Mini Spy

Loading...

Latest Threads

Loading...
 
  1. Before you start!
    All given instructions in this forum are customized for each help request, the tools used may cause damage if used on a computer with different infections. If you think you have similar issues, please post the appropriate logs in our Malware Removal Assistance forum and wait for help.

    Please be aware that removing Malware is a potentially hazardous undertaking. We will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for us to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and we cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    We strongly advise you to backup any personal files and folders before you start.

Wise Convert Community Toolbar

Discussion in 'Malware Removal Assistance' started by ArizEagle, Dec 29, 2012.

  1. ArizEagle

    ArizEagle Regular Member

    Reputation:
    0
    Joined:
    Dec 26, 2012
    Messages:
    55
    Likes Received:
    0
    Here are the results of the OTL Scan:

    OTL logfile created on: 12/29/2012 1:42:52 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.90 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 45.05% Memory free
    6.85 Gb Paging File | 5.21 Gb Available in Paging File | 76.03% Paging File free
    Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.70 Gb Total Space | 83.84 Gb Free Space | 60.44% Space Free | Partition Type: NTFS
    Drive D: | 10.34 Gb Total Space | 1.78 Gb Free Space | 17.17% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found
    PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
    PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
    PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\SMINST\BLService.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
    MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll ()
    MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll ()
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
    MOD - C:\Program Files\OpenOffice.org 3\program\libxslt.dll ()


    ========== Services (SafeList) ==========

    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
    SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
    DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
    DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}
    IE - HKLM\..\SearchScopes\{7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
    IE - HKLM\..\SearchScopes\{86336D6B-C1D5-4EC7-B038-A0D3290449FD}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{1B51FEB4-E04C-4DD1-AFC1-4F0ABD02ED51}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={1DD32051-58E8-4EEB-A7B5-F47D5D4FE0DA}&mid=ce0793b5593c47d6a4e6d156509fa4c0-ff9a8face4ef37f8745aabf7f6f2f7468451d1c4&lang=en&ds=AVG&pr=fr&d=2012-10-18 14:33:56&v=13.2.0.1&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{C2A2DF2E-0DFC-4A92-9995-01E0AC03C069}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
    FF - prefs.js..extensions.enabledAddons: avg@toolbar:13.2.0.5
    FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid={1DD32051-58E8-4EEB-A7B5-F47D5D4FE0DA}&mid=ce0793b5593c47d6a4e6d156509fa4c0-ff9a8face4ef37f8745aabf7f6f2f7468451d1c4&lang=en&ds=AVG&pr=fr&d=2012-10-18 14:33:56&v=13.2.0.1&sap=ku&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/10 01:58:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/27 13:33:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012/02/29 20:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
    [2012/11/19 12:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ivp0wbj8.default\extensions
    [2012/10/17 23:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/18 07:21:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/12/29 00:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
    [2012/12/29 00:02:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012/12/29 00:02:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/11/10 01:58:10 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.5
    [2012/09/23 08:35:50 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/11/10 01:57:56 | 000,003,571 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/23 08:35:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/23 08:35:49 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2AFB4E5-A1E8-415B-A7B3-A433B3227715}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/28 23:13:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL(2).exe
    [2012/12/27 23:44:20 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\CrashDumps
    [2012/12/27 23:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2012/12/27 23:38:33 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Conduit
    [2012/12/27 23:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\WiseConvert
    [2012/12/25 14:19:46 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2012/12/25 14:19:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2012/12/11 14:43:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/12/11 14:43:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/12/11 14:43:25 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2012/12/11 14:43:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/12/11 14:43:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/12/11 14:43:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/12/11 14:43:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/12/11 14:43:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/12/11 14:41:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
    [2012/12/11 14:41:17 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
    [2012/12/11 14:41:17 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
    [2012/12/11 14:41:17 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
    [2012/12/11 14:41:15 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
    [2012/12/11 14:41:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
    [2012/12/11 14:37:10 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/12/11 14:37:09 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
    [2012/12/11 14:37:09 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
    [2012/12/11 14:36:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2012/12/10 11:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/12/01 08:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/12/29 01:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/29 01:36:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/12/29 00:33:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/29 00:33:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/28 23:15:33 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/12/28 23:15:33 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/12/28 23:13:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL(2).exe
    [2012/12/28 22:34:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/28 22:33:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/28 22:33:45 | 3119,722,496 | -HS- | M] () -- C:\hiberfil.sys
    [2012/12/27 23:49:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job
    [2012/12/26 14:30:43 | 000,034,043 | ---- | M] () -- C:\Users\owner\Documents\Homes - Carmichael - 2012.ods
    [2012/12/26 12:19:30 | 000,306,332 | ---- | M] () -- C:\Users\owner\Documents\Medjugorie Message.odt
    [2012/12/26 00:01:01 | 000,128,416 | ---- | M] () -- C:\Users\owner\Documents\Deck of Cards.odt
    [2012/12/25 22:07:04 | 000,351,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/12/25 08:37:22 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/12/25 08:37:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/12/16 05:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2012/12/16 02:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2012/12/10 11:59:54 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/12/01 08:06:42 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    [2012/12/01 08:06:42 | 000,001,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/12/28 09:16:40 | 3119,722,496 | -HS- | C] () -- C:\hiberfil.sys
    [2012/12/11 14:41:29 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/12/11 14:41:29 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/07/15 21:41:17 | 000,001,072 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
    [2012/06/21 00:18:33 | 000,033,758 | ---- | C] () -- C:\Users\owner\AppData\Local\dt.dat
    [2011/07/01 05:48:46 | 000,060,304 | ---- | C] () -- C:\Users\owner\g2mdlhlpx.exe
    [2011/05/13 07:52:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/05/13 07:52:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/04/16 15:51:27 | 000,139,791 | ---- | C] () -- C:\Windows\hpoins15.dat
    [2010/05/15 09:30:04 | 000,004,608 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/04/23 01:01:27 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 04:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >

    Here is the OTL Extra file:

    OTL Extras logfile created on: 12/29/2012 1:42:52 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.90 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 45.05% Memory free
    6.85 Gb Paging File | 5.21 Gb Available in Paging File | 76.03% Paging File free
    Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.70 Gb Total Space | 83.84 Gb Free Space | 60.44% Space Free | Partition Type: NTFS
    Drive D: | 10.34 Gb Total Space | 1.78 Gb Free Space | 17.17% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4156696597-1341229448-2497781583-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00CB93EF-0717-4C20-AAE7-DCCD3D9AD48B}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
    "{1A9BA254-91CA-4E3F-AED8-3C88D4C1877D}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00F1A93B-502C-449E-AA33-4161A25D37DF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{075D420D-A659-4966-A214-7B9D6793D810}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{15612316-5D26-4960-AEFB-6D6BB1FBADAE}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{2FFD9B92-AD55-40F5-B9FF-7637C2EAF603}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{35D96FB4-3233-490C-A3AF-3FAFD97B2F63}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{3AA85B49-F91A-4308-9E3F-7A816C34CFB4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{4ED40416-09F8-4F1C-8BB4-2F9DBA1787E5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{4F17C458-0B27-4C1E-9425-81C15FB932F9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{56D49D58-36C8-4AAB-84BA-112ADBB14EF4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{67942ACE-3121-4911-897D-D6DEE6BCC36E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{7023FFA7-035D-44F0-831C-364E6404FA3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{A6F823F0-2B58-4A4D-9AAD-CA63DCD2F495}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{B41EA4AD-7BEB-49BB-B34D-7F97355875C8}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{CA591556-87B5-40C2-8CCB-3B73F63BCED6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{D53B8B7E-D3B8-4479-B152-393894654F29}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{DCC24E8D-3905-464F-95CA-8DE3303962D5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{E4756FD8-1EA7-4A0D-AAEF-334DBEBC3DAE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{F3B215A1-F050-4DEE-932D-30EA7D61BEBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "TCP Query User{B9500B90-7B5E-40B7-A325-1CA43135CBFA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{148D1F22-A3EE-4354-A4AF-D9961786BE44}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
    "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
    "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3256C48C-78D0-4FC6-A0F5-81ADF3A9D7D4}" = AVG 2013
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
    "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
    "{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
    "{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
    "{63505193-EE81-450B-9F74-B1F25FAE64B7}" = Rand McNally SGDE Engine V6.40
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A98467A-CB99-4DCA-ACF6-A826F902D849}" = Rand McNally Street Guide Sacramento & Solano Counties
    "{7C118AFD-6E0F-45DD-BD5A-3D96BBD1DFAA}" = Rand McNally Street Guide Sacramento & Solano Counties
    "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
    "{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
    "{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
    "{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
    "{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
    "{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
    "{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
    "{BE50CAF7-C98E-4242-B476-C1BCEFC6E22E}" = Rand McNally SGDE Search Databases
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
    "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
    "{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
    "{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVG" = AVG 2013
    "AVG Secure Search" = AVG Security Toolbar
    "Canon MP280 series User Registration" = Canon MP280 series User Registration
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 9.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.01
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 9.0
    "HPOCR" = HP OCR Software 9.0
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{7A98467A-CB99-4DCA-ACF6-A826F902D849}" = Rand McNally Street Guide Sacramento & Solano Counties
    "InstallShield_{7C118AFD-6E0F-45DD-BD5A-3D96BBD1DFAA}" = Rand McNally Street Guide Sacramento & Solano Counties
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TurboTax 2010" = TurboTax 2010
    "WiseConvert Toolbar" = WiseConvert Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 5.1.0.880

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/18/2012 5:43:21 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/18/2012 5:47:32 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/18/2012 5:55:10 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application avgidsagent.exe, version 13.0.0.2792, time stamp
    0x50993b63, faulting module MSVCR100.dll, version 10.0.40219.325, time stamp 0x4df2be1e,
    exception code 0xc0000005, fault offset 0x0001025a, process id 0x1b0, application
    start time 0x01cddd693f91ad65.

    Error - 12/19/2012 3:04:30 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/25/2012 12:21:57 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/26/2012 2:07:40 AM | Computer Name = owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/28/2012 3:44:13 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 9.0.8112.16457, time stamp
    0x50a2f9e3, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
    exception code 0xc0000005, fault offset 0x00066e5f, process id 0xebc, application
    start time 0x01cde32f61174f10.

    Error - 12/28/2012 3:49:48 AM | Computer Name = owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/28/2012 3:52:19 AM | Computer Name = owner-PC | Source = EventSystem | ID = 4609
    Description =

    Error - 12/28/2012 3:52:26 AM | Computer Name = owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/28/2012 5:14:51 AM | Computer Name = owner-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 12/28/2012 1:18:20 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 12/28/2012 1:42:04 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/28/2012 1:42:04 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 12/28/2012 1:42:04 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 12/28/2012 4:43:49 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 12/28/2012 9:47:57 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/28/2012 9:47:57 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 12/28/2012 9:56:46 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 12/29/2012 2:34:22 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/29/2012 2:34:22 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7006
    Description =


    < End of report >

    It doesn't affect my Firefox...
    You did a great job on my Win 7 Defender virus...!!
     
  2. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Hi,

    Open OTL. Under custom scan/fixes, copy and paste the following:

    Then click Run Fix. Post the log afterwards.

    Then using the same instructions as your other thread, download and scan with Malwarebytes.
     
  3. ArizEagle

    ArizEagle Regular Member

    Reputation:
    0
    Joined:
    Dec 26, 2012
    Messages:
    55
    Likes Received:
    0
    I completed the Fix.

    Here's the results:
    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ deleted successfully.
    C:\Program Files\WiseConvert\prxtbWise.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86336D6B-C1D5-4EC7-B038-A0D3290449FD}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86336D6B-C1D5-4EC7-B038-A0D3290449FD}\ not found.
    Registry value HKEY_USERS\S-1-5-21-4156696597-1341229448-2497781583-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
    File C:\Program Files\WiseConvert\prxtbWise.dll not found.
    HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-21-4156696597-1341229448-2497781583-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C2A2DF2E-0DFC-4A92-9995-01E0AC03C069}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A2DF2E-0DFC-4A92-9995-01E0AC03C069}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
    File C:\Program Files\WiseConvert\prxtbWise.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
    File C:\Program Files\WiseConvert\prxtbWise.dll not found.
    Registry value HKEY_USERS\S-1-5-21-4156696597-1341229448-2497781583-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-4156696597-1341229448-2497781583-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F2AFB4E5-A1E8-415B-A7B3-A433B3227715}\\DhcpNameServer| /E : value set successfully!
    ========== FILES ==========
    C:\Program Files\Conduit\Community Alerts folder moved successfully.
    C:\Program Files\Conduit folder moved successfully.
    C:\Users\owner\AppData\Local\Conduit\CT3196716 folder moved successfully.
    C:\Users\owner\AppData\Local\Conduit folder moved successfully.
    C:\Program Files\WiseConvert folder moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\owner\Desktop\cmd.bat deleted successfully.
    C:\Users\owner\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: owner
    ->Temp folder emptied: 29623480 bytes
    ->Temporary Internet Files folder emptied: 19927464 bytes
    ->Java cache emptied: 474710 bytes
    ->FireFox cache emptied: 207619384 bytes
    ->Flash cache emptied: 56774 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1111 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 46781098 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 547084 bytes

    Total Files Cleaned = 291.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 12292012_121754

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Next:
    Malwarebytes to follow.
     
  4. ArizEagle

    ArizEagle Regular Member

    Reputation:
    0
    Joined:
    Dec 26, 2012
    Messages:
    55
    Likes Received:
    0
    Hi Fiery:
    Here are the results of the Malwarebytes scan:

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2012.12.29.10

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    owner :: OWNER-PC [administrator]

    12/29/2012 12:27:21 PM
    mbam-log-2012-12-29 (12-27-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206534
    Time elapsed: 4 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Continued Thanks!!
     
  5. ArizEagle

    ArizEagle Regular Member

    Reputation:
    0
    Joined:
    Dec 26, 2012
    Messages:
    55
    Likes Received:
    0
    Here are the results of the AdwCleaner scan:
    # AdwCleaner v2.104 - Logfile created 12/29/2012 at 13:12:31
    # Updated 29/12/2012 by Xplode
    # Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
    # User : owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\owner\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Found : C:\Program Files\AVG Secure Search
    Folder Found : C:\Program Files\Common Files\AVG Secure Search
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\Users\owner\AppData\Local\AVG Secure Search
    Folder Found : C:\Users\owner\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Users\owner\AppData\LocalLow\Conduit
    Folder Found : C:\Users\owner\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\owner\AppData\LocalLow\WiseConvert

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AppDataLow\Software\WiseConvert
    Key Found : HKCU\Software\AppDataLow\Toolbar
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7564CEDC-1A41-4E65-82BF-92B7BC78E260}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF43D083-F8F2-4974-AFF6-0D2B1B5ED1AB}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\Software\WiseConvert
    Key Found : HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (en-US)

    File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ivp0wbj8.default\prefs.js

    Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.5");
    Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={1DD32051-58E8-4EEB-A7B5-F47D5D4FE0DA}&[...]

    *************************

    AdwCleaner[R1].txt - [6826 octets] - [29/12/2012 12:40:08]
    AdwCleaner[R2].txt - [6536 octets] - [29/12/2012 13:12:31]

    Hope this shows all's good!
    ;)
     
  6. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Hi,

    You can do a scan with adwCleaner and click delete

    Is the toolbar still there?
     
  7. ArizEagle

    ArizEagle Regular Member

    Reputation:
    0
    Joined:
    Dec 26, 2012
    Messages:
    55
    Likes Received:
    0
    I have the box with "Scan - Delete - Uninstall - Donate" tabs.
    I hit the "Scan" and posted the results.
    Obviously, I must be missing something in not being able to download the program to my desktop...
     
  8. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Hi,

    hit the Scan button. After it finishes, just press delete
     
  9. Littlebits

    Littlebits Super Moderator MalwareTips Staff

    Reputation:
    1,000
    Joined:
    May 3, 2011
    Messages:
    4,004
    Likes Received:
    3,115
    Uninstalling the toolbar

    How do I uninstall the WiseConvert toolbar?
    You may uninstall this software at any time and with no limitations, using the standard uninstall procedures as offered with your computer's operating system or your Internet browser.

    Internet Explorer users
    Click the Start button and then select Settings > Control Panel > Add/Remove Programs.
    In the list of programs, find the WiseConvert toolbar, select it, and click Change/Remove.

    Firefox users
    In the Firefox browser menu, select Add-ons > Extensions.
    Select the WiseConvert Community Toolbar.
    Click Remove.

    Safari users
    Open the Finder application and browse to Applications.
    Scroll down to Toolbars and click on WiseConvert.
    Double-click on “Uninstall”.
    Fill in the “User name & Password” and click the OK button.

    Chrome users
    In the Google Chrome browser, go to chrome://extensions/.
    Find WiseConvert in the list.
    Click Uninstall.
    I can’t uninstall the WiseConvert toolbar.
    Visit the WiseConvert Community Toolbar's download page and reinstall the toolbar.
    Restart your computer.
    Uninstall the toolbar again.

    http://wiseconvert.ourtoolbar.com/help/

    Please note that this toolbar is not malicious, just a simple adware. It is very easy to uninstall no special tools are needed.

    Enjoy!!:D
     
  10. ArizEagle

    ArizEagle Regular Member

    Reputation:
    0
    Joined:
    Dec 26, 2012
    Messages:
    55
    Likes Received:
    0
    Fiery...
    Here is a copy of the Report re: RogueKiller
    RogueKiller V8.4.1 [Dec 28 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : owner [Admin rights]
    Mode : Scan -- Date : 12/30/2012 21:13:14

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ÿþ1

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD1600BEVT-60ZCT1 ATA Device +++++
    --- User ---
    [MBR] ce6a759d75dde47f7c8ba1bd73099ba8
    [BSP] 4c227b7c2348dec3100bd391fb112ae6 : Toshiba tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 142032 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 290883584 | Size: 10591 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_12302012_02d2113.txt >>
    RKreport[1]_S_12302012_02d2113.txt

    I'm hesitant in removing (Deleting) 4 files that were checked:

    They are listed on the RogueKiller Status page as:
    Key Value Data
    SOFTWARE\Microsoft\Windows\... EnableLUA 0
    SOFTWARE\Microsoft\Windows\... Start_Sho... 0
    SOFTWARE\Microsoft\Windows\... {59031a4... 1
    SOFTWARE\Microsoft\Windows\... {20D04FE... 1

    They appear to be Microsoft. Let me know... Thanks
     
  11. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Hi there,

    That appears to be fine. Is your IE still locked up?
     
  12. ArizEagle

    ArizEagle Regular Member

    Reputation:
    0
    Joined:
    Dec 26, 2012
    Messages:
    55
    Likes Received:
    0
    No...
    IE is working fine.
    Why would the RogueKill list these 4 programs?
    Key Type / Global / Key / Value / Data
    HJ HKLM SOFTWARE\Microsoft\Windows\... EnableLUA 0
    HJ HMENU HKCU SOFTWARE\Microsoft\Windows\... Start_Sho... 0
    HJ Desk HKLM SOFTWARE\Microsoft\Windows\... {59031a4... 1
    HJ Desk HKLM SOFTWARE\Microsoft\Windows\... {20D04FE... 1
    Just curious...

    By the way... In my RK Quarantine report, they are listed as:
    Name / Type / Size
    debug / text document / 413 KB
    Eula / text document / 4 KB
    PhysicalDrive0_User / DAT File / 1KB
    QuarantineReport / text document / 1 KB

    Should I delete these? I'm "assuming" these are the same as what's listed just above...
    Thanks again....
     
  13. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Hi,

    Yes you can delete those entries. If your laptop isn't experiencing any other problems, then we are done :)
     
  14. ArizEagle

    ArizEagle Regular Member

    Reputation:
    0
    Joined:
    Dec 26, 2012
    Messages:
    55
    Likes Received:
    0
    Hi Fiery... Happy New Year to you & your family.
    My only concern is the last 2 items on RogueKill.
    They are identical to 2 items on RogueKill that when I hit delete on my Desktop that we've been working on, in the green status box, (after I hit Delete) it showed "Replace," instead of "Deleted."
    Should I uncheck these 2 before hitting "Delete?"?
    HJ Desk HKLM SOFTWARE\Microsoft\Windows\... {59031a4... 1
    HJ Desk HKLM SOFTWARE\Microsoft\Windows\... {20D04FE... 1

    Thanks...
     
  15. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Those 2 entries should be fine. It is most likely a false positive.

    Happy new year!
     
  16. ArizEagle

    ArizEagle Regular Member

    Reputation:
    0
    Joined:
    Dec 26, 2012
    Messages:
    55
    Likes Received:
    0
    Hi Fiery.
    I ran Eset on my laptop... All's well.
    Thanks so much!!
     
  17. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    your welcome! :)

    Double click on OTL to run it
    • Click on the Cleanup button at the top.
    • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
    • This will remove itself and other tools we may have used.

    Do that for both your laptop and Desktop to remove the tools and quarantined files.
     
  18. ArizEagle

    ArizEagle Regular Member

    Reputation:
    0
    Joined:
    Dec 26, 2012
    Messages:
    55
    Likes Received:
    0
    Guess what?
    My laptop, when going to Internet Explorer, now is very slow ("spinnng wheel") - 30 - 45 seconds before my home page (Yahoo) comes up. Once it does, and I try to change web sites (click on amy favorite, it takes 30 seconds to a minute. It's only in IE as Firefox works 'normal' and fast...
    Sigh... :huh:
     
  19. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Download CCleaner from here

    Install it and open the program. On the main interface, under Internet Explorer make sure everything is checked except for saved passwords.

    Then click Run cleaner. See if IE runs faster now. If not, download OTL again with the same instructions as in the other thread (you don't have to post the Extras.txt)
     
  20. ArizEagle

    ArizEagle Regular Member

    Reputation:
    0
    Joined:
    Dec 26, 2012
    Messages:
    55
    Likes Received:
    0
    CCleaner didn't do the trick. Here's the latest from OTL:
    OTL logfile created on: 1/7/2013 10:45:42 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.90 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 59.67% Memory free
    6.85 Gb Paging File | 5.59 Gb Available in Paging File | 81.61% Paging File free
    Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.70 Gb Total Space | 85.03 Gb Free Space | 61.30% Space Free | Partition Type: NTFS
    Drive D: | 10.34 Gb Total Space | 1.78 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
    Drive E: | 119.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\owner\Desktop\OTL(2).exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
    PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
    PRC - C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
    PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\SMINST\BLService.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
    MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll ()
    MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll ()
    MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
    MOD - C:\Program Files\OpenOffice.org 3\program\libxslt.dll ()


    ========== Services (SafeList) ==========

    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
    SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
    SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
    DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
    DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    IE - HKLM\..\SearchScopes,DefaultScope = {7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}
    IE - HKLM\..\SearchScopes\{7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{1B51FEB4-E04C-4DD1-AFC1-4F0ABD02ED51}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={1DD32051-58E8-4EEB-A7B5-F47D5D4FE0DA}&mid=ce0793b5593c47d6a4e6d156509fa4c0-ff9a8face4ef37f8745aabf7f6f2f7468451d1c4&lang=en&ds=AVG&pr=fr&d=2012-10-18 14:33:56&v=13.2.0.1&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
    FF - prefs.js..extensions.enabledAddons: avg%40toolbar:13.2.0.5
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid={1DD32051-58E8-4EEB-A7B5-F47D5D4FE0DA}&mid=ce0793b5593c47d6a4e6d156509fa4c0-ff9a8face4ef37f8745aabf7f6f2f7468451d1c4&lang=en&ds=AVG&pr=fr&d=2012-10-18 14:33:56&v=13.2.0.1&sap=ku&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/10 01:58:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/30 22:10:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012/02/29 20:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
    [2012/11/19 12:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\ivp0wbj8.default\extensions
    [2012/12/30 22:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/12/30 22:10:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/11/10 01:58:10 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.5
    [2012/12/30 22:10:14 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/11/10 01:57:56 | 000,003,571 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/23 08:35:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/12/29 00:02:53 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/12/29 12:19:04 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
    O3 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O7 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-4156696597-1341229448-2497781583-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2AFB4E5-A1E8-415B-A7B3-A433B3227715}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2003/06/02 14:43:20 | 000,172,032 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2004/09/14 10:52:43 | 000,000,054 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{7b4928c9-3fff-11de-8e52-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b4928c9-3fff-11de-8e52-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2003/06/02 14:43:20 | 000,172,032 | R--- | M] ()
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/07 10:43:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL(2).exe
    [2013/01/07 10:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2013/01/01 20:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/12/30 22:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/12/27 23:44:20 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\CrashDumps
    [2012/12/25 14:19:46 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2012/12/25 14:19:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2012/12/11 14:43:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/12/11 14:43:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/12/11 14:43:25 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2012/12/11 14:43:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/12/11 14:43:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/12/11 14:43:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/12/11 14:43:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/12/11 14:43:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/12/11 14:41:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
    [2012/12/11 14:41:17 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
    [2012/12/11 14:41:17 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
    [2012/12/11 14:41:17 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
    [2012/12/11 14:41:15 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
    [2012/12/11 14:41:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
    [2012/12/11 14:37:10 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/12/11 14:37:09 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
    [2012/12/11 14:37:09 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
    [2012/12/11 14:36:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2012/12/10 11:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

    ========== Files - Modified Within 30 Days ==========

    [2013/01/07 10:46:23 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/07 10:43:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL(2).exe
    [2013/01/07 10:36:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/07 10:23:25 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/01/07 09:56:04 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/01/07 09:56:03 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/01/07 09:50:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/07 09:50:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/07 09:50:47 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/07 09:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/07 09:50:25 | 3117,666,304 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/02 10:36:47 | 000,351,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/12/29 12:26:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/29 12:19:04 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2012/12/27 23:49:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job
    [2012/12/26 14:30:43 | 000,034,043 | ---- | M] () -- C:\Users\owner\Documents\Homes - Carmichael - 2012.ods
    [2012/12/26 12:19:30 | 000,306,332 | ---- | M] () -- C:\Users\owner\Documents\Medjugorie Message.odt
    [2012/12/26 00:01:01 | 000,128,416 | ---- | M] () -- C:\Users\owner\Documents\Deck of Cards.odt
    [2012/12/25 08:37:22 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/12/25 08:37:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/12/16 05:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2012/12/16 02:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/12/10 11:59:54 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

    ========== Files Created - No Company Name ==========

    [2013/01/07 10:23:25 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/12/29 11:04:41 | 3117,666,304 | -HS- | C] () -- C:\hiberfil.sys
    [2012/12/11 14:41:29 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/12/11 14:41:29 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/07/15 21:41:17 | 000,001,072 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
    [2012/06/21 00:18:33 | 000,033,758 | ---- | C] () -- C:\Users\owner\AppData\Local\dt.dat
    [2011/07/01 05:48:46 | 000,060,304 | ---- | C] () -- C:\Users\owner\g2mdlhlpx.exe
    [2011/05/13 07:52:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/05/13 07:52:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/04/16 15:51:27 | 000,139,791 | ---- | C] () -- C:\Windows\hpoins15.dat
    [2010/05/15 09:30:04 | 000,004,608 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/04/23 01:01:27 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 04:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >
    Thanks... Again...
     

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Loading...
MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.