can't remove www.searchnu.com from my browser

[meassokha]

Hi!

I can't remove www.searchnu.com in my firefox browser even I've already uninstall it's component.

Please help me.

I've already run OTL scan

Please check my OTL.txt and Extras.txt below

[meassokha]

OTL.txt

OTL logfile created on: 23-4-12 1:18:31 PM - Run 1

OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Tya\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-M-yy

1013.90 Mb Total Physical Memory | 494.82 Mb Available Physical Memory | 48.80% Memory free

1.99 Gb Paging File | 1.09 Gb Available in Paging File | 54.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48.73 Gb Total Space | 5.03 Gb Free Space | 10.33% Space Free | Partition Type: NTFS

Drive D: | 74.52 Gb Total Space | 9.29 Gb Free Space | 12.47% Space Free | Partition Type: NTFS

Drive E: | 25.69 Gb Total Space | 16.58 Gb Free Space | 64.55% Space Free | Partition Type: NTFS

Computer Name: TYA-PC | User Name: Tya | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-04-23 11:32:28 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Tya\Downloads\OTL.exe

PRC - [2012-04-12 14:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2011-07-04 08:16:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011-05-02 07:58:02 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011-04-13 11:18:31 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011-04-13 09:53:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2011-01-28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

PRC - [2011-01-22 15:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe

PRC - [2011-01-22 15:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe

PRC - [2010-11-15 16:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

PRC - [2010-01-14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009-07-14 08:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009-07-14 08:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009-07-14 08:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2006-10-22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2012-04-12 14:37:34 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll

MOD - [2012-04-12 14:37:33 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll

MOD - [2012-04-12 14:36:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avutil-51.dll

MOD - [2012-04-12 14:36:06 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avformat-53.dll

MOD - [2012-04-12 14:36:05 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll

MOD - [2011-01-22 15:57:54 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll

MOD - [2010-03-24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010-01-30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Win32 Services (SafeList) ==========

SRV - [2012-04-10 09:54:42 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011-07-04 08:16:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011-05-02 07:58:02 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011-04-13 10:20:01 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)

SRV - [2011-04-13 09:53:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011-01-28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2011-01-22 15:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)

SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009-07-14 08:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009-07-14 08:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009-07-14 08:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\idmwfp.sys -- (IDMWFP)

DRV - [2012-04-12 08:00:15 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011-07-04 08:16:14 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011-07-04 08:16:14 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011-01-22 15:58:24 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eufs.sys -- (EUFS)

DRV - [2011-01-22 15:58:22 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)

DRV - [2011-01-22 15:58:20 | 000,031,112 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)

DRV - [2011-01-22 15:58:18 | 000,188,296 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EuDisk.sys -- (EuDisk)

DRV - [2009-07-14 08:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009-07-14 08:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009-07-14 08:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009-07-14 06:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009-07-14 06:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009-07-14 06:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009-05-11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=384c527b000000000000001cc0e1069f&tlver=1.4.19.19&ss=1&affID=17981

IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA74C8}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 40 D7 93 A5 F9 CB 01 [binary data]

IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA74C8}

IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=384c527b000000000000001cc0e1069f&tlver=1.4.19.19&ss=1&affID=17981

IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}

IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\..\SearchScopes\{A5468298-1B61-48CF-A9F2-D42E69859C9D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MPC2&o=41647997&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=8E&apn_dtid=YYYYYYM1KH&apn_uid=92A72535-82E7-47CB-A208-E0FF2C9384A6&apn_sauid=514BCA78-499F-4696-BF24-2792E4ACA237

IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/"

FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=101&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found

FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-16 13:10:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Tya\AppData\Roaming\IDM\idmmzcc3 [2011-04-28 07:58:13 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Tya\AppData\Roaming\IDM\idmmzcc3 [2011-04-28 07:58:13 | 000,000,000 | ---D | M]

[2012-04-10 10:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tya\AppData\Roaming\mozilla\Extensions

[2012-04-10 10:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions

[2012-04-10 09:55:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011-08-19 13:40:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\ffxtlbr@babylon.com

[2011-04-23 08:15:47 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\firefox@bandoo.com

[2012-04-09 10:28:00 | 000,002,579 | ---- | M] () -- C:\Users\Tya\AppData\Roaming\Mozilla\Firefox\Profiles\rcx8qqz1.default\searchplugins\askcom.xml

[2011-11-02 09:05:27 | 000,009,924 | ---- | M] () -- C:\Users\Tya\AppData\Roaming\Mozilla\Firefox\Profiles\rcx8qqz1.default\searchplugins\mywebsearch.xml

[2010-09-02 15:09:41 | 000,005,529 | ---- | M] () -- C:\Users\Tya\AppData\Roaming\Mozilla\Firefox\Profiles\rcx8qqz1.default\searchplugins\SearchquWebSearch.xml

[2012-04-10 10:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011-10-25 15:32:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012-01-16 13:10:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011-04-22 17:02:58 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2011-11-30 08:51:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010-09-02 15:09:41 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml

[2012-01-16 13:10:34 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2009-12-09 16:46:54 | 000,000,832 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearch.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: YouTube = C:\Users\Tya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Tya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Tya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-11 04:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.217.168.27 203.217.168.36

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BDEE776-B9A4-42F7-A1FB-BED5814FF1A6}: DhcpNameServer = 203.217.168.27 203.217.168.36

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BDEE776-B9A4-42F7-A1FB-BED5814FF1A6}: NameServer = 203.217.168.27,203.217.168.36

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{d3a66144-987e-11e0-9b95-001cc0e1069f}\Shell - "" = AutoRun

O33 - MountPoints2\{d3a66144-987e-11e0-9b95-001cc0e1069f}\Shell\AutoRun\command - "" = F:\Launcher.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-04-18 15:21:56 | 000,000,000 | ---D | C] -- C:\Users\Tya\AppData\Roaming\Registry Mechanic

[2012-04-18 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic

[2012-04-18 11:25:21 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx

[2012-04-18 11:25:21 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx

[2012-04-18 11:25:21 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx

[2012-04-18 11:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2012-04-18 09:47:30 | 000,000,000 | ---D | C] -- C:\Users\Tya\Desktop\Desktop backup

[2012-04-12 15:55:27 | 000,000,000 | ---D | C] -- C:\Users\Tya\AppData\Roaming\Yahoo!

[2012-04-12 08:00:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012-04-11 16:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012-04-11 16:01:24 | 000,000,000 | ---D | C] -- C:\Users\Tya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012-04-11 15:23:56 | 000,000,000 | ---D | C] -- C:\Users\Tya\Desktop\Data

[2012-04-11 14:40:51 | 000,000,000 | ---D | C] -- C:\Users\Tya\Desktop\Quotation

[2012-04-10 11:14:38 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys

[2012-04-10 11:14:38 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

[2012-04-10 11:14:31 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys

[2012-04-10 11:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools

[2012-04-10 10:45:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2012-04-10 10:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2012-04-10 09:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger

[2012-04-10 09:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2012-04-10 09:23:41 | 000,000,000 | ---D | C] -- C:\Users\Tya\AppData\Roaming\TestApp

[2012-04-09 16:36:16 | 000,000,000 | R--D | C] -- C:\Users\Tya\Documents\Swift To-Do List

[2012-04-09 16:36:04 | 000,000,000 | ---D | C] -- C:\Users\Tya\AppData\Local\Dextronet

[2012-04-09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Tya\AppData\Roaming\Dextronet

[2012-04-09 11:31:10 | 000,000,000 | ---D | C] -- C:\Users\Tya\AppData\Roaming\Malwarebytes

[2012-04-09 11:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012-03-29 11:31:06 | 000,000,000 | R--D | C] -- C:\Users\Tya\Documents\Scanned Documents

[2012-03-29 11:31:05 | 000,000,000 | ---D | C] -- C:\Users\Tya\Documents\Fax

[8 C:\Users\Tya\Desktop\*.tmp files -> C:\Users\Tya\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-04-23 13:05:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012-04-23 13:05:17 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012-04-23 13:04:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-04-23 08:40:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012-04-23 08:13:39 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-04-23 08:13:39 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-04-23 08:08:13 | 797,360,128 | -HS- | M] () -- C:\hiberfil.sys

[2012-04-19 08:10:12 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job

[2012-04-18 11:25:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk

[2012-04-18 11:20:47 | 000,511,968 | ---- | M] () -- C:\Users\Tya\Desktop\rminstall_RevenueWire207_10.0.1.140.exe

[2012-04-12 08:00:15 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012-04-11 16:01:25 | 000,002,953 | ---- | M] () -- C:\Users\Tya\Desktop\HiJackThis.lnk

[2012-04-11 15:45:54 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012-04-11 15:45:54 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012-04-10 10:22:17 | 000,818,709 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2012-04-10 09:54:10 | 000,001,129 | ---- | M] () -- C:\Users\Tya\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2012-04-10 09:54:10 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk

[2012-04-09 10:05:32 | 001,966,592 | ---- | M] () -- C:\Users\Tya\Desktop\BirthdayApp.adp

[2012-04-02 08:48:55 | 000,344,064 | ---- | M] () -- C:\Users\Tya\Documents\Database1.accdb

[8 C:\Users\Tya\Desktop\*.tmp files -> C:\Users\Tya\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-04-18 11:26:39 | 000,000,250 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job

[2012-04-18 11:25:23 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk

[2012-04-18 11:25:22 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe

[2012-04-18 11:21:08 | 000,511,968 | ---- | C] () -- C:\Users\Tya\Desktop\rminstall_RevenueWire207_10.0.1.140.exe

[2012-04-11 16:01:25 | 000,002,953 | ---- | C] () -- C:\Users\Tya\Desktop\HiJackThis.lnk

[2012-04-10 10:19:54 | 000,818,709 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB

[2012-04-10 09:54:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012-04-10 09:54:10 | 000,001,129 | ---- | C] () -- C:\Users\Tya\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2012-04-10 09:54:10 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk

[2012-03-26 08:47:27 | 000,344,064 | ---- | C] () -- C:\Users\Tya\Documents\Database1.accdb

[2011-11-26 15:28:50 | 000,000,045 | ---- | C] () -- C:\Users\Tya\AppData\Local\Images.fl

[2011-04-23 15:28:52 | 001,524,112 | ---- | C] () -- C:\Windows\System32\bandoolmx.dll

[2011-04-23 14:30:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011-04-13 22:35:09 | 011,194,368 | ---- | C] () -- C:\Windows\System32\ZHHP_RES.DLL

[2011-04-13 22:35:09 | 000,114,688 | ---- | C] () -- C:\Windows\System32\VSHP2600.DLL

[2011-04-13 22:35:08 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGISSI.DLL

[2011-04-13 10:20:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe

========== LOP Check ==========

[2011-06-13 15:13:12 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\Acronis

[2012-04-09 16:35:29 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\Dextronet

[2011-05-12 11:38:55 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\DMCache

[2012-04-10 10:45:25 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\go

[2011-04-30 16:19:13 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\IDM

[2011-09-30 16:52:50 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\Meridian93

[2011-08-18 16:54:59 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\Oberon Media

[2012-04-18 15:21:56 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\Registry Mechanic

[2011-10-26 14:56:11 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\Rovio

[2012-04-10 09:23:41 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\TestApp

[2011-07-09 16:32:59 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\Thinstall

[2011-04-13 09:46:07 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\URSoft

[2012-03-22 16:53:59 | 000,000,000 | ---D | M] -- C:\Users\Tya\AppData\Roaming\VSO

[2012-04-19 08:10:12 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job

[2012-01-05 08:05:45 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:B3D74A13

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:38849DE5

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

[meassokha]

Extras.txt

OTL Extras logfile created on: 23-4-12 1:18:31 PM - Run 1

OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Tya\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-M-yy

1013.90 Mb Total Physical Memory | 494.82 Mb Available Physical Memory | 48.80% Memory free

1.99 Gb Paging File | 1.09 Gb Available in Paging File | 54.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48.73 Gb Total Space | 5.03 Gb Free Space | 10.33% Space Free | Partition Type: NTFS

Drive D: | 74.52 Gb Total Space | 9.29 Gb Free Space | 12.47% Space Free | Partition Type: NTFS

Drive E: | 25.69 Gb Total Space | 16.58 Gb Free Space | 64.55% Space Free | Partition Type: NTFS

Computer Name: TYA-PC | User Name: Tya | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-525084782-1869943482-3857484496-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{137EA7E1-D30B-4373-B8B6-CB7E85107F6D}" = Angry Birds Rio

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{687FC5A5-8BAD-4601-B255-15B4D26A4997}" = Khmer Dictionary 1.0

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115214367}" = Ranch Rush

"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.1.5

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{C5C0DE57-0BB6-4B40-8FDC-BC7FA8EE087A}" = Khmer Unicode Keyboard (NIDA 1.0)

"{E5532466-55FA-4C0E-9F56-B8CF6B1205D2}" = DSPP

"Adobe Acrobat 8 Professional" = Adobe Acrobat 8 Professional

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Applian FLV Player2.0.24" = Applian FLV Player

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1

"EASEUS Todo Backup Home 2.0_is1" = EASEUS Todo Backup Home 2.0

"Easy Digital Photo Recovery" = Easy Digital Photo Recovery

"Google Chrome" = Google Chrome

"Khmer Unicode_is1" = Khmer Unicode 2.0.0

"mIRC" = mIRC

"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)

"New Khmer Dictionary" = New Khmer Dictionary

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"QueTek File Scavenger 3.2 (en)" = File Scavenger 3.2 (en)

"Registry Mechanic_is1" = Registry Mechanic 10.0

"WinRAR archiver" = WinRAR archiver

"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 02-4-12 10:18:09 PM | Computer Name = Tya-PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 04-4-12 10:06:57 PM | Computer Name = Tya-PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 06-4-12 2:31:44 AM | Computer Name = Tya-PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 09-4-12 6:23:07 AM | Computer Name = Tya-PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 09-4-12 10:46:30 PM | Computer Name = Tya-PC | Source = Application Error | ID = 1000

Description = Faulting application name: YahooMessenger.exe, version: 11.0.0.1751,

time stamp: 0x4cd38198 Faulting module name: YahooMessenger.exe, version: 11.0.0.1751,

time stamp: 0x4cd38198 Exception code: 0xc0000005 Fault offset: 0x00271166 Faulting

process id: 0x8e4 Faulting application start time: 0x01cd16c3e6ac6afd Faulting application

path: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Faulting module path:

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Report Id: 6005562f-82b7-11e1-8881-001cc0e1069f

Error - 11-4-12 12:52:30 AM | Computer Name = Tya-PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 11-4-12 11:36:25 PM | Computer Name = Tya-PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 16-4-12 11:06:37 PM | Computer Name = Tya-PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 17-4-12 12:52:16 AM | Computer Name = Tya-PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 18-4-12 12:26:31 AM | Computer Name = Tya-PC | Source = MsiInstaller | ID = 11706

Description =

[ System Events ]

Error - 18-10-11 5:35:11 AM | Computer Name = Tya-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Netman service.

Error - 18-10-11 8:42:40 PM | Computer Name = Tya-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 19-10-11 4:45:02 AM | Computer Name = Tya-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 19-10-11 5:54:10 AM | Computer Name = Tya-PC | Source = volsnap | ID = 393252

Description = The shadow copies of volume C: were aborted because the shadow copy

storage could not grow due to a user imposed limit.

Error - 19-10-11 9:05:31 PM | Computer Name = Tya-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 20-10-11 9:11:59 PM | Computer Name = Tya-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 20-10-11 10:08:47 PM | Computer Name = Tya-PC | Source = DCOM | ID = 10001

Description =

Error - 21-10-11 1:52:13 AM | Computer Name = Tya-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Netman service.

Error - 21-10-11 8:57:48 PM | Computer Name = Tya-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 23-10-11 9:04:45 PM | Computer Name = Tya-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

< End of report >

[MrCharlie]

Please do this:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  
  :OTL
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo...s=1&affID=17981
  IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA74C8}
  IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
  IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu....q={searchTerms}
  IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA74C8}
  IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
  IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo...s=1&affID=17981
  IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu....q={searchTerms}
  IE - HKU\S-1-5-21-525084782-1869943482-3857484496-1000\..\SearchScopes\{A5468298-1B61-48CF-A9F2-D42E69859C9D}: "URL" = http://websearch.ask...24-2792E4ACA237
  FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/"
  FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=101&q="
  FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
  [2012-04-10 10:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tya\AppData\Roaming\mozilla\Extensions
  [2012-04-10 10:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions
  [2012-04-09 10:28:00 | 000,002,579 | ---- | M] () -- C:\Users\Tya\AppData\Roaming\Mozilla\Firefox\Profiles\rcx8qqz1.default\searchplugins\askcom.xml
  [2011-11-02 09:05:27 | 000,009,924 | ---- | M] () -- C:\Users\Tya\AppData\Roaming\Mozilla\Firefox\Profiles\rcx8qqz1.default\searchplugins\mywebsearch.xml
  [2010-09-02 15:09:41 | 000,005,529 | ---- | M] () -- C:\Users\Tya\AppData\Roaming\Mozilla\Firefox\Profiles\rcx8qqz1.default\searchplugins\SearchquWebSearch.xml
  [2012-04-10 10:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
  [2010-09-02 15:09:41 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml
  [2011-08-19 13:40:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\ffxtlbr@babylon.com
  [2011-04-22 17:02:58 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  

-----------------------------------------

Chrome you have to reset manually:

Lets make sure you have the latest version of Chrome:

Open up Chrome > in the upper right corner click the wrench > scroll down to "About Google Chrome", if an update is available it will be installed.

The click on the wrench again and chose Tools Extensions, see if there's any suspicious items there.

Click on Clear Browser Data > clear it out.

The to the left go through Basics, Personal Stuff, etc. see if there's any thing suspicious.

Let me know, MrC

[meassokha]

Thank Mr. Charlie

The www.searchnu.com which show on my firefox browser during startup have been removed. Thank for that.

But I have some question to ask you.

1. when i use firefox default search page, why it link to www.ask.com. I've already uninstall ask extension in my firefox browser.

2. when i type in keyword to search at Google Chrome address box, it still use www.searchnu.com as my search engine. I want all of my search default search engine change to google.com

below is the log I get after I fix it with OTL

-------------------------------------------------------

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.

HKEY_USERS\S-1-5-21-525084782-1869943482-3857484496-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-525084782-1869943482-3857484496-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-525084782-1869943482-3857484496-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.

Registry key HKEY_USERS\S-1-5-21-525084782-1869943482-3857484496-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.

Registry key HKEY_USERS\S-1-5-21-525084782-1869943482-3857484496-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A5468298-1B61-48CF-A9F2-D42E69859C9D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5468298-1B61-48CF-A9F2-D42E69859C9D}\ not found.

Prefs.js: "http://www.searchqu.com/" removed from browser.startup.homepage

Prefs.js: "http://www.searchqu.com/web?src=ffb&systemid=101&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully.

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found.

C:\Users\Tya\AppData\Roaming\mozilla\Extensions folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\firefox@bandoo.com\content folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\firefox@bandoo.com\components folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\firefox@bandoo.com folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\ffxtlbr@babylon.com folder moved successfully.

C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions folder moved successfully.

C:\Users\Tya\AppData\Roaming\Mozilla\Firefox\Profiles\rcx8qqz1.default\searchplugins\askcom.xml moved successfully.

C:\Users\Tya\AppData\Roaming\Mozilla\Firefox\Profiles\rcx8qqz1.default\searchplugins\mywebsearch.xml moved successfully.

C:\Users\Tya\AppData\Roaming\Mozilla\Firefox\Profiles\rcx8qqz1.default\searchplugins\SearchquWebSearch.xml moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions folder moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.

Folder C:\Users\Tya\AppData\Roaming\mozilla\Firefox\Profiles\rcx8qqz1.default\extensions\ffxtlbr@babylon.com\ not found.

C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

OTL by OldTimer - Version 3.2.41.0 log created on 04242012_163525

[MrCharlie]

Please do this:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  
  :OTL
  FF - prefs.js..browser.search.defaultengine: "Ask.com"
  FF - prefs.js..browser.search.defaultenginename: "Ask.com"
  FF - prefs.js..browser.search.order.1: "Ask.com"
  FF - prefs.js..browser.search.selectedEngine: "Ask.com"
  @Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:B3D74A13
  @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:38849DE5
  @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D1B5B4F1
  @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
  :Commands
  [EMPTYJAVA]
  [emptytemp]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  

----------------------------------------------------------------------

Google Chrome you have to manually reset it yourself.

Lets make sure you have the latest version of Chrome:

Open up Chrome > in the upper right corner click the wrench > scroll down to "About Google Chrome", if an update is available it will be installed.

The click on the wrench again and chose Tools Extensions, see if there's any suspicious items there.

Click on Clear Browser Data > clear it out.

The to the left go through Basics, Personal Stuff, etc. see if there's any thing suspicious.

Let me know, MrC

[meassokha]

My Google Chrome now work fine

But my Firefox still use Ask.com as default browser. Please check the report after scan below.

------------------------------

All processes killed

========== OTL ==========

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.defaultenginename

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: "Ask.com" removed from browser.search.selectedEngine

ADS C:\ProgramData\TEMP:B3D74A13 deleted successfully.

ADS C:\ProgramData\TEMP:38849DE5 deleted successfully.

ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Tya

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tya

->Temp folder emptied: 1203231843 bytes

->Temporary Internet Files folder emptied: 421866827 bytes

->FireFox cache emptied: 53341975 bytes

->Google Chrome cache emptied: 199360340 bytes

->Flash cache emptied: 48309 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 382786138 bytes

RecycleBin emptied: 511968 bytes

Total Files Cleaned = 2,156.00 mb

OTL by OldTimer - Version 3.2.41.0 log created on 04252012_083726

Files\Folders moved on Reboot...

File\Folder C:\Users\Tya\AppData\Local\Temp\~DF209207868EE57134.TMP not found!

File\Folder C:\Users\Tya\AppData\Local\Temp\~DF3324F0BD6AF7A87B.TMP not found!

Registry entries deleted on Reboot...

[MrCharlie]

Run another OTL scan and post back the log...you'll only get the OTL log.

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!