-
"internet security" virus
There is an "internet security" virus on my mom's laptop.
I can run safe mode with no problems.
I can run normal mode, but it is very unresponsive in normal mode.
I generated the dds log in safe mode.
I tried to generate the dds log in normal mode, but it wouldn't work.
I posted/attached the requested items.
Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_22
Run by millie at 12:20:33 on 2012-08-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.2546 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?ptnrS=ZKxdm176YYUS&ptb=DODoiURCVdvnJ7SfLXtKyQ&n=77ce7bc2
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1355.0\npwinext.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\5.0.1355.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1355.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [iLike] c:\program files\ilike\1.2.18\ilikesidebar.exe /checkforupdate
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Internet Security] c:\users\millie\appdata\roaming\isecurity.exe
uRun: [AROReminder] c:\program files\aro 2012\ARO.exe -rem
uRun: [AdobeUpdater6] "c:\program files\common files\adobe\updater6\Adobe_Updater.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SMART Board Service] c:\program files\smart technologies\smart product drivers\SMARTBoardService.exe
mRun: [SMART SNMP Agent] c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe -e
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\users\millie\appdata\local\micros~4\cnette~1.lnk - c:\users\millie\appdata\roaming\cbs interactive\cnet techtracker\TechTracker.exe
StartupFolder: c:\users\millie\appdata\local\micros~4\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\millie\appdata\local\microsoftnt\winserver.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{33938668-6963-43A1-BF98-6F032D4A8B80} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{BD700D70-4407-43E8-AA8B-DDA1E4D7C854} : DhcpNameServer = 192.168.254.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll
IFEO: image file execution options - svchost.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\millie\appdata\roaming\mozilla\firefox\profiles\h8ezm1zs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7d176c81-080e-4ab7-beba-94e7001fe9cd%7D&mid=6a724c01cae50453019bf6e1ad6bea58-363b279c66dfca47b50075569e3c6b8f1824a3c8&ds=AVG&v=9.0.0.18&lang=us&pr=fr&d=2011-12-13%2018%3A55%3A25&sap=ku&q=
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1355.0\npwinext.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-12 7168]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2011-1-25 11632]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2011-1-25 14704]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2011-1-25 21872]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-4 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-4 29712]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-4 243152]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-8-27 20352]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-11-24 78104]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 167264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-8-27 937984]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-11 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 12:22:55.18 ===============
And here is the aswMBR log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-06 12:32:32
-----------------------------
12:32:32.841 OS Version: Windows 6.0.6002 Service Pack 2
12:32:32.841 Number of processors: 2 586 0x6802
12:32:32.841 ComputerName: MILLIE-PC UserName: millie
12:32:34.573 Initialize success
12:33:27.005 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:33:27.005 Disk 0 Vendor: WDC_WD2500BEVS-26UST0 01.01A01 Size: 238475MB BusType: 3
12:33:27.020 Disk 0 MBR read successfully
12:33:27.020 Disk 0 MBR scan
12:33:27.036 Disk 0 Windows VISTA default MBR code
12:33:27.036 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
12:33:27.052 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 236974 MB offset 3074048
12:33:27.067 Disk 0 scanning sectors +488396800
12:33:27.145 Disk 0 scanning C:\Windows\system32\drivers
12:33:34.711 Service scanning
12:33:50.186 Modules scanning
12:33:53.603 Disk 0 trace - called modules:
12:33:53.634 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:33:53.634 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85765030]
12:33:53.650 3 CLASSPNP.SYS[82d0d8b3] -> nt!IofCallDriver -> [0x8574bc10]
12:33:53.665 5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85741538]
12:33:53.681 Scan finished successfully
12:34:59.654 Disk 0 MBR has been saved successfully to "C:\Users\millie\Desktop\MBR.dat"
12:34:59.669 The log file has been saved successfully to "C:\Users\millie\Desktop\aswMBR-07-06-2012.txt"
-
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
You can run Malwarebytes from Safemode with Networking and run it.
To Enter Safemode
- Go to Start> Shut off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu. - Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
- Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode
Please download Malwarebytes from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Last edited by ken545; 2012-08-11 at 17:59.
-
Thanks.
I have backed up all of the valuable files. Here is the log that was generated after the scan/removal.
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.11.04
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19190
millie :: MILLIE-PC [administrator]
8/11/2012 4:40:43 PM
mbam-log-2012-08-11 (16-40-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207984
Time elapsed: 8 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Rogue.InternetSecurity) -> Data: C:\Users\millie\AppData\Roaming\isecurity.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\millie\AppData\Roaming\isecurity.exe (Rogue.InternetSecurity) -> Quarantined and deleted successfully.
(end)
-
Great, but I am sure there is more to remove
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
-
It looks like this computer has AVG 9.0 on it, but I can't seem to bring up the main user interface of AVG 9, and it looks like I need that interface in order to disable that program. Would it be ok to just uninstall AVG 9 before proceeding with combofix, or would that be problematic? I don't know how else to disable this program. (After this entire malware removal process is completed, I intend to uninstall AVG 9 anyway and replace it with avast.)
Also, while I was trying to find any anti virus programs on the computer, I ran across a program called "ARO 2012" that was installed. I googled "ARO 2012", and it seems suspicious. Would you recommend uninstalling "ARO 2012" after everything is complete, or is "ARO 2012" part of the malware problem?
-
Good Morning,
http://download.cnet.com/ARO-2012/30...-10183947.html
This program is not malicious but is not needed, I would uninstall it along with uninstalling AVG, we can reinstall AVG when where done or another one I can recommend.
Here is an uninstaller for AVG if it gives you problems uninstalling
http://www.avg.com/us-en/download-tools
http://download.avg.com/filedir/util..._2011_1322.exe
Either way, if you uninstall AVG or not, go ahead and run Combofix
-
I uninstalled AVG before running combofix. Here is the log.
ComboFix 12-08-10.02 - millie 08/12/2012 19:16:36.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.2461 [GMT -5:00]
Running from: c:\users\millie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\millie\AppData\Roaming\.#
c:\users\millie\AppData\Roaming\.#\MBX@1310@3E2748.###
c:\users\millie\AppData\Roaming\.#\MBX@1310@3E2778.###
c:\users\millie\AppData\Roaming\.#\MBX@1480@1D92748.###
c:\users\millie\AppData\Roaming\.#\MBX@1480@1D92778.###
c:\users\millie\AppData\Roaming\.#\MBX@5B0@1742748.###
c:\users\millie\AppData\Roaming\.#\MBX@5B0@1742778.###
c:\users\millie\AppData\Roaming\.#\MBX@D4C@1C52748.###
c:\users\millie\AppData\Roaming\.#\MBX@D4C@1C52778.###
c:\users\millie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cb.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cid.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cid.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fix.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\fix.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FS.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FS.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FS.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FS.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FW.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\gid.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\grid.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\grid.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddl.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddl.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SM.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SM.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\snl2w.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\std.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\std.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\millie\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\millie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\millie\Desktop\Internet Security.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 00:25 . 2012-08-13 00:25 -------- d-----w- c:\users\millie\AppData\Local\temp
2012-08-13 00:25 . 2012-08-13 00:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 21:36 . 2012-08-11 21:36 711240 ----a-w- c:\windows\is-4QVJ3.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 18:46 . 2010-03-19 05:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-12 04:54 . 2011-05-26 23:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-14 00:56 1547104 ----a-w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-14 1547104]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-09 39408]
"iLike"="c:\program files\iLike\1.2.18\ilikesidebar.exe" [2008-09-10 63024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"AROReminder"="c:\program files\ARO 2012\ARO.exe" [2012-01-06 2552688]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-01-08 2521464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2011-01-25 5893488]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2011-01-25 1678704]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-14 827232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"InnoSetupRegFile.0000000001"="c:\windows\is-4QVJ3.exe" [2012-08-11 711240]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
"AvgRemover"="c:\users\millie\Desktop\avg_remover_stf_x86_2011_1322.exe" [2012-08-12 1163104]
.
c:\users\millie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2009-4-25 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2011-1-25 13320560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^millie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\millie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^millie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\millie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-01-22 21:25 712704 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-01-19 23:10 243032 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1355.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-10-26 00:41 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-02-13 02:32 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 05:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-07-03 18:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-11 23:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-30 01:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 01:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 04:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-09 17:55 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 23:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-07 01:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-01-17 23:27 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:08]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 02:08]
.
2012-05-12 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2011-12-12 22:43]
.
2012-05-12 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\Update3.exe [2011-12-12 22:43]
.
2012-05-12 c:\windows\Tasks\SpeedMaxPc.job
- c:\program files\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe [2011-12-22 00:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?ptnrS=ZKxdm176YYUS&ptb=DODoiURCVdvnJ7SfLXtKyQ&n=77ce7bc2
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 128.206.10.3 128.206.10.2
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\millie\AppData\Roaming\Mozilla\Firefox\Profiles\h8ezm1zs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7d176c81-080e-4ab7-beba-94e7001fe9cd%7D&mid=6a724c01cae50453019bf6e1ad6bea58-363b279c66dfca47b50075569e3c6b8f1824a3c8&ds=AVG&v=9.0.0.18&lang=us&pr=fr&d=2011-12-13%2018%3A55%3A25&sap=ku&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-NDSTray - NDSTray.exe
AddRemove-{AA63780B-DDB7-417b-8A13-E5AFBE08E807} - c:\users\millie\AppData\Local\CyberDefender Internet Security\cdinstx.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-12 19:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-08-12 19:33:27
ComboFix-quarantined-files.txt 2012-08-13 00:33
.
Pre-Run: 155,940,651,008 bytes free
Post-Run: 156,466,733,056 bytes free
.
- - End Of File - - 7180E4E7ECDA8879A952F7244828F97D
-
Hi,
What I would do is uninstall ASK Toolbar, it modifies your browser setting, but if you use and like it then leave it be.
You need to enable windows to show all files and folders, instructions Here
Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.
c:\windows\is-4QVJ3.exe<--This file
If the site is busy you can try this one
http://virusscan.jotti.org/en
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Check
- Click the button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option "Remove found threats" is Unchecked
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time. - When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply. - Push the button.
- Push
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
-
I followed the instructions on enabling windows to show all files and folders, but I still can't find this file
c:\windows\is-4QVJ3.exe
I also opened the windows folder and made sure that the view settings were set to "show hidden files and folders, show extensions for known file types, show protected operating system files", but I still can't find it.
Here are the results of the ESET scan:
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\Users\millie\AppData\Local\MicrosoftNT\winserver.exe a variant of Win32/Kryptik.ACHY trojan
C:\Users\millie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5ecf6a4c-44b55155 Java/Exploit.CVE-2011-3544.T trojan
C:\Users\millie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6319d051-7a7842e4 Java/TrojanDownloader.OpenConnection.AR trojan
C:\Users\millie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7be11851-113e40e9 multiple threats
C:\Users\millie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\26d395dc-4c44d17d multiple threats
C:\Users\millie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4d4444e0-2be8cb3c Java/Agent.EA trojan
C:\Users\millie\Downloads\asc-setup(1).exe a variant of Win32/Toolbar.Widgi application
C:\Users\millie\Downloads\asc-setup-2011pro(1).exe a variant of Win32/Toolbar.Widgi application
C:\Users\millie\Downloads\asc-setup-2011pro.exe a variant of Win32/Toolbar.Widgi application
-
Good Morning,
Lets not worry about that file right now
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules