View Full Version : "internet security" virus
There is an "internet security" virus on my mom's laptop.
I can run safe mode with no problems.
I can run normal mode, but it is very unresponsive in normal mode.
I generated the dds log in safe mode.
I tried to generate the dds log in normal mode, but it wouldn't work.
I posted/attached the requested items.
Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_22
Run by millie at 12:20:33 on 2012-08-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.2546 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?ptnrS=ZKxdm176YYUS&ptb=DODoiURCVdvnJ7SfLXtKyQ&n=77ce7bc2
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1355.0\npwinext.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\5.0.1355.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1355.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [iLike] c:\program files\ilike\1.2.18\ilikesidebar.exe /checkforupdate
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Internet Security] c:\users\millie\appdata\roaming\isecurity.exe
uRun: [AROReminder] c:\program files\aro 2012\ARO.exe -rem
uRun: [AdobeUpdater6] "c:\program files\common files\adobe\updater6\Adobe_Updater.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SMART Board Service] c:\program files\smart technologies\smart product drivers\SMARTBoardService.exe
mRun: [SMART SNMP Agent] c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe -e
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\users\millie\appdata\local\micros~4\cnette~1.lnk - c:\users\millie\appdata\roaming\cbs interactive\cnet techtracker\TechTracker.exe
StartupFolder: c:\users\millie\appdata\local\micros~4\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\millie\appdata\local\microsoftnt\winserver.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{33938668-6963-43A1-BF98-6F032D4A8B80} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{BD700D70-4407-43E8-AA8B-DDA1E4D7C854} : DhcpNameServer = 192.168.254.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll
IFEO: image file execution options - svchost.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\millie\appdata\roaming\mozilla\firefox\profiles\h8ezm1zs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7d176c81-080e-4ab7-beba-94e7001fe9cd%7D&mid=6a724c01cae50453019bf6e1ad6bea58-363b279c66dfca47b50075569e3c6b8f1824a3c8&ds=AVG&v=9.0.0.18&lang=us&pr=fr&d=2011-12-13%2018%3A55%3A25&sap=ku&q=
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1355.0\npwinext.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-12 7168]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2011-1-25 11632]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2011-1-25 14704]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2011-1-25 21872]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-4 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-4 29712]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-4 243152]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-8-27 20352]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-11-24 78104]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 167264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-8-27 937984]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-11 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 12:22:55.18 ===============
And here is the aswMBR log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-06 12:32:32
-----------------------------
12:32:32.841 OS Version: Windows 6.0.6002 Service Pack 2
12:32:32.841 Number of processors: 2 586 0x6802
12:32:32.841 ComputerName: MILLIE-PC UserName: millie
12:32:34.573 Initialize success
12:33:27.005 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:33:27.005 Disk 0 Vendor: WDC_WD2500BEVS-26UST0 01.01A01 Size: 238475MB BusType: 3
12:33:27.020 Disk 0 MBR read successfully
12:33:27.020 Disk 0 MBR scan
12:33:27.036 Disk 0 Windows VISTA default MBR code
12:33:27.036 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
12:33:27.052 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 236974 MB offset 3074048
12:33:27.067 Disk 0 scanning sectors +488396800
12:33:27.145 Disk 0 scanning C:\Windows\system32\drivers
12:33:34.711 Service scanning
12:33:50.186 Modules scanning
12:33:53.603 Disk 0 trace - called modules:
12:33:53.634 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:33:53.634 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85765030]
12:33:53.650 3 CLASSPNP.SYS[82d0d8b3] -> nt!IofCallDriver -> [0x8574bc10]
12:33:53.665 5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85741538]
12:33:53.681 Scan finished successfully
12:34:59.654 Disk 0 MBR has been saved successfully to "C:\Users\millie\Desktop\MBR.dat"
12:34:59.669 The log file has been saved successfully to "C:\Users\millie\Desktop\aswMBR-07-06-2012.txt"
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
You can run Malwarebytes from Safemode with Networking and run it.
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Thanks.
I have backed up all of the valuable files. Here is the log that was generated after the scan/removal.
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.11.04
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19190
millie :: MILLIE-PC [administrator]
8/11/2012 4:40:43 PM
mbam-log-2012-08-11 (16-40-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207984
Time elapsed: 8 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Rogue.InternetSecurity) -> Data: C:\Users\millie\AppData\Roaming\isecurity.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\millie\AppData\Roaming\isecurity.exe (Rogue.InternetSecurity) -> Quarantined and deleted successfully.
(end)
Great, but I am sure there is more to remove
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
It looks like this computer has AVG 9.0 on it, but I can't seem to bring up the main user interface of AVG 9, and it looks like I need that interface in order to disable that program. Would it be ok to just uninstall AVG 9 before proceeding with combofix, or would that be problematic? I don't know how else to disable this program. (After this entire malware removal process is completed, I intend to uninstall AVG 9 anyway and replace it with avast.)
Also, while I was trying to find any anti virus programs on the computer, I ran across a program called "ARO 2012" that was installed. I googled "ARO 2012", and it seems suspicious. Would you recommend uninstalling "ARO 2012" after everything is complete, or is "ARO 2012" part of the malware problem?
Good Morning,
http://download.cnet.com/ARO-2012/3000-2086_4-10183947.html
This program is not malicious but is not needed, I would uninstall it along with uninstalling AVG, we can reinstall AVG when where done or another one I can recommend.
Here is an uninstaller for AVG if it gives you problems uninstalling
http://www.avg.com/us-en/download-tools
http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe
Either way, if you uninstall AVG or not, go ahead and run Combofix
I uninstalled AVG before running combofix. Here is the log.
ComboFix 12-08-10.02 - millie 08/12/2012 19:16:36.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.2461 [GMT -5:00]
Running from: c:\users\millie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\millie\AppData\Roaming\.#
c:\users\millie\AppData\Roaming\.#\MBX@1310@3E2748.###
c:\users\millie\AppData\Roaming\.#\MBX@1310@3E2778.###
c:\users\millie\AppData\Roaming\.#\MBX@1480@1D92748.###
c:\users\millie\AppData\Roaming\.#\MBX@1480@1D92778.###
c:\users\millie\AppData\Roaming\.#\MBX@5B0@1742748.###
c:\users\millie\AppData\Roaming\.#\MBX@5B0@1742778.###
c:\users\millie\AppData\Roaming\.#\MBX@D4C@1C52748.###
c:\users\millie\AppData\Roaming\.#\MBX@D4C@1C52778.###
c:\users\millie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cb.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cid.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fix.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fix.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FS.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FS.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FS.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FW.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\gid.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\grid.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\grid.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddl.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddl.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SM.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SM.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\snl2w.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\std.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\std.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\millie\Desktop\Internet Security.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 00:25 . 2012-08-13 00:25 -------- d-----w- c:\users\millie\AppData\Local\temp
2012-08-13 00:25 . 2012-08-13 00:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 21:36 . 2012-08-11 21:36 711240 ----a-w- c:\windows\is-4QVJ3.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 18:46 . 2010-03-19 05:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-12 04:54 . 2011-05-26 23:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-14 00:56 1547104 ----a-w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-14 1547104]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-09 39408]
"iLike"="c:\program files\iLike\1.2.18\ilikesidebar.exe" [2008-09-10 63024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"AROReminder"="c:\program files\ARO 2012\ARO.exe" [2012-01-06 2552688]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-01-08 2521464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2011-01-25 5893488]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2011-01-25 1678704]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-14 827232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"InnoSetupRegFile.0000000001"="c:\windows\is-4QVJ3.exe" [2012-08-11 711240]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
"AvgRemover"="c:\users\millie\Desktop\avg_remover_stf_x86_2011_1322.exe" [2012-08-12 1163104]
.
c:\users\millie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2009-4-25 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2011-1-25 13320560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^millie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\millie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^millie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\millie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-01-22 21:25 712704 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-01-19 23:10 243032 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1355.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-10-26 00:41 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-02-13 02:32 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 05:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-07-03 18:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-11 23:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-30 01:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 01:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 04:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-09 17:55 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 23:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-07 01:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-01-17 23:27 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:08]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:08]
.
2012-05-12 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2011-12-12 22:43]
.
2012-05-12 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\Update3.exe [2011-12-12 22:43]
.
2012-05-12 c:\windows\Tasks\SpeedMaxPc.job
- c:\program files\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe [2011-12-22 00:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?ptnrS=ZKxdm176YYUS&ptb=DODoiURCVdvnJ7SfLXtKyQ&n=77ce7bc2
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 128.206.10.3 128.206.10.2
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\millie\AppData\Roaming\Mozilla\Firefox\Profiles\h8ezm1zs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7d176c81-080e-4ab7-beba-94e7001fe9cd%7D&mid=6a724c01cae50453019bf6e1ad6bea58-363b279c66dfca47b50075569e3c6b8f1824a3c8&ds=AVG&v=9.0.0.18&lang=us&pr=fr&d=2011-12-13%2018%3A55%3A25&sap=ku&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-NDSTray - NDSTray.exe
AddRemove-{AA63780B-DDB7-417b-8A13-E5AFBE08E807} - c:\users\millie\AppData\Local\CyberDefender Internet Security\cdinstx.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-12 19:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-08-12 19:33:27
ComboFix-quarantined-files.txt 2012-08-13 00:33
.
Pre-Run: 155,940,651,008 bytes free
Post-Run: 156,466,733,056 bytes free
.
- - End Of File - - 7180E4E7ECDA8879A952F7244828F97D
Hi,
What I would do is uninstall ASK Toolbar, it modifies your browser setting, but if you use and like it then leave it be.
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.
c:\windows\is-4QVJ3.exe<--This file
If the site is busy you can try this one
http://virusscan.jotti.org/en
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
I followed the instructions on enabling windows to show all files and folders, but I still can't find this file
c:\windows\is-4QVJ3.exe
I also opened the windows folder and made sure that the view settings were set to "show hidden files and folders, show extensions for known file types, show protected operating system files", but I still can't find it.
Here are the results of the ESET scan:
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\Users\millie\AppData\Local\MicrosoftNT\winserver.exe a variant of Win32/Kryptik.ACHY trojan
C:\Users\millie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5ecf6a4c-44b55155 Java/Exploit.CVE-2011-3544.T trojan
C:\Users\millie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6319d051-7a7842e4 Java/TrojanDownloader.OpenConnection.AR trojan
C:\Users\millie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7be11851-113e40e9 multiple threats
C:\Users\millie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\26d395dc-4c44d17d multiple threats
C:\Users\millie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4d4444e0-2be8cb3c Java/Agent.EA trojan
C:\Users\millie\Downloads\asc-setup(1).exe a variant of Win32/Toolbar.Widgi application
C:\Users\millie\Downloads\asc-setup-2011pro(1).exe a variant of Win32/Toolbar.Widgi application
C:\Users\millie\Downloads\asc-setup-2011pro.exe a variant of Win32/Toolbar.Widgi application
Good Morning,
Lets not worry about that file right now
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Here is the log titled OTL
OTL logfile created on: 8/15/2012 5:02:55 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\millie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.87 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 57.19% Memory free
5.97 Gb Paging File | 4.97 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 143.23 Gb Free Space | 61.89% Space Free | Partition Type: NTFS
Computer Name: MILLIE-PC | User Name: millie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\millie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Users\millie\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\TOSHIBA\IVP\ISM\pinger.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Users\millie\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\ZipArchive.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtNetwork4.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtGui4.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtCore4.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
========== Win32 Services (SafeList) ==========
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (pinger) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\UP_date\PEDrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IO_Memory) -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys File not found
DRV - (catchme) -- C:\Users\millie\AppData\Local\Temp\catchme.sys File not found
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {61332160-AC3F-48CA-BD99-13D5C24E36A5}
IE - HKLM\..\SearchScopes\{61332160-AC3F-48CA-BD99-13D5C24E36A5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?ptnrS=ZKxdm176YYUS&ptb=DODoiURCVdvnJ7SfLXtKyQ&n=77ce7bc2
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=10148&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=A2&apn_dtid=&apn_uid=BBF8851F-0B3D-40C0-9BE2-754A2E2C96FC&apn_sauid=20F99818-4A39-4A1E-A73A-9A104775466F
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\{61332160-AC3F-48CA-BD99-13D5C24E36A5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_en
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_en
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={41360F5B-18AA-4997-B96B-BE031E09B05F}&mid=6a724c01cae50453019bf6e1ad6bea58-363b279c66dfca47b50075569e3c6b8f1824a3c8&lang=us&ds=AVG&pr=fr&d=2011-12-13 18:55:25&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\{D21DCA1A-DE9C-4272-9AB3-124BF35493EE}: "URL" = http://findgala.com/?&uid=7&q={searchTerms}
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://findgala.com/?&uid=7&q={searchTerms}
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\Yahoo!: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B7d176c81-080e-4ab7-beba-94e7001fe9cd%7D&mid=6a724c01cae50453019bf6e1ad6bea58-363b279c66dfca47b50075569e3c6b8f1824a3c8&ds=AVG&v=9.0.0.18&lang=us&pr=fr&d=2011-12-13%2018%3A55%3A25&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\Firefox [2010/02/15 16:12:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/08 19:17:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox [2011/01/02 16:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/12/14 16:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/11 23:54:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/26 18:05:19 | 000,000,000 | ---D | M]
[2010/06/25 16:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\millie\AppData\Roaming\Mozilla\Extensions
[2010/05/21 15:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\millie\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/05/18 14:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\millie\AppData\Roaming\Mozilla\Firefox\Profiles\h8ezm1zs.default\extensions
[2012/05/18 14:46:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\millie\AppData\Roaming\Mozilla\Firefox\Profiles\h8ezm1zs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/26 18:14:38 | 000,002,572 | ---- | M] () -- C:\Users\millie\AppData\Roaming\Mozilla\Firefox\Profiles\h8ezm1zs.default\searchplugins\informative-google-search.xml
[2012/05/11 23:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/03 17:57:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/05/11 23:54:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/06 21:46:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/13 19:56:35 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/05/11 23:54:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/11 23:54:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/08/12 19:25:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe (Support.com, Inc.)
O4 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000..\Run: [iLike] C:\Program Files\iLike\1.2.18\ilikesidebar.exe (iLike)
O4 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10k_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\millie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.206.10.3 128.206.10.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33938668-6963-43A1-BF98-6F032D4A8B80}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD700D70-4407-43E8-AA8B-DDA1E4D7C854}: DhcpNameServer = 128.206.10.3 128.206.10.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\millie\Pictures\hilltop-mountain-skys.jpg
O24 - Desktop BackupWallPaper: C:\Users\millie\Pictures\hilltop-mountain-skys.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/15 05:05:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/15 04:58:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\millie\Desktop\OTL.exe
[2012/08/14 20:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/14 20:04:48 | 002,322,184 | ---- | C] (ESET) -- C:\Users\millie\Desktop\esetsmartinstaller_enu.exe
[2012/08/14 19:42:22 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/08/14 19:42:22 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/08/14 19:41:54 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/08/14 19:41:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/08/12 19:33:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/12 19:33:29 | 000,000,000 | ---D | C] -- C:\Users\millie\AppData\Local\temp
[2012/08/12 19:27:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/12 19:11:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/12 19:11:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/12 19:11:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/12 19:11:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/12 15:47:44 | 001,163,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\millie\Desktop\avg_remover_stf_x86_2011_1322.exe
[2012/08/11 19:54:52 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\millie\Desktop\ComboFix.exe
[2012/08/11 16:24:14 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\millie\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/06 12:25:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\millie\Desktop\aswMBR.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\millie\Desktop\*.tmp files -> C:\Users\millie\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/15 05:11:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 04:58:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\millie\Desktop\OTL.exe
[2012/08/15 04:55:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 04:55:50 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 04:55:50 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 20:11:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 20:04:54 | 002,322,184 | ---- | M] (ESET) -- C:\Users\millie\Desktop\esetsmartinstaller_enu.exe
[2012/08/14 19:40:11 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/14 19:40:11 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/14 19:32:45 | 3084,521,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 19:25:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/12 15:47:42 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\millie\Desktop\avg_remover_stf_x86_2011_1322.exe
[2012/08/11 20:03:18 | 000,001,254 | ---- | M] () -- C:\Users\millie\Desktop\Clean Registry for Free!.lnk
[2012/08/11 19:55:24 | 004,729,547 | R--- | M] (Swearware) -- C:\Users\millie\Desktop\ComboFix.exe
[2012/08/11 16:15:18 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\millie\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/06 12:34:59 | 000,000,512 | ---- | M] () -- C:\Users\millie\Desktop\MBR.dat
[2012/08/06 12:26:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\millie\Desktop\aswMBR.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\millie\Desktop\*.tmp files -> C:\Users\millie\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/14 19:32:45 | 3084,521,472 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/12 19:11:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/12 19:11:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/12 19:11:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/12 19:11:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/12 19:11:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/11 20:03:18 | 000,001,254 | ---- | C] () -- C:\Users\millie\Desktop\Clean Registry for Free!.lnk
[2012/08/06 12:34:59 | 000,000,512 | ---- | C] () -- C:\Users\millie\Desktop\MBR.dat
[2012/01/20 22:15:27 | 000,000,000 | ---- | C] () -- C:\Users\millie\AppData\Local\{A109E092-F915-4208-99CC-4BE276F75047}
[2011/12/13 19:49:45 | 000,000,304 | ---- | C] () -- C:\ProgramData\~wM3PUeNRInRpGC
[2011/12/13 19:49:45 | 000,000,216 | ---- | C] () -- C:\ProgramData\~wM3PUeNRInRpGCr
[2011/12/13 19:49:35 | 000,000,440 | ---- | C] () -- C:\ProgramData\wM3PUeNRInRpGC
[2010/10/03 17:59:34 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/04 20:20:40 | 000,002,865 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010/02/15 16:48:57 | 000,001,356 | ---- | C] () -- C:\Users\millie\AppData\Local\d3d9caps.dat
[2009/07/28 17:44:03 | 000,000,390 | ---- | C] () -- C:\Users\millie\AppData\Roaming\wklnhst.dat
[2008/12/28 19:50:17 | 000,140,800 | ---- | C] () -- C:\Users\millie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2010/12/10 22:55:47 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\Canon
[2012/05/11 22:53:53 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\CBS Interactive
[2012/05/11 23:30:52 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\DriverCure
[2009/11/27 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\Gamelab
[2011/12/13 01:41:24 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\go
[2010/06/27 21:28:22 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\iLike
[2011/12/27 19:23:08 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\IObit
[2009/12/30 18:32:23 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\MusicIP
[2012/05/11 23:02:57 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\Sammsoft
[2011/06/03 13:58:00 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\SMART Technologies
[2011/06/03 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\SMART Technologies Inc
[2010/09/11 19:13:26 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\Spadester
[2012/05/11 23:30:52 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\SpeedMaxPc
[2009/07/28 17:45:10 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\Template
[2010/05/08 19:07:43 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\TOSHIBA
[2010/03/19 12:50:17 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\Uniblue
[2012/06/18 06:42:14 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/11 23:32:22 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Registration3.job
[2012/05/11 23:30:34 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Update3.job
[2012/05/11 23:30:34 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3C6E4889
< End of report >
Here is the log titled Extras
OTL Extras logfile created on: 8/15/2012 5:02:55 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\millie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.87 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 57.19% Memory free
5.97 Gb Paging File | 4.97 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 143.23 Gb Free Space | 61.89% Space Free | Partition Type: NTFS
Computer Name: MILLIE-PC | User Name: millie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3108643506-636927696-2022615235-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8BE9B888-C305-4198-9881-AAE329A51A5B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{96ACD4A2-0CDA-4CF2-B34C-B0EBCE7E484A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F35CE0B-1E5E-4C94-BC73-86D08EC8ABBD}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe |
"{1F3C7635-020C-47F8-A648-82E87F85580B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{235420C6-4C76-44BE-9A81-F5E0903BB347}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{2DE0C511-92C0-404C-A182-A6B609ED6FDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44726371-7500-4B9B-A753-BEBDC9E45FAE}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5429C032-272B-4A8D-B3FD-B19300EC041C}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe |
"{64781CD1-767C-4C36-B9E8-57581A93FBB3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F717BEA-318E-4D1E-817E-92C23A30B4A4}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe |
"{89C30307-37F6-4E87-BDF5-4D7D94015475}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe |
"{98A55E02-82FA-4586-AD2F-2206D5FF7EBC}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe |
"{9BA5E40C-2B97-4F10-AFF2-444FA48C13EA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A3C13F7B-1414-45EE-A9BF-64A0ED23F706}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A80420BA-151B-4E65-9BCE-93360FA9DC7D}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe |
"{C91E5CFA-3D85-46BA-B0A1-62A0F50DA721}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CF2F169C-1268-4224-B57D-2B21D47732F7}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{DE7F76F1-6C20-48A4-BBED-BF244573C766}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{DFD4820F-1913-4008-A40F-4160961C8233}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{EC677E6A-B55D-4C3A-99DD-EE94032BD9D0}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{FBA2EA7E-0D87-47F6-9899-0BDD04832DC5}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FCC4C488-67AD-4320-AD1F-AE90ADEF5AB1}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{FCD26259-FF6A-4C36-B78B-303A79A2A999}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{56BFA295-AC04-4022-A49C-B502ACAE9B0E}C:\programdata\b63aa63\sab63a.exe" = protocol=6 | dir=in | app=c:\programdata\b63aa63\sab63a.exe |
"UDP Query User{DED7BC7A-8A06-4CFB-AC17-7154CA3556AD}C:\programdata\b63aa63\sab63a.exe" = protocol=17 | dir=in | app=c:\programdata\b63aa63\sab63a.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"{062ABD24-47F8-D865-BCB6-A724A94BC9A5}" = CCC Help Japanese
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{06F2B3DC-74F4-300D-D41A-B21B46101CA2}" = Skins
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A573F30-FB63-9A85-2E6E-39E1AC5366D0}" = Catalyst Control Center Localization Hungarian
"{0A9F311E-A4B9-4808-1D1C-0B2E7705A735}" = Catalyst Control Center Localization Spanish
"{0F15A965-99BA-BC9D-5A00-D7E1E7B2AE7F}" = Catalyst Control Center Localization French
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14FEF8C7-0EB1-47F2-6A13-D43171D4DFBB}" = Catalyst Control Center Localization Greek
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D4D4C5C-6771-A416-0FC9-167F47C4D977}" = Catalyst Control Center Localization Polish
"{1E32C2AB-9722-5F41-7BDE-24B5AFD2BCE6}" = CCC Help Spanish
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21AEC16B-1C21-81B4-DA88-2235CC1F7E39}" = Catalyst Control Center Localization Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25E04A4A-90B3-475A-BCD1-04B5B2B60C74}" = REA's TESTware for the PRAXIS Elementary Ed 0011
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{288306FF-D5B5-7398-0617-E52F625C6797}" = CCC Help Norwegian
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{397AC65E-CB4A-29C2-ACF9-D04444438971}" = Catalyst Control Center Localization Thai
"{3B96A467-811C-F9FE-B8D6-3BC952025F44}" = Catalyst Control Center Localization Dutch
"{3BEEC9AD-FA8F-B413-6BBC-8B5DC7C8E08F}" = Catalyst Control Center Localization Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45ECDC05-71AC-6372-2A17-4139B6296F4F}" = ccc-core-static
"{480C3278-56A7-3F05-3829-6DC5D4B0CB06}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A69610A-536D-4295-BDDB-8A648B45F3E5}" = Bing Bar Platform
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CA4D9FC-212C-9F69-E760-DB4BEB34FEB5}" = CCC Help Thai
"{4CE6C6E8-0DAD-4757-86ED-7FB4035BA98B}" = SMART Product Drivers
"{4DE0D937-FEB0-0D89-C8D6-35F600300BD4}" = CCC Help French
"{526B6DD3-0C43-2C13-7DF8-44D20D4E9853}" = CCC Help English
"{544587B1-B057-F0B3-7B19-6898ADBED9AC}" = Catalyst Control Center Localization Czech
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{571C0874-A931-EEFE-E89D-8F912F633B9F}" = CCC Help Danish
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63427619-C918-6F3C-7318-11DDA4975241}" = ATI Catalyst Install Manager
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{648B4A01-F609-1D4E-556C-0F18B54E9E1C}" = Catalyst Control Center Localization Italian
"{64F18837-72CE-DC38-899C-260AF20F979A}" = CCC Help Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69C82DDB-3FBC-EBEC-AE0A-3ABF1F3BD39B}" = CCC Help Polish
"{6C530FF7-F6F2-FD4C-0CFC-49AD3E7244A9}" = Catalyst Control Center Localization Turkish
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CA2BE46-A562-8CA4-1C33-CC2681B2DDA1}" = CCC Help Finnish
"{6DBBEC03-716B-7954-873A-B782100831C5}" = Catalyst Control Center Graphics Full New
"{70BCBA77-83D9-2075-1F99-69D65C44B422}" = Catalyst Control Center Graphics Full Existing
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{78E6BC53-F765-2629-C028-9F3CD49F70D4}" = CCC Help Chinese Standard
"{7C2F22D6-547A-4452-AEE3-65344A271844}" = MusicIP MyDJ Plug-in
"{7ECE1045-66CB-2A70-7EAE-BE508AF95CF2}" = Catalyst Control Center Graphics Previews Vista
"{81F93FA5-BA87-322F-2166-4D1F0FFE196E}" = CCC Help Greek
"{8376FC56-5456-DFF9-5C36-FAB3DE39F5DF}" = Catalyst Control Center Localization Norwegian
"{85B3880D-F0D2-A50C-1464-7EF646A1D21D}" = Catalyst Control Center Localization Danish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8D0957A4-8EE7-E273-0BFC-9B235BEAA41A}" = CCC Help Dutch
"{8D44F868-DA59-B1BF-CC33-58B0AF8E2E39}" = Catalyst Control Center Localization Chinese Traditional
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9550F8A6-3D21-4544-8B87-F9FE7E01B964}" = SMART Notebook
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A3F65CA-78FA-4749-004B-23743CF642D1}" = Catalyst Control Center Localization Korean
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A5B13934-D1C9-D33B-982E-BB09A19C0F90}" = Catalyst Control Center Localization Finnish
"{A60F4402-4CCE-E695-64C6-F0636ACC347F}" = CCC Help Italian
"{A91A0484-8087-A838-9BA6-03374BE3F2CE}" = Catalyst Control Center Localization Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA725670-A7B4-D1B0-4EF5-F4B2E418C9F4}" = Catalyst Control Center Localization German
"{AC5352DA-F4F2-4A59-A1BF-41546342746B}" = CyberDefender Early Detection Center
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ADBE6E56-60E7-7FC3-467A-827987BE09CE}" = Catalyst Control Center Localization Swedish
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1819DF7-D6B1-27AA-3A3B-6560C348C386}" = Catalyst Control Center Core Implementation
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B9CD69C2-D14E-C499-C18B-7342E5FE245E}" = Catalyst Control Center Localization Chinese Standard
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{D8F9F4CB-41A1-CF15-39A2-75F28E0B9991}" = CCC Help Korean
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDA258BA-57D9-A76C-84CB-F19571A45FC8}" = ccc-utility
"{DF73BEDD-8A09-A6E2-462B-3BDF398BAFB2}" = CCC Help Czech
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4F5551F-BF8D-43B0-B895-D758E72D83D9}" = iLike Sidebar
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E70A3EE1-067D-8C6C-1C89-9F3A1BA4CF2C}" = Catalyst Control Center Graphics Light
"{E87A8D96-5795-A788-18A2-3BCC20B09E7C}" = CCC Help Chinese Traditional
"{EB295AF7-C2D1-D911-9E62-F288874B96F4}" = CCC Help Turkish
"{EBCD5E4C-F14A-B147-39FE-906F75AC4ACE}" = CCC Help Russian
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87}" = SpeedMaxPc
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F36D6137-FD4C-1F67-7B2A-815BB05BB825}" = CCC Help German
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F84C1DC6-4B39-1A34-AD6E-A6EE49A3DD78}" = CCC Help Hungarian
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ARO 2012_is1" = ARO 2012
"Canon MP190 series User Registration" = Canon MP190 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"iWinArcade" = iWin Games (remove only)
"Jojos Fashion Show" = Jojos Fashion Show (remove only)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"Picasa2" = Picasa 2
"STANDARDR" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3108643506-636927696-2022615235-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"CNET TechTracker" = CNET TechTracker
"Game Organizer" = EasyBits GO
"Spadester" = Spadester
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/27/2011 12:15:51 AM | Computer Name = millie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8989168
Error - 5/27/2011 12:15:51 AM | Computer Name = millie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8989168
Error - 5/27/2011 12:43:35 PM | Computer Name = millie-PC | Source = EventSystem | ID = 4621
Description =
Error - 5/27/2011 1:55:53 PM | Computer Name = millie-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/28/2011 2:04:44 PM | Computer Name = millie-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/28/2011 9:08:37 PM | Computer Name = millie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 5/28/2011 9:08:37 PM | Computer Name = millie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1575
Error - 5/28/2011 9:08:37 PM | Computer Name = millie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1575
Error - 5/28/2011 9:13:40 PM | Computer Name = millie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 5/28/2011 9:13:40 PM | Computer Name = millie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13931
[ Media Center Events ]
Error - 3/19/2012 7:13:42 PM | Computer Name = millie-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.
[ OSession Events ]
Error - 5/12/2009 6:24:16 PM | Computer Name = millie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1774
seconds with 1740 seconds of active time. This session ended with a crash.
Error - 10/26/2009 12:07:21 AM | Computer Name = millie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3475 seconds with 2220 seconds of active time. This session ended with a
crash.
Error - 6/5/2010 4:36:15 PM | Computer Name = millie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12953
seconds with 5160 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 8/14/2012 8:44:05 PM | Computer Name = millie-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 8/14/2012 8:44:05 PM | Computer Name = millie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 8/14/2012 8:44:05 PM | Computer Name = millie-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 8/14/2012 8:44:05 PM | Computer Name = millie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 8/14/2012 8:44:05 PM | Computer Name = millie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 8/14/2012 8:44:05 PM | Computer Name = millie-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 8/14/2012 8:44:05 PM | Computer Name = millie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 8/14/2012 8:44:05 PM | Computer Name = millie-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 8/14/2012 8:44:05 PM | Computer Name = millie-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 8/14/2012 8:44:05 PM | Computer Name = millie-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
< End of report >
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jh...KyQ&n=77ce7bc2
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=10148&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=A2&apn_dtid=&apn_uid=BBF8851F-0B3D-40C0-9BE2-754A2E2C96FC&apn_sauid=20F99818-4A39-4A1E-A73A-9A104775466F
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
:Services
:Reg
:Files
ipconfig /flushdns /c
C:\Program Files\Ask.com
C:\Users\millie\Downloads\asc-setup(1).exe
C:\Users\millie\Downloads\asc-setup-2011pro(1).exe
C:\Users\millie\Downloads\asc-setup-2011pro.exe
:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.
C:\Users\millie\AppData\Local\MicrosoftNT\winserver.exe
If the site is busy you can try this one
http://virusscan.jotti.org/en
Here is the log from the OTL fix
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-3108643506-636927696-2022615235-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3108643506-636927696-2022615235-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-3108643506-636927696-2022615235-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\millie\Desktop\cmd.bat deleted successfully.
C:\Users\millie\Desktop\cmd.txt deleted successfully.
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\Users\millie\Downloads\asc-setup(1).exe moved successfully.
C:\Users\millie\Downloads\asc-setup-2011pro(1).exe moved successfully.
C:\Users\millie\Downloads\asc-setup-2011pro.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: millie
->Temp folder emptied: 4374751 bytes
->Temporary Internet Files folder emptied: 8056308 bytes
->Java cache emptied: 2478452 bytes
->FireFox cache emptied: 69118674 bytes
->Flash cache emptied: 1315 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 711240 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 747807 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 82.00 mb
OTL by OldTimer - Version 3.2.57.0 log created on 08152012_073421
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Here are the results of the virustotal scan
https://www.virustotal.com/file/47afad5348ec242afc388f9a0b95dfc5e4787f8d1fbd557e95280a8ed2cf050e/analysis/1345071251/
:bigthumb:
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
:Files
C:\Users\millie\AppData\Local\MicrosoftNT\winserver.exe
:Commands
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new Scan with OTL and let me take a final look. How is your system behaving now ?
I'm not noticing any problems with the system now. Before the OTL fix with winserver.exe, I was getting a pop up window after reboots telling me that ERUNT was having trouble making an automatic back up of the registry. But after the OTL fix with winserver.exe, I have not gotten that pop up after rebooting.
Here are the results of the OTL fix with winserver.exe, and the results of the OTL scan (it didn't seem to generate an "extras" txt file this time.)
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\millie\AppData\Local\MicrosoftNT\winserver.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: millie
->Temp folder emptied: 590063 bytes
->Temporary Internet Files folder emptied: 33334 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16360709 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 16.00 mb
OTL by OldTimer - Version 3.2.57.0 log created on 08152012_180528
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL logfile created on: 8/15/2012 6:15:13 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\millie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.87 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 68.39% Memory free
5.95 Gb Paging File | 5.09 Gb Available in Paging File | 85.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 142.68 Gb Free Space | 61.65% Space Free | Partition Type: NTFS
Computer Name: MILLIE-PC | User Name: millie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\millie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Users\millie\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe (SMART Technologies ULC)
PRC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\TOSHIBA\IVP\ISM\pinger.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Users\millie\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\ZipArchive.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtNetwork4.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtGui4.dll ()
MOD - C:\Program Files\SMART Technologies\SMART Product Drivers\QtCore4.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
========== Win32 Services (SafeList) ==========
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (pinger) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\UP_date\PEDrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IO_Memory) -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys File not found
DRV - (catchme) -- C:\Users\millie\AppData\Local\Temp\catchme.sys File not found
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {61332160-AC3F-48CA-BD99-13D5C24E36A5}
IE - HKLM\..\SearchScopes\{61332160-AC3F-48CA-BD99-13D5C24E36A5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\{61332160-AC3F-48CA-BD99-13D5C24E36A5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_en
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_en
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={41360F5B-18AA-4997-B96B-BE031E09B05F}&mid=6a724c01cae50453019bf6e1ad6bea58-363b279c66dfca47b50075569e3c6b8f1824a3c8&lang=us&ds=AVG&pr=fr&d=2011-12-13 18:55:25&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\{D21DCA1A-DE9C-4272-9AB3-124BF35493EE}: "URL" = http://findgala.com/?&uid=7&q={searchTerms}
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://findgala.com/?&uid=7&q={searchTerms}
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\SearchScopes\Yahoo!: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B7d176c81-080e-4ab7-beba-94e7001fe9cd%7D&mid=6a724c01cae50453019bf6e1ad6bea58-363b279c66dfca47b50075569e3c6b8f1824a3c8&ds=AVG&v=9.0.0.18&lang=us&pr=fr&d=2011-12-13%2018%3A55%3A25&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\Firefox [2010/02/15 16:12:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/08 19:17:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox [2011/01/02 16:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/12/14 16:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/11 23:54:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/26 18:05:19 | 000,000,000 | ---D | M]
[2010/06/25 16:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\millie\AppData\Roaming\Mozilla\Extensions
[2010/05/21 15:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\millie\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/05/18 14:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\millie\AppData\Roaming\Mozilla\Firefox\Profiles\h8ezm1zs.default\extensions
[2012/05/18 14:46:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\millie\AppData\Roaming\Mozilla\Firefox\Profiles\h8ezm1zs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/26 18:14:38 | 000,002,572 | ---- | M] () -- C:\Users\millie\AppData\Roaming\Mozilla\Firefox\Profiles\h8ezm1zs.default\searchplugins\informative-google-search.xml
[2012/05/11 23:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/03 17:57:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/05/11 23:54:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/06 21:46:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/13 19:56:35 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/05/11 23:54:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/11 23:54:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/08/15 07:34:26 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe (Support.com, Inc.)
O4 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000..\Run: [iLike] C:\Program Files\iLike\1.2.18\ilikesidebar.exe (iLike)
O4 - Startup: C:\Users\millie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3108643506-636927696-2022615235-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.206.10.3 128.206.10.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33938668-6963-43A1-BF98-6F032D4A8B80}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD700D70-4407-43E8-AA8B-DDA1E4D7C854}: DhcpNameServer = 128.206.10.3 128.206.10.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\millie\Pictures\hilltop-mountain-skys.jpg
O24 - Desktop BackupWallPaper: C:\Users\millie\Pictures\hilltop-mountain-skys.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/15 17:49:40 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/15 17:49:40 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/15 07:34:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/15 05:05:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/15 04:58:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\millie\Desktop\OTL.exe
[2012/08/14 20:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/14 20:04:48 | 002,322,184 | ---- | C] (ESET) -- C:\Users\millie\Desktop\esetsmartinstaller_enu.exe
[2012/08/14 19:42:22 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/08/14 19:42:22 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/08/14 19:42:02 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/08/14 19:42:02 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/08/14 19:42:02 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/08/14 19:41:54 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/08/14 19:41:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/08/12 19:33:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/12 19:33:29 | 000,000,000 | ---D | C] -- C:\Users\millie\AppData\Local\temp
[2012/08/12 19:27:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/12 19:11:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/12 19:11:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/12 19:11:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/12 19:11:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/12 15:47:44 | 001,163,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\millie\Desktop\avg_remover_stf_x86_2011_1322.exe
[2012/08/11 19:54:52 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\millie\Desktop\ComboFix.exe
[2012/08/11 16:24:14 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\millie\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/06 12:25:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\millie\Desktop\aswMBR.exe
[1 C:\Users\millie\Desktop\*.tmp files -> C:\Users\millie\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/15 18:17:44 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/15 18:17:44 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/15 18:11:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 18:10:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 18:10:16 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 18:10:16 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 18:10:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/15 18:10:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 18:09:36 | 3084,521,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/15 17:49:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/15 17:49:40 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/15 07:34:26 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/08/15 04:58:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\millie\Desktop\OTL.exe
[2012/08/14 20:04:54 | 002,322,184 | ---- | M] (ESET) -- C:\Users\millie\Desktop\esetsmartinstaller_enu.exe
[2012/08/12 15:47:42 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\millie\Desktop\avg_remover_stf_x86_2011_1322.exe
[2012/08/11 20:03:18 | 000,001,254 | ---- | M] () -- C:\Users\millie\Desktop\Clean Registry for Free!.lnk
[2012/08/11 19:55:24 | 004,729,547 | R--- | M] (Swearware) -- C:\Users\millie\Desktop\ComboFix.exe
[2012/08/11 16:15:18 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\millie\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/06 12:34:59 | 000,000,512 | ---- | M] () -- C:\Users\millie\Desktop\MBR.dat
[2012/08/06 12:26:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\millie\Desktop\aswMBR.exe
[1 C:\Users\millie\Desktop\*.tmp files -> C:\Users\millie\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/15 17:49:41 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/14 19:32:45 | 3084,521,472 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/12 19:11:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/12 19:11:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/12 19:11:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/12 19:11:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/12 19:11:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/11 20:03:18 | 000,001,254 | ---- | C] () -- C:\Users\millie\Desktop\Clean Registry for Free!.lnk
[2012/08/06 12:34:59 | 000,000,512 | ---- | C] () -- C:\Users\millie\Desktop\MBR.dat
[2012/01/20 22:15:27 | 000,000,000 | ---- | C] () -- C:\Users\millie\AppData\Local\{A109E092-F915-4208-99CC-4BE276F75047}
[2011/12/13 19:49:45 | 000,000,304 | ---- | C] () -- C:\ProgramData\~wM3PUeNRInRpGC
[2011/12/13 19:49:45 | 000,000,216 | ---- | C] () -- C:\ProgramData\~wM3PUeNRInRpGCr
[2011/12/13 19:49:35 | 000,000,440 | ---- | C] () -- C:\ProgramData\wM3PUeNRInRpGC
[2010/10/03 17:59:34 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/04 20:20:40 | 000,002,865 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010/02/15 16:48:57 | 000,001,356 | ---- | C] () -- C:\Users\millie\AppData\Local\d3d9caps.dat
[2009/07/28 17:44:03 | 000,000,390 | ---- | C] () -- C:\Users\millie\AppData\Roaming\wklnhst.dat
[2008/12/28 19:50:17 | 000,140,800 | ---- | C] () -- C:\Users\millie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2010/12/10 22:55:47 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\Canon
[2012/05/11 22:53:53 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\CBS Interactive
[2012/05/11 23:30:52 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\DriverCure
[2009/11/27 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\Gamelab
[2011/12/13 01:41:24 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\go
[2010/06/27 21:28:22 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\iLike
[2011/12/27 19:23:08 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\IObit
[2009/12/30 18:32:23 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\MusicIP
[2012/05/11 23:02:57 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\Sammsoft
[2011/06/03 13:58:00 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\SMART Technologies
[2011/06/03 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\SMART Technologies Inc
[2010/09/11 19:13:26 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\Spadester
[2012/05/11 23:30:52 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\SpeedMaxPc
[2009/07/28 17:45:10 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\Template
[2010/05/08 19:07:43 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\TOSHIBA
[2010/03/19 12:50:17 | 000,000,000 | ---D | M] -- C:\Users\millie\AppData\Roaming\Uniblue
[2012/08/15 18:08:43 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/11 23:32:22 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Registration3.job
[2012/05/11 23:30:34 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Update3.job
[2012/05/11 23:30:34 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3C6E4889
< End of report >
Looking good except for ASK Toolbar, let me know if you want to remove it
Thanks. Yes, I would like to remove it.
Lets remove iWinGames also as that program falls somewhere in the gray area
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox [2011/01/02 16:36:20 | 000,000,000 | ---D | M]
:Services
SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
:Reg
:Files
C:\Program Files\iWin Games
c:\program files\ask.com
:Commands
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Here are the results
All processes killed
========== PROCESSES ==========
========== OTL ==========
Service iWinTrusted stopped successfully!
Service iWinTrusted deleted successfully!
C:\Program Files\iWin Games\iWinTrusted.exe moved successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\ProgramData\iWin Games\firefox not found.
========== SERVICES/DRIVERS ==========
Error: No service named SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.) was found to stop!
Service\Driver key SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.) not found.
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\iWin Games\sounds folder moved successfully.
C:\Program Files\iWin Games\pages folder moved successfully.
C:\Program Files\iWin Games\gamepage\styles folder moved successfully.
C:\Program Files\iWin Games\gamepage\scripts folder moved successfully.
C:\Program Files\iWin Games\gamepage\images\product folder moved successfully.
C:\Program Files\iWin Games\gamepage\images\plans folder moved successfully.
C:\Program Files\iWin Games\gamepage\images\ous folder moved successfully.
C:\Program Files\iWin Games\gamepage\images\misc folder moved successfully.
C:\Program Files\iWin Games\gamepage\images\global folder moved successfully.
C:\Program Files\iWin Games\gamepage\images\common folder moved successfully.
C:\Program Files\iWin Games\gamepage\images\buttons folder moved successfully.
C:\Program Files\iWin Games\gamepage\images folder moved successfully.
C:\Program Files\iWin Games\gamepage\css folder moved successfully.
C:\Program Files\iWin Games\gamepage folder moved successfully.
C:\Program Files\iWin Games\firefox\chrome folder moved successfully.
C:\Program Files\iWin Games\firefox folder moved successfully.
C:\Program Files\iWin Games folder moved successfully.
File\Folder c:\program files\ask.com not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: millie
->Temp folder emptied: 36646 bytes
->Temporary Internet Files folder emptied: 33334 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36159090 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 35.00 mb
OTL by OldTimer - Version 3.2.57.0 log created on 08152012_211553
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
:bigthumb:
How is everything running now ?
It seems to be running fine now.
Great, thats wonderful
We need to update your Java to keep you more secure
Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 5, if not proceed with the instructions.
Then go to the update Tab and update it
Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.
You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
:( after following the last set of directions, the computer hard freezes a few minutes after startup (alt-ctrl-delete isn't even responsive).
Just press and hold the power button on your computer for 5 seconds or more until it shuts down and then restart it
I've rebooted the system several times, and I occasionally get this message box directly after rebooting
"Unable to create file:
C:\Windows\ERDNT\AutoBackup\8-22-2012\ERDNT.INF
Registry backup will continue, but no restore information for the ERDNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the files."
Then the computer seems to run fine as long as I don't plug in the ethernet cable. But sometimes if I plug in the ethernet cable and open firefox, it hard freezes almost immediately.
C:\Windows\ERDNT <-- This message is caused by ERUNT wanting to make a registry backup but ERUNT may be damaged, open it up and disable any automatic backups, really dont need it now.
As far as FF freezing when you plug in your lan cable, not sure, have you turned the computer off, then plug in your cable and restart yourcomputer and see if that helps.
In your original post you stated that things ran fine in Safemode but a lot of things where unresponsive in normal windows, you may want to think about doing a System Repair and maybe even a format of your hard drive and a fresh clean install of windows, if you want to do this let me know and I can link you to a windows forum that we work closely with that can help you. Do you have your windows CD or the Recovery CD that came with your computer ?