Optional removals
Ask Toolbar
I recommend the removal of Ask Toolbar. If you choose to do so, please follow the instructions below:
Anti-Spyware Programs
I have noticed that you have at least 2 antispyware programs installed on your computer.
These are:
Running more than one resident protection program of the same type (antivirus, firewall or antispyware program) at the same time can result in unwanted conflict.
This can reduce the effectiveness of all your antispyware programs individually.
If you want to keep all your antispyware programs then please make sure they are not in resident mode at the same time.
uTorrent
I see you are running uTorrent, a P2P application. I suggest to read the following, and then decide whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm
Malware Removal
OTS
Start OTS. Copy/Paste the information in the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
Ask Toolbar
I recommend the removal of Ask Toolbar. If you choose to do so, please follow the instructions below:
- 1. Close all open Web browsers
2. From the "Start" menu in Windows, select "Control Panel"
3. Select "Add or Remove Programs"
4. Select "Ask toolbar"
5. Click "Change/Remove"
Anti-Spyware Programs
I have noticed that you have at least 2 antispyware programs installed on your computer.
These are:
- Spyware Terminator
- STOPzilla
Running more than one resident protection program of the same type (antivirus, firewall or antispyware program) at the same time can result in unwanted conflict.
This can reduce the effectiveness of all your antispyware programs individually.
If you want to keep all your antispyware programs then please make sure they are not in resident mode at the same time.
uTorrent
I see you are running uTorrent, a P2P application. I suggest to read the following, and then decide whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm
Malware Removal
OTS
Start OTS. Copy/Paste the information in the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
Code:
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Users\Parent\AppData\Roaming\Mozilla\FireFox\Profiles\pkaa45zg.default\prefs.js
YN -> extensions.enabledItems -> {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} -> C:\PROGRAM FILES\CRAWLER\TOOLBAR\FIREFOX\ [C:\PROGRAM FILES\CRAWLER\TOOLBAR\FIREFOX\]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKLM] -> C:\Program Files\Crawler\Toolbar\ctbr.dll []
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> C:\Program Files\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YY -> WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> C:\Program Files\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar]
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found.
YN -> GD [:Range = 127.0.0.1] -> http = Local intranet |
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {149E45D8-163E-4189-86FC-45022AB2B6C9} [HKLM] -> file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx [SpinTop DRM Control]
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18]
[Registry - Additional Scans - Safe List]
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\
YY -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKLM] -> C:\Program Files\Crawler\Toolbar\ctbr.dll []
YY -> {4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKLM] -> C:\Program Files\Crawler\Toolbar\ctbr.dll [&Crawler Toolbar]
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\
YY -> {8736C681-37A0-40C6-A0F0-4C083409151C} [HKLM] -> C:\Program Files\Crawler\Toolbar\CToolbar.exe []
[Files/Folders - Created Within 30 Days]
NY -> Crawler -> C:\Program Files\Crawler
[Alternate Data Streams]
NY -> @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4D71580D
NY -> @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
NY -> @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
NY -> @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49
NY -> @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0EB34B30
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Reboot]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.