Argh! Adware Generic5.RVQ virus infection

Solved
By snowscreen
Jan 13, 2013
Topic Status:
Not open for further replies.
  1. Hi guys

    Dell Inspiron laptop, think I've actually managed to get this from my Gopro camera memory card
    :-(
    AVG popped up with the warning earlier but can't remove it.
    c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
    Adware Generic5.RQV

    Please find the required logs below

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.01.13.06
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Dave And Nikki :: DAVEANDNIKKI-PC [administrator]
    13/01/2013 17:13:49
    mbam-log-2013-01-13 (17-13-49).txt
    Scan type: Full scan (C:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 415614
    Time elapsed: 1 hour(s), 42 minute(s), 51 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  2. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
    Run by Dave And Nikki at 17:16:59 on 2013-01-13
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2008.832 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\ProgramData\MobileBrServ\mbbservice.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uWindow Title = Internet Explorer provided by Dell
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [DriverFinder] c:\program files\driverfinder\DriverFinder.exe
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{0EA37DDA-3BC2-4820-948A-891859D97D8E} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{403361AB-F474-4712-8614-8B7CF920E81F} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C5077265-DA75-4B60-A90D-5592DAE97239} : DHCPNameServer = 192.168.1.1 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\dave and nikki\appdata\roaming\mozilla\firefox\profiles\czbvvy18.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\dave and nikki\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-12 255968]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-5-5 81920]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\mobilebrserv\mbbService.exe [2012-12-27 232288]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
    R3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-21 54632]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-13 40776]
    S2 Browser Manager;Browser Manager;c:\programdata\browser manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-11-10 2312216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-01-13 17:04:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-12-27 13:16:45 -------- d-----w- c:\programdata\MobileBrServ
    2012-12-22 08:58:17 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-22 08:58:17 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-18 20:07:11 106240 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2012-12-16 20:55:36 -------- d-----w- c:\users\dave and nikki\appdata\roaming\redsn0w
    .
    ==================== Find3M ====================
    .
    2012-12-21 16:49:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-21 16:49:25 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-13 01:36:35 2048000 ----a-w- c:\windows\system32\win32k.sys
    2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-12 04:47:48 255968 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-11-11 10:16:54 40437664 ----a-w- c:\users\dave and nikki\QuickTimeInstaller.exe
    2012-11-11 10:08:32 10016339 ----a-w- c:\users\dave and nikki\K-Lite_Codec_Pack_940_Basic.exe
    2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
    2012-10-25 03:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 03:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    ============= FINISH: 17:23:41.12 ===============
  3. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 05/05/2009 05:35:46
    System Uptime: 13/01/2013 16:58:07 (1 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 124.117 GiB free.
    E: is FIXED (NTFS) - 15 GiB total, 8.302 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    µTorrent
    AVG 2011
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    Bonjour
    Browser Manager
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Dell-eBay
    Dell DataSafe Online
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Wireless WLAN Card Utility
    Download Manager and Options
    DriverFinder
    EasiestSoft Video Converter 1.0.2
    Facebook Plug-In
    FrostWire 5.3.2
    FTDI USB Serial Converter Drivers
    GoToAssist 8.0.0.514
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iCloud
    ImTOO DVD Ripper Platinum 5
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 37
    Junk Mail filter update
    K-Lite Codec Pack 9.4.0 (Basic)
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Live Add-in 1.5
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Office Suite Activation Assistant
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mobile Broadband HL Service
    MobileMe Control Panel
    Mozilla Firefox 5.0.1 (x86 en-GB)
    MSVCRT
    OGA Notifier 2.0.0048.0
    Paint.NET v3.5.10
    PowerDVD
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    SolveigMM Video Splitter
    TomTom HOME Visual Studio Merge Modules
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VideoPad Video Editor
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver
    .
    ==== End Of File ===========================
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome back to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.
  5. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    Thanks Jay, as requested -

    # AdwCleaner v2.105 - Logfile created 01/13/2013 at 19:26:57
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Dave And Nikki - DAVEANDNIKKI-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Dave And Nikki\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****
    Stopped & Deleted : Browser Manager
    ***** [Files / Folders] *****
    File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
    File Deleted : C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\bprotector_extensions.sqlite
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Browser Manager
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\Users\Dave And Nikki\AppData\LocalLow\TheBflix
    Folder Deleted : C:\Users\Dave And Nikki\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    Folder Deleted : C:\Users\DAVEAN~1\AppData\Local\Temp\AskSearch
    ***** [Registry] *****
    Key Deleted : HKCU\Software\5e2dadee03dbe17
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKLM\SOFTWARE\5e2dadee03dbe17
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    -\\ Mozilla Firefox v5.0.1 (en-GB)
    File : C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\prefs.js
    Deleted : user_pref("extensions.4fa25eca5a032.scode", "\n(function(){var bdomains={\"search.babylon.com\":1,\"[...]
    *************************
    AdwCleaner[S1].txt - [2574 octets] - [13/01/2013 19:26:57]
    ########## EOF - C:\AdwCleaner[S1].txt - [2634 octets] ##########
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good!


    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  7. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.2 (01.08.2013:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Dave And Nikki on 13/01/2013 at 19:31:57.87
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

    ~~~ Registry Keys

    ~~~ Files

    ~~~ Folders

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 13/01/2013 at 19:36:58.56
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    See post 6 for next scan...
  9. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    OTL logfile created on: 13/01/2013 19:42:43 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave And Nikki\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.96 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.99% Memory free
    4.16 Gb Paging File | 2.97 Gb Available in Paging File | 71.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 218.20 Gb Total Space | 123.79 Gb Free Space | 56.73% Space Free | Partition Type: NTFS
    Drive E: | 14.65 Gb Total Space | 8.30 Gb Free Space | 56.67% Space Free | Partition Type: NTFS

    Computer Name: DAVEANDNIKKI-PC | User Name: Dave And Nikki | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/13 19:42:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave And Nikki\Desktop\OTL.exe
    PRC - [2012/08/01 03:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2012/03/12 09:05:33 | 000,232,288 | ---- | M] () -- C:\ProgramData\MobileBrServ\mbbService.exe
    PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/30 05:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/01/30 05:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/01/09 17:06:32 | 001,735,760 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2008/12/18 18:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/12/15 04:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2008/12/15 04:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
    PRC - [2008/12/15 04:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
    PRC - [2008/09/04 05:29:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2008/09/04 05:29:10 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2008/09/04 05:29:10 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2008/09/04 05:29:10 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2008/05/07 22:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/05/07 22:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/20 19:29:28 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
    MOD - [2012/11/20 19:29:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll
    MOD - [2012/11/20 19:29:15 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll
    MOD - [2012/11/20 19:29:05 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7844c1ae91c8f584025756ad72e65176\System.Web.Services.ni.dll
    MOD - [2012/11/20 19:28:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
    MOD - [2012/11/20 18:14:30 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
    MOD - [2012/11/20 18:14:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
    MOD - [2012/11/20 18:13:47 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
    MOD - [2012/11/20 18:10:39 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
    MOD - [2012/11/20 18:09:44 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    MOD - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    MOD - [2010/02/09 12:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
    MOD - [2010/02/09 12:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
    MOD - [2010/02/09 12:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
    MOD - [2010/02/09 12:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
    MOD - [2008/12/22 10:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
    MOD - [2008/11/03 14:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll


    ========== Services (SafeList) ==========

    SRV - [2012/03/12 09:05:33 | 000,232,288 | ---- | M] () [Auto | Running] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service)
    SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2009/05/05 10:01:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2009/01/30 05:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
    SRV - [2008/12/18 18:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/12/15 04:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
    SRV - [2008/12/15 04:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
    SRV - [2008/05/07 22:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2012/11/12 04:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/05/27 18:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 07:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV - [2011/02/10 06:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 06:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2009/04/30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
    DRV - [2008/12/22 10:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2008/12/15 04:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2008/11/04 23:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
    DRV - [2008/09/04 05:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2004/02/04 13:19:32 | 000,024,177 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2004/02/04 13:19:16 | 000,057,372 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{1FB2961F-6B70-4D6E-A3FD-7EFE3D225950}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {DFD439A9-3067-49C5-89F2-276A92BF2342}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{5B982E6D-9F9E-4D89-A8A1-A50ABB0CBC17}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKCU\..\SearchScopes\{DFD439A9-3067-49C5-89F2-276A92BF2342}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledAddons: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.11.0
    FF - prefs.js..extensions.enabledAddons: 4fa25eca5a02b@4fa25eca5a02d.info:5.1
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
    FF - prefs.js..extensions.enabledAddons: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1423
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\Facebook.com/FBPlugin,version=1.0.1: C:\Users\Dave And Nikki\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/12/11 18:22:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/13 19:27:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/12/16 22:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Extensions
    [2011/12/16 22:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2012/06/12 20:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\extensions
    [2012/06/12 20:51:38 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\extensions\4fa25eca5a02b@4fa25eca5a02d.info
    [2011/08/14 17:32:47 | 000,195,100 | ---- | M] () (No name found) -- C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
    [2012/11/08 07:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/16 19:30:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/11/08 07:40:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/12/11 18:22:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2009/07/06 16:08:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/07/08 07:31:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/01/01 08:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2010/01/01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 08:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2010/01/01 08:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2010/01/01 08:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe ()
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: warez-bb.org ([www] https in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab (Bonusprint Image Uploader Version 6.x Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EA37DDA-3BC2-4820-948A-891859D97D8E}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{403361AB-F474-4712-8614-8B7CF920E81F}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5077265-DA75-4B60-A90D-5592DAE97239}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{3dbdfd5f-5027-11e2-b5a7-002564405641}\Shell - "" = AutoRun
    O33 - MountPoints2\{3dbdfd5f-5027-11e2-b5a7-002564405641}\Shell\AutoRun\command - "" = D:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/13 19:42:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dave And Nikki\Desktop\OTL.exe
    [2013/01/13 19:31:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/13 19:21:41 | 000,499,023 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Dave And Nikki\Desktop\JRT.exe
    [2013/01/13 19:20:12 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/13 17:07:16 | 000,000,000 | ---D | C] -- C:\Users\Dave And Nikki\Desktop\DPS
    [2013/01/13 17:02:25 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dave And Nikki\Desktop\dds.com
    [2012/12/27 13:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MobileBrServ
    [2012/12/26 06:43:59 | 000,000,000 | ---D | C] -- C:\Users\Dave And Nikki\Desktop\Best
    [2012/12/23 16:31:13 | 000,000,000 | ---D | C] -- C:\Users\Dave And Nikki\Desktop\GB XMAS
    [2012/12/16 20:55:36 | 000,000,000 | ---D | C] -- C:\Users\Dave And Nikki\AppData\Roaming\redsn0w
    [2012/11/11 10:13:26 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Users\Dave And Nikki\QuickTimeInstaller.exe
    [2009/07/21 20:05:45 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Dave And Nikki\AppData\Roaming\DataSafeDotNet.exe

    ========== Files - Modified Within 30 Days ==========

    [2013/01/13 19:42:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave And Nikki\Desktop\OTL.exe
    [2013/01/13 19:29:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/13 19:29:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/13 19:29:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/13 19:28:54 | 2105,921,536 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/13 19:28:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2013/01/13 19:21:44 | 000,499,023 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Dave And Nikki\Desktop\JRT.exe
    [2013/01/13 19:19:05 | 000,554,087 | ---- | M] () -- C:\Users\Dave And Nikki\Desktop\adwcleaner.exe
    [2013/01/13 17:10:11 | 000,614,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/01/13 17:10:11 | 000,111,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/01/13 17:04:26 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/13 17:02:25 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dave And Nikki\Desktop\dds.com
    [2013/01/13 15:36:08 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2013/01/13 15:34:38 | 105,858,234 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2013/01/08 20:06:58 | 105,490,279 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
    [2013/01/07 22:19:10 | 000,050,358 | ---- | M] () -- C:\Users\Dave And Nikki\Desktop\ZonePlusZ322.PDF
    [2013/01/07 18:02:39 | 001,484,223 | ---- | M] () -- C:\Users\Dave And Nikki\Desktop\ultimate50ff.pdf
    [2012/12/31 19:34:06 | 129,836,444 | ---- | M] () -- C:\Users\Dave And Nikki\Desktop\MumfordBabelDelIT.zip
    [2012/12/27 22:33:21 | 000,029,679 | ---- | M] () -- C:\Users\Dave And Nikki\Desktop\gopro-hero-hd-2-3d-flymount-adaptor3.jpg
    [2012/12/27 22:11:46 | 000,060,302 | ---- | M] () -- C:\Users\Dave And Nikki\Desktop\quality1.jpg
    [2012/12/23 16:27:10 | 000,297,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/12/20 18:06:40 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Dave And Nikki\Desktop\uTorrent.exe

    ========== Files Created - No Company Name ==========

    [2013/01/13 19:19:05 | 000,554,087 | ---- | C] () -- C:\Users\Dave And Nikki\Desktop\adwcleaner.exe
    [2013/01/13 16:00:11 | 2105,921,536 | -HS- | C] () -- C:\hiberfil.sys
    [2013/01/07 22:19:09 | 000,050,358 | ---- | C] () -- C:\Users\Dave And Nikki\Desktop\ZonePlusZ322.PDF
    [2013/01/07 18:02:39 | 001,484,223 | ---- | C] () -- C:\Users\Dave And Nikki\Desktop\ultimate50ff.pdf
    [2012/12/31 19:10:53 | 129,836,444 | ---- | C] () -- C:\Users\Dave And Nikki\Desktop\MumfordBabelDelIT.zip
    [2012/12/27 22:11:46 | 000,060,302 | ---- | C] () -- C:\Users\Dave And Nikki\Desktop\quality1.jpg
    [2012/12/27 17:59:54 | 000,029,679 | ---- | C] () -- C:\Users\Dave And Nikki\Desktop\gopro-hero-hd-2-3d-flymount-adaptor3.jpg
    [2012/11/11 10:07:38 | 010,016,339 | ---- | C] ( ) -- C:\Users\Dave And Nikki\K-Lite_Codec_Pack_940_Basic.exe
    [2012/08/05 18:38:59 | 000,004,096 | -H-- | C] () -- C:\Users\Dave And Nikki\AppData\Local\keyfile3.drm
    [2011/01/22 14:51:55 | 000,000,000 | ---- | C] () -- C:\Users\Dave And Nikki\avg_pct_stf_all_2011_24_c5.exe
    [2010/02/05 18:46:14 | 000,061,224 | ---- | C] () -- C:\Users\Dave And Nikki\GoToAssistDownloadHelper.exe
    [2009/07/05 14:57:21 | 000,002,128 | ---- | C] () -- C:\Users\Dave And Nikki\AppData\Roaming\wklnhst.dat
    [2009/05/25 08:49:05 | 000,006,080 | ---- | C] () -- C:\Users\Dave And Nikki\AppData\Local\d3d9caps.dat
    [2009/05/24 13:13:15 | 000,162,304 | ---- | C] () -- C:\Users\Dave And Nikki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/01/14 07:09:45 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\AVG10
    [2011/12/24 16:21:11 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Azureus
    [2010/03/07 14:31:13 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\DriverFinder
    [2009/10/08 18:08:24 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\EA
    [2012/01/16 20:41:55 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\EasiestSoft
    [2010/02/07 18:20:41 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Facebook
    [2011/09/17 17:55:27 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\FrostWire
    [2012/08/18 14:15:06 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Mufyub
    [2011/07/24 12:07:47 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\PCDr
    [2012/01/06 20:48:47 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Publish Providers
    [2012/12/16 21:41:00 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\redsn0w
    [2010/01/06 19:45:50 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\reflectionweb
    [2012/01/06 20:48:38 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Sony
    [2010/04/22 21:58:16 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Template
    [2011/12/16 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\TomTom
    [2012/08/18 14:15:51 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Upfi
    [2012/12/20 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\uTorrent
    [2012/08/18 14:18:47 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Xetydu

    ========== Purity Check ==========


    < End of report >


    AVG has ran a scheduled scan while I'd left the laptop on, didn't find any problems.
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  11. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    Ouch
    It found 11, see below.
    Laptop froze while trying to start up before doing the ESET test tonight but on 2nd try it worked fine.
    It was trying to do about 10 windows updates so maybe that didn't help.
    I've also started to get this message over the last 2 days -
    Windows has blocked some startup programs.
    Windows blocks programs that require permission to run
    when Windows starts. Click to view blocked programs.

    ESET -

    C:\Users\Dave And Nikki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MZY4NUM\optimizerpro11[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application cleaned by deleting - quarantined
    C:\Users\Dave And Nikki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H580RSLM\babylon_nodns[1].exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Users\Dave And Nikki\AppData\Local\Temp\ICReinstall\cnet2_SolveigMM_Video_Splitter_2_5_1109_29_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    C:\Users\Dave And Nikki\AppData\Local\Temp\air8D2E.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Users\Dave And Nikki\AppData\Local\Temp\jar_cache1294153318854106948.tmp multiple threats deleted - quarantined
    C:\Users\Dave And Nikki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\22ade100-19f20392 Java/Exploit.CVE-2012-0507.BR trojan cleaned by deleting - quarantined
    C:\Users\Dave And Nikki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-229815a5 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
    C:\Users\Dave And Nikki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\69f477ec-74eba587 multiple threats deleted - quarantined
    C:\Users\Dave And Nikki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\2576f1fc-62d366f2 Java/TrojanDownloader.OpenStream.NCO trojan deleted - quarantined
    C:\Users\Dave And Nikki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\1f00abff-60880481 a variant of Java/Agent.DM trojan deleted - quarantined
    C:\Users\Dave And Nikki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7aac5307-7589e118 a variant of Java/Exploit.Agent.NEO trojan deleted - quarantined
     
  12. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    AVG is still finding attacks when browsing webpages
    Today was Exploit Rogue Scanner (type 1929)
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  14. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    # AdwCleaner v2.105 - Logfile created 01/15/2013 at 18:30:55
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Dave And Nikki - DAVEANDNIKKI-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Dave And Nikki\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [OK] Registry is clean.
    -\\ Mozilla Firefox v5.0.1 (en-GB)
    File : C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\prefs.js
    [OK] File is clean.
    *************************
    AdwCleaner[S1].txt - [2703 octets] - [13/01/2013 19:26:57]
    AdwCleaner[S2].txt - [771 octets] - [15/01/2013 18:30:55]
    ########## EOF - C:\AdwCleaner[S2].txt - [830 octets] ##########
  15. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    Cheers Jay

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.2 (01.08.2013:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Dave And Nikki on 15/01/2013 at 18:37:31.94
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys

    ~~~ Files

    ~~~ Folders

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 15/01/2013 at 18:40:10.29
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hitman Pro

    Please download Hitman Pro

    • After the download completes please double click the program to run it.
    • Accept the terms of the license agreement and click Next
    • Let the scan run. It will not take long
    • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
    • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
    • Upload log.xml here for review please


    Farbar Service Scanner

    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  17. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    Ok done -

    Code:
    HitmanPro 3.7.0.185
    [URL='http://www.hitmanpro.com']www.hitmanpro.com[/URL]
       Computer name . . . . : DAVEANDNIKKI-PC
       Windows . . . . . . . : 6.0.2.6002.X86/2
       User name . . . . . . : DaveAndNikki-PC\Dave And Nikki
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Trial (30 days left)
       Scan date . . . . . . : 2013-01-16 14:52:28
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 14m 3s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
       Threats . . . . . . . : 1
       Traces  . . . . . . . : 59
       Objects scanned . . . : 1,934,683
       Files scanned . . . . : 98,563
       Remnants scanned  . . : 443,935 files / 1,392,185 keys
    Malware _____________________________________________________________________
       C:\Users\Dave And Nikki\VIDEOPAD___NCH.VideoPad.v2.41.Incl.Keymaker-DJiNN\Keygen.exe -> Deleted
          Size . . . . . . . : 94,720 bytes
          Age  . . . . . . . : 66.2 days (2012-11-11 11:01:41)
          Entropy  . . . . . : 7.8
          SHA-256  . . . . . : BAAC5FD9848723F61112BF4BB5F7D38F1E4B2BC068A954B352C8018B39ACC11E
        > G Data . . . . . . : Trojan.Fakealert.29014 (Engine-A)
        > Ikarus . . . . . . : Win32.SuspectCrc!IK
          Fuzzy  . . . . . . : 118.0
          References
             HKU\S-1-5-21-2376080593-3171216475-503929467-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Dave And Nikki\VIDEOPAD___NCH.VideoPad.v2.41.Incl.Keymaker-DJiNN\Keygen.exe
    
    Potential Unwanted Programs _________________________________________________
       HKU\S-1-5-21-2376080593-3171216475-503929467-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro)
       HKU\S-1-5-21-2376080593-3171216475-503929467-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
       HKU\S-1-5-21-2376080593-3171216475-503929467-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
    Cookies _____________________________________________________________________
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\10JMMYMX.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\1BFN1VG0.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\1Z23BRO1.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\2C5BMNFP.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\4OIAM677.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\6EU3YLU7.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\6UPT660M.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\6ZCJ0YBQ.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\85EQQFV2.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\8BOSJQQM.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\A65O2J1Z.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\AM6FUIW4.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\ATQGOW18.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\AYEDEYC5.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\CGKCXGHC.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\dave_and_nikki@atdmt[1].txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\dave_and_nikki@atdmt[2].txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\dave_and_nikki@bs.serving-sys[2].txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\dave_and_nikki@microsoftwllivemkt.112.2o7[1].txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\DXVD7Z1W.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\F49HNQU2.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\FJ33AHQG.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\FSFY3NAC.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\FYF4VB2Z.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\GSKMV7LD.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\GTA5ET4B.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\H0QXPC98.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\IB79Y0Q2.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\IT2YML1J.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\IWASTZAR.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\J9Q23DJX.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\JBLM3116.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\JZMD5URE.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\M66N0551.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\OGR9O467.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\S1KIJQXL.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\TF8Z3IWH.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\UGLOJM51.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\VFEV88N2.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\VPY35L4O.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\WSLM2HWI.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\YZBXPEUR.txt
       C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:ad.yieldmanager.com
       C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:adtech.de
       C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:advertising.com
       C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:apmebf.com
       C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:atdmt.com
       C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:debenhams.122.2o7.net
       C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:doubleclick.net
       C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:fastclick.net
       C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:mediaplex.com
       C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:uk.at.atwola.com
       C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:www.burstnet.com
       C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:www4.smartadserver.com
    
    
  18. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    Farbar Service Scanner Version: 16-01-2013
    Ran by Dave And Nikki (administrator) on 16-01-2013 at 15:09:12
    Running from "C:\Users\Dave And Nikki\Desktop"
    Windows Vista (TM) Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  20. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    ESET was all clear, took 1.5 hours instead of 2 this time.
    Not seen any virus warnings today,
    only the same message of - Windows has blocked some startup programs.
    Windows blocks programs that require permission to run
    when Windows starts. Click to view blocked programs
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    What programs list?
  22. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    Nothing out of the ordinary, I just never used to have that message pop up in the bottom right corner before.
    The programs that are blocked from start up have been that way for a year.
    MobileMe
    Apple Push
    iTunes
    Quicktime
    Those are all from apple.
    Also
    Windows Live Messenger
    Ahead Software gmbh nerocheck
    Cyberlink Powerdvd
    Tomtomhome.eve


    Does it look like my system might now be clean following the clear ESET test?
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  24. snowscreen

    snowscreen Newcomer, in training Topic Starter Posts: 19

    Thanks for all your time and help on this,

    Here's the security check -
    Results of screen317's Security Check version 0.99.57
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2011
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java(TM) 6 Update 37
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 10.3.183.5 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (5.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1 %
    ````````````````````End of Log``````````````````````
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Adobe Flash Player Update!

    Please download the newest version of Adobe Flash Player from Adobe.com

    Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.