
    error occurred: %%258. Your computer will continue to try and obtain an address
    on its own from the network address (DHCP) server.

    Error - 16/11/2012 14:21:56 | Computer Name = Tammy | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 18:16:30 on 16/11/2012 was unexpected.

    Error - 17/11/2012 10:10:21 | Computer Name = Tammy | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.65 for the Network Card with network
    address 002163F545BA has been denied by the DHCP server 192.168.1.254 (The DHCP
    Server sent a DHCPNACK message).

    Error - 18/11/2012 11:49:45 | Computer Name = Tammy | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.66 for the Network Card with network
    address 002163F545BA has been denied by the DHCP server 192.168.1.254 (The DHCP
    Server sent a DHCPNACK message).

    Error - 21/11/2012 11:27:51 | Computer Name = Tammy | Source = Service Control Manager | ID = 7009
    Description =

    Error - 21/11/2012 11:27:51 | Computer Name = Tammy | Source = Service Control Manager | ID = 7000
    Description =

    Error - 27/11/2012 10:49:22 | Computer Name = Tammy | Source = DCOM | ID = 10010
    Description =

    Error - 07/12/2012 12:19:43 | Computer Name = Tammy | Source = DCOM | ID = 10010
    Description =


    < End of report >
    "Harry, I'm going to let you in on a little secret. Every day, once a day, give yourself a present. Don't plan it. Don't wait for it. Just let it happen. It could be a new shirt at the men's store, a catnap in your office chair, or two cups of good, hot black coffee."
  • GunJack
    GunJack Posts: 11,928 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    where is mws hiding?

    is it a browser homepage? (manually reset it to google or whatever in the browser options)

    is it a toolbar? (disable the toolbar in the browser, then remove from control panel > programs & features)

    is it a search provider? (disable & remove it from the browser add-on options)

    MBAM followed by CCLeaner is usually enough, after the above steps :)
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • Crispy_Ambulance
    Crispy_Ambulance Posts: 3,829 Forumite
    Part of the Furniture Name Dropper Combo Breaker
    I'm not sure where it is hiding - it is affecting Firefox. I've tried uninstalling Firefox and then downloading the lastest version but it's still there. I have reset the search box to google and I've reset the homepage but if you type into the bar, it still defaults to mywebsearch.

    I've looked at plug-ins and extensions and there's nothing there. I can work around it but I'd really just like it gone.
    "Harry, I'm going to let you in on a little secret. Every day, once a day, give yourself a present. Don't plan it. Don't wait for it. Just let it happen. It could be a new shirt at the men's store, a catnap in your office chair, or two cups of good, hot black coffee."
  • bod1467
    bod1467 Posts: 15,214 Forumite
    You might need to backup your bookmarks, completely uninstall Firefox and delete any profile folders, then reinstall Firefox and import your bookmarks. (That might be a quick workaround, but no guarantees it'll kill it - especially if it digs its claws into the registry).
  • GunJack
    GunJack Posts: 11,928 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    follow the above steps in total, inc. the mbam and ccleaner ALL IN ONE COMPLETE RUNTHROUGH... should get the little blighter, and make sure MBAM is updated before you start scanning ;)
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Try this for starters.
    • Double-click OTL.exe to start the program.
    • Allow the UAC prompt
    • Copy and Paste all the following code into the customFix.png textbox. Do not include the word Code: 
      :processes
killallprocesses

:otl
FF - prefs.js..browser.search.defaultenginename: "My Web Search"
FF - prefs.js..keyword.URL:  "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=87E56982-2615-4309-B267-720A3755E906&n=77ee86f1&ind=2012120817&p2=^HJ^xdm0  18^YY^gb&si=pconverter&searchfor="
[2012/12/08 17:02:12 | 000,009,615 | ---- | M] () --  C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\hnidvlib.default\searchplugins\my-web-search.xml

:commands
[CREATERESTOREPOINT]
[REBOOT]
    • Then click the Run Fix button at the top.
    • Click btnOK.png.
    • OTL may ask to reboot the machine. Click OK & allow it to do so if asked.
    • The report should appear in Notepad after the reboot.
    • Copy and Paste that report in your next reply.
  • Crispy_Ambulance
    Crispy_Ambulance Posts: 3,829 Forumite
    Part of the Furniture Name Dropper Combo Breaker
    Thanks. Here's the report.

    ========== PROCESSES ==========
    All processes killed
    ========== OTL ==========
    Prefs.js: "My Web Search" removed from browser.search.defaultenginename
    Prefs.js: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=87E56982-2615-4309-B267-720A3755E906&n=77ee86f1&ind=2012120817&p2=^HJ^xdm0 18^YY^gb&si=pconverter&searchfor=" removed from keyword.URL
    C:\Users\Elizabeth\AppData\Roaming\Mozilla\Firefox\Profiles\hnidvlib.default\searchplugins\my-web-search.xml moved successfully.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 12152012_110905

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    "Harry, I'm going to let you in on a little secret. Every day, once a day, give yourself a present. Don't plan it. Don't wait for it. Just let it happen. It could be a new shirt at the men's store, a catnap in your office chair, or two cups of good, hot black coffee."
  • Crispy_Ambulance
    Crispy_Ambulance Posts: 3,829 Forumite
    Part of the Furniture Name Dropper Combo Breaker
    It is still appearing when I type into the address bar in firefox to search though. Should I uninstall firefox again?
    "Harry, I'm going to let you in on a little secret. Every day, once a day, give yourself a present. Don't plan it. Don't wait for it. Just let it happen. It could be a new shirt at the men's store, a catnap in your office chair, or two cups of good, hot black coffee."
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.8K Banking & Borrowing
  • 253.8K Reduce Debt & Boost Income
  • 454.7K Spending & Discounts
  • 245.9K Work, Benefits & Business
  • 601.9K Mortgages, Homes & Bills
  • 177.7K Life & Family
  • 259.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture