Redirect/'not responding' problem with search engines, address bar in F.fox/IE

By NuclearSausage
Nov 23, 2011
Topic Status:
Not open for further replies.
  1. Hey there folks,
    I am running AVG antivirus, and the problem started with me being redirected to sites from google searches. After getting a few removals from AVG scans, I started getting loads of 'blocked malicious threats' type of messages. I've gone through the 5 steps ( http://www.techspot.com/vb/topic58138.html ), and I'm posting the logs below.
    I've noticed Malwarebytes software is preventing a few threats that appear to be related to Firefox, but Internet Explorer doesn't work any better (I'll admit it's an older version, but it just makes me think that the root of the problem isn't just in the firefox.exe).
    All the steps have removed potential threats, but the functionality of the browsers has been greatly reduced. I get even less access to major websites I had access to before (i.e. I can't even get onto the Google homepage now!). As I said in the title, typing the address into the address bar does not work either, so I'm a bit stuck!
    I also used Trend Micro's Housecall, which removed threats, but I'm pretty much running out of ideas of what I can do myself.
    Any help would be greatly appreciated.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8223

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    23/11/2011 13:31:49
    mbam-log-2011-11-23 (13-31-49).txt

    Scan type: Quick scan
    Objects scanned: 156750
    Time elapsed: 4 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\program files\mozilla firefox\0.3342631476451985.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\0.3789369445035129.exe (Trojan.Agent) -> Quarantined and deleted successfully.


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-23 13:50:57
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-75A23T0 rev.01.01A01
    Running: x1wv72st.exe; Driver: C:\Users\DELLUS~1\AppData\Local\Temp\pxrdqkod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514
    Run by Dell User at 13:55:22 on 2011-11-23
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3546.2574 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Java\jre7\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
    mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0C2320BF-8E49-4369-9899-CF7AEEF0C910} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0C2320BF-8E49-4369-9899-CF7AEEF0C910}\16E64786F6E697 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{CEE17159-6734-47DE-A779-5DD405222FAF} : DhcpNameServer = 192.168.11.1
    TCP: Interfaces\{F4A33B5F-B633-4B6E-BDA5-C9C2B6AB00E9} : DhcpNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxdev.dll
    Hosts: 94.63.240.149 www.google.com
    Hosts: 94.63.240.150 www.bing.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\dell user\appdata\roaming\mozilla\firefox\profiles\9xxn41mx.default\
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeploytk.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nprpjplug.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_32301.sys [2011-11-7 227312]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-23 366152]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-2-17 68208]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-23 22216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2011-11-7 21520]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-7 15872]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-10-6 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-10-6 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-10-6 136808]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-24 1343400]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
    .
    =============== Created Last 30 ================
    .
    2011-11-23 12:48:45 -------- d-----w- c:\users\dell user\appdata\roaming\Malwarebytes
    2011-11-23 12:48:38 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-23 12:48:35 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-23 12:48:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-23 12:44:57 388096 ----a-r- c:\users\dell user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-23 12:44:57 -------- d-----w- c:\program files\Trend Micro
    2011-11-23 01:51:00 22032 ----a-w- c:\windows\DCEBoot.exe
    2011-11-22 21:11:27 -------- d-----w- c:\users\dell user\appdata\local\ivaojcvg
    2011-11-16 19:45:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-11-16 19:45:33 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-11-16 19:45:33 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-11-16 19:45:33 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-11-16 19:45:33 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-11-16 19:45:33 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-11-16 19:45:33 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-11-16 19:45:33 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-11-09 21:36:53 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 21:36:51 708608 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-09 21:36:49 2341888 ----a-w- c:\windows\system32\win32k.sys
    2011-11-07 21:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-10-25 19:15:24 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
    .
    ==================== Find3M ====================
    .
    2011-11-19 23:13:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-07 06:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 06:21:28 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-16 10:55:10 4659712 ----a-w- c:\windows\system32\Redemption.dll
    2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
    .
    ============= FINISH: 13:55:50.53 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 02/02/2010 13:40:38
    System Uptime: 23/11/2011 13:40:53 (0 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 158.114 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP79: 23/11/2011 12:44:36 - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1)
    Amazon MP3 Downloader 1.0.9
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    AVG 2012
    BioShock
    Call of Duty Modern Warfare 2
    Call of Duty(R) 4 - Modern Warfare(TM)
    Compatibility Pack for the 2007 Office system
    Dell Wireless Driver Installation
    FIFA 11
    GraphPad Prism 5 (Trial)
    Halo 2 for Windows Vista
    HiJackThis
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    ImgBurn
    Java(TM) 7
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Miro
    Mozilla Firefox 8.0 (x86 en-US)
    PowerDVD DX
    Rapport
    Realtek High Definition Audio Driver
    Rockstar Games Social Club
    Rome - Total War(TM)
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Skype Click to Call
    Skype™ 5.5
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Virtual Windows XP
    VirtualCloneDrive
    Win7codecs
    Windows 7 Manager
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    23/11/2011 13:41:07, Error: volmgr [46] - Crash dump initialization failed!
    23/11/2011 00:11:17, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-Kernel-EventTracing/Admin.
    22/11/2011 23:33:13, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
    22/11/2011 21:53:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    .
    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot. I'll be glad to help with the problems. Must tell you I got a chuckle out of your user name! A 'nuclear sausage' would certainly be food for thought! (Please don't say a word about that pun!)
    ---------------------------
    It is possible that this in Firefox> 0.3342631476451985.exe may be an indication of a ZeroAccess malware infection. We will check that out.
    ----------------------------
    The redirect is happening because your searches are being routed through Romania:
    Hosts: 94.63.240.149 www.google.com
    Hosts: 94.63.240.150 www.bing.com
    For the above: You will need to do a DNS Flush, then reset your router.

    Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

    Exit the Command prompt when finished and shut the system down.-

    • [1]. Shut down your computer, and any other computer connected to your router.
      [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
      [3]. Unplug the router. Wait sixty seconds.
      [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
      [5].With the router unplugged, start your computer. Run MBAM again.
      [6].Connect to the router again. The turn the router back on.
      [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
      [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
    =========================================
    I don't understand you reference to 'running an older version: These are fine. Microsoft is fast tracking IE- you don't have to upgrade for each one. These are all fine:
    =======================================
    It's important that you not run any cleaning or security scans while I'm helping you except for the ones I ask for. I don't want processes in the background zapped while we're working.
    =====================================
    I'd like you to run Combofix. To do that, you will need to temporarily uninstall AVG as Combofix won run with it:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =====================================
    I'll check the new Mbam log and Combofix log and we'll go from there.
    Please advice if the DNS flush and router reset stops the redirects.
    =====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  3. NuclearSausage

    NuclearSausage Newcomer, in training Topic Starter

    I'm just getting on it!

    Hey there,
    Thanks for your quick reply. Just in case it's of any use, I did do the MBAM full scan (which picked up two more infections), and so I thought I'd post that below (btw, is there any particular reason the "5-step" instructions always tend to say do the 'quick scan' option? Surely the more complete scan would be more through?).
    MBAM is catching a lot of 'outgoing threats' from the files firefox.exe and iexplorer.exe btw. I'm not sure if that's relevant!
    Also, you said I should uninstall avast. That's fine, but after this is done (hopefully soon!), should I go back to it, or is staying on Avira/(the other one) alright protection-wise? A flatmate recommend Avira to me, so I'm quite happy to go with that one if there's no obvious down-sides to it!
    I really appreciate your help. While I'm alright computer-wise, I have to admit this is all a bit over my head (I guess I've been lucky virus-wise up till now!).
    NuclearSausage (see, managed to make NO comment on the pun!)
  4. NuclearSausage

    NuclearSausage Newcomer, in training Topic Starter

    And the log that I totally did not forget to put in!
    Also, while I had updated the software up to 822*3*, I just checked, and updated to 822*4* for this scan.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8224

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    23/11/2011 17:51:16
    mbam-log-2011-11-23 (17-51-16).txt

    Scan type: Full scan (C:\|F:\|)
    Objects scanned: 259149
    Time elapsed: 58 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\dell user\AppData\Local\ivaojcvg\qcrbtcfx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\dell user\AppData\LocalLow\Sun\Java\deployment\cache\6.0\53\50752b5-680c3b0f (Trojan.Agent) -> Quarantined and deleted successfully.
  5. NuclearSausage

    NuclearSausage Newcomer, in training Topic Starter

    Right, sorry I seem to be spamming my own thread, but I've worked through the instructions you gave me, and I *think* they're working!
    I did the DNS flush and installed Avast (after deleting AVG). I then moved on to the Combofix, which at no stage mentioned the Microsoft Windows Recovery Console, but seemed to carry on anyway. I stupidly put Avast on 'turn on after restart', so it did start interfering with Combofix (I 'allowed processes as normal'), AND I had left MBAM on (but it didn't do anything).
    So I'll attach the log below, but while I haven't hit any redirects in my searches, I have hit one MBAM block in a 'potential threat' - which was flagging up Avast.sp (I'm not 100% on that ending).
    Here are the logs, and I'll see what you think. I'll hopefully be able to reformat the machine in a month or so (because really, that's probably the best thing to do anyway), but I'm not at home where I have access to the CD. I guess right now (unless you see something), I'd be best off just seeing how well this works, and if I get any more threats popping up, right?
    I would like to say thanks an absolute heap for your help. There isn't a CHANCE I would have been able to figure this out by myself!

    This is post-flush.
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8224

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    23/11/2011 20:42:20
    mbam-log-2011-11-23 (20-42-20).txt

    Scan type: Quick scan
    Objects scanned: 156295
    Time elapsed: 6 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ComboFix 11-11-23.01 - Dell User 23/11/2011 21:03:51.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3546.2407 [GMT 0:00]
    Running from: c:\users\Dell User\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Dell User\AppData\Local\evswotvk.log
    c:\users\Dell User\AppData\Local\gojtbsan.log
    c:\users\Dell User\AppData\Local\kdcjdcal.log
    c:\users\Dell User\AppData\Local\rdrsuenw.log
    c:\users\Dell User\AppData\Local\stygnbrt.log
    c:\users\Dell User\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
    c:\users\Dell User\AppData\Local\wmmqwwer.log
    c:\users\DELLUS~1\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
    c:\windows\system32\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-23 21:10 . 2011-11-23 21:13 -------- d-----w- c:\users\Dell User\AppData\Local\temp
    2011-11-23 21:10 . 2011-11-23 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-23 20:57 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-11-23 20:57 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-23 20:57 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-23 20:57 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-23 20:57 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-23 20:57 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-23 20:57 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-23 20:57 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-23 20:56 . 2011-11-23 20:56 -------- d-----w- c:\programdata\AVAST Software
    2011-11-23 20:56 . 2011-11-23 20:56 -------- d-----w- c:\program files\AVAST Software
    2011-11-23 12:48 . 2011-11-23 12:48 -------- d-----w- c:\users\Dell User\AppData\Roaming\Malwarebytes
    2011-11-23 12:48 . 2011-11-23 12:48 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-23 12:48 . 2011-11-23 12:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-23 12:48 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-23 12:44 . 2011-11-23 12:44 388096 ----a-r- c:\users\Dell User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-23 12:44 . 2011-11-23 12:44 -------- d-----w- c:\program files\Trend Micro
    2011-11-23 01:51 . 2011-11-23 01:51 22032 ----a-w- c:\windows\DCEBoot.exe
    2011-11-22 21:11 . 2011-11-23 17:51 -------- d-----w- c:\users\Dell User\AppData\Local\ivaojcvg
    2011-11-16 19:45 . 2011-11-05 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-11-16 19:45 . 2011-11-05 06:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-11-16 19:45 . 2011-11-05 06:53 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-11-16 19:45 . 2011-11-05 06:53 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-11-16 19:45 . 2011-11-05 06:53 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-11-16 19:45 . 2011-11-05 06:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-11-16 19:45 . 2011-11-05 03:21 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-11-16 19:45 . 2011-11-05 03:21 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-11-12 16:47 . 2011-11-12 16:47 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
    2011-11-09 21:36 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 21:36 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 21:36 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
    2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-10-25 19:15 . 2011-08-13 04:18 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-19 23:13 . 2011-06-29 16:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-01 02:42 . 2011-10-13 22:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-16 10:55 . 2011-10-06 19:12 4659712 ----a-w- c:\windows\system32\Redemption.dll
    2011-09-16 10:54 . 2011-09-16 10:54 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2011-09-16 10:54 . 2011-09-16 10:54 325552 ----a-w- c:\windows\MASetupCaller.dll
    2011-09-16 10:54 . 2011-09-16 10:54 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2011-09-16 10:54 . 2011-09-16 10:54 974848 ----a-w- c:\windows\system32\cis-2.4.dll
    2011-09-16 10:54 . 2011-09-16 10:54 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
    2011-09-16 10:54 . 2011-09-16 10:54 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
    2011-09-16 10:54 . 2011-09-16 10:54 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
    2011-09-16 10:54 . 2011-09-16 10:54 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
    2011-09-16 10:54 . 2011-09-16 10:54 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
    2011-09-16 10:54 . 2011-09-16 10:54 569344 ----a-w- c:\windows\system32\muzdecode.ax
    2011-09-16 10:54 . 2011-09-16 10:54 491520 ----a-w- c:\windows\system32\muzapp.dll
    2011-09-16 10:54 . 2011-09-16 10:54 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
    2011-09-16 10:54 . 2011-09-16 10:54 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
    2011-09-16 10:54 . 2011-09-16 10:54 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
    2011-09-16 10:54 . 2011-09-16 10:54 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
    2011-09-16 10:54 . 2011-09-16 10:54 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
    2011-09-16 10:54 . 2011-09-16 10:54 352256 ----a-w- c:\windows\system32\MSLUR71.dll
    2011-09-16 10:54 . 2011-09-16 10:54 258048 ----a-w- c:\windows\system32\muzoggsp.ax
    2011-09-16 10:54 . 2011-09-16 10:54 245760 ----a-w- c:\windows\system32\MSCLib.dll
    2011-09-16 10:54 . 2011-09-16 10:54 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
    2011-09-16 10:54 . 2011-09-16 10:54 200704 ----a-w- c:\windows\system32\muzwmts.dll
    2011-09-16 10:54 . 2011-09-16 10:54 155648 ----a-w- c:\windows\system32\MSFLib.dll
    2011-09-16 10:54 . 2011-09-16 10:54 143360 ----a-w- c:\windows\system32\3DAudio.ax
    2011-09-16 10:54 . 2011-09-16 10:54 135168 ----a-w- c:\windows\system32\muzaf1.dll
    2011-09-16 10:54 . 2011-09-16 10:54 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
    2011-09-16 10:54 . 2011-09-16 10:54 122880 ----a-w- c:\windows\system32\muzeffect.ax
    2011-09-16 10:54 . 2011-09-16 10:54 118784 ----a-w- c:\windows\system32\MaDRM.dll
    2011-09-16 10:54 . 2011-09-16 10:54 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
    2011-09-16 10:54 . 2011-10-06 19:12 821824 ----a-w- c:\windows\system32\dgderapi.dll
    2011-08-27 04:26 . 2011-10-13 22:25 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-27 04:26 . 2011-10-13 22:25 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-11-05 06:53 . 2011-11-16 19:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
    "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\jre7\bin\jusched.exe" [2010-02-02 149256]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
    "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [2011-11-07 21520]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-24 1343400]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-11-07 56208]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [2011-11-07 227312]
    S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-11-07 71440]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-11-07 164112]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-06-25 68208]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    .
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Dell User\AppData\Roaming\Mozilla\Firefox\Profiles\9xxn41mx.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1428485411-581020340-3678767433-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:24,ad,4a,5b,a7,93,b9,89,8a,01,3b,75,ba,af,71,8d,d0,3f,61,32,f2,0d,29,
    fd,66,e2,29,c2,c8,95,23,b6,77,71,f8,46,e9,56,e0,0b,61,80,80,2e,3c,95,3b,34,\
    "??"=hex:a4,ce,c6,6a,09,fd,5e,71,bf,b1,fc,a9,22,a8,f5,63
    .
    [HKEY_USERS\S-1-5-21-1428485411-581020340-3678767433-1000\Software\SecuROM\License information*]
    "datasecu"=hex:54,1b,c9,1c,d5,5b,bb,a8,dd,6d,53,91,6e,32,ff,de,4b,f7,f0,ba,b7,
    b6,bf,f8,2b,64,e4,55,21,a0,bb,bb,00,c8,55,2d,e9,b7,dd,a0,9f,6f,3a,a5,c0,4e,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\WUDFHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-23 21:17:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-23 21:17
    .
    Pre-Run: 186,520,985,600 bytes free
    Post-Run: 186,793,349,120 bytes free
    .
    - - End Of File - - C80FC8222C4E2951A68A907A7E967750
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Quick Scan:
    The Quick Scan for the preliminary scan is enough. We will run a full scan if it appears appropriate later. There is a note on the thread that states:
    =================================
    Combofix. Again this is covered:
    You won't even see the query or get the prompt if a Recovery Console is installed.
    =====================================
    Reformat:
    It's only the best thing to do if you have malware, such as a file infector or Ramnit infection can't be cleaner properly or possibly an extended Backdoor.bot infection that may have already compromised the system. Some users reformat like 'spring cleaning.' But that is because they don't know how to trouble shoot. I never recommend doing a 'routine' reformat.
    ==============================
    Malwarebytes:
    If you are using the paid Mbam, you will have Real Time Protection, it is using quasi-firewall capabilities. If these really are threats, you should be seeing the IP it's blocking and it means that something in the system is attempting to access the internet. It this really is a threat, then Mbam is doing it's job. Once we find the malware and remove it, this should stop.
    ================================
    About antivirus AVG/Avast:
    At no time did I tell you to uninstall Avast.
    What I did tell you was that you would have to uninstall AVG temporarily because Combofix won't run with AVG. And I gave you a choice of using either Avast or Avira as a temporary AV
    The Combofix directions tell you to disable the security programs while running the scans so they do not interfere.

    What this means:
    1. You can put AVG back on the system when we finish.
    2. Or you can choose to keep Avast or even change to Avira.
    3. Or you can use some other antivirus program> as long as you have an AV on the system that runs in Real Time and updates regularly.
    ====================================
    I hope this clarifies your misunderstandings. I am reviewing the Combofix log now and will return with some script for you to run.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please run this short scan:

    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =======================================
    Open Firefox> right click on Taskbar> Task Manager
    • Be sure that "Show processes from all users" is selected at the bottom left-hand corner of the window.
    • Click "Image Name" to sort this column alphabetically and then look at the top of the list.
    • Look for a numerical string such as "1077238835:3433286335.exe" (example only; your computer may display different numbers).

    Let me know if you have such an entry.
    ======================================
    And follow with this longer one:
    • Download OTL from either of the links below and save it to your desktop.
      Link 1
      Link 2
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
  8. NuclearSausage

    NuclearSausage Newcomer, in training Topic Starter

    Hey,
    Thanks for clarifying some of those issues up. The AVG isn't a problem either, because it was the free version anyway.
    Right, the logs:

    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.RP.11.ATBBOX
    ----- EOF -----

    OTL logfile created on: 29/11/2011 18:46:39 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dell User\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.46 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 71.28% Memory free
    6.92 Gb Paging File | 5.87 Gb Available in Paging File | 84.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 297.89 Gb Total Space | 169.53 Gb Free Space | 56.91% Space Free | Partition Type: NTFS
    Drive D: | 565.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DELLUSER-PC | User Name: Dell User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Dell User\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
    PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\Java\jre7\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Dell User\AppData\Local\temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\adc6081b96ada807b858bd7dd6c44b08\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\3c0633ebbeacf2d66ef3952b50568479\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b8f8841931a97c3ab2b652f13cfeb295\System.Xaml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\945868a5fd952dcfe3fa4904cbab936a\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9db16bf8a565eaa6bbb182dcd147cfb6\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1020c111f6b4ffeafa3055475e8df7de\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7306f4ac763fc6264804397bc22226e8\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\968981974b267a245b7b78393836df5a\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\18ec39f6cef17c8576736b60e0be5131\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\11a64ded5d210891688bdef1c54c26e4\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2250dfa714756e8a58db82433c1ae275\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\34b8c9534065b074e4e5228f40310e13\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\404a37992b5c2de07993795fb48dfc65\mscorlib.ni.dll ()
    MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys (Trusteer Ltd.)
    DRV - (RapportCerberus_32301) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys ()
    DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
    DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
    DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
    DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
    DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
    DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
    DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
    DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
    DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
    DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
    DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
    DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
    DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
    DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
    DRV - (nvrd32) -- C:\Windows\system32\DRIVERS\nvrd32.sys (NVIDIA Corporation)
    DRV - (nvsmu) -- C:\Windows\system32\DRIVERS\nvsmu.sys (NVIDIA Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 4F D2 9F E8 A9 CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.7.0.8524
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
    FF - prefs.js..extensions.enabledItems: {B22E157D-283C-498f-9554-C3A80E841E91}:1.7

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/29 18:20:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 19:45:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/16 19:45:33 | 000,000,000 | ---D | M]

    [2011/03/31 09:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell User\AppData\Roaming\Mozilla\Extensions
    [2011/11/15 22:28:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell User\AppData\Roaming\Mozilla\Firefox\Profiles\9xxn41mx.default\extensions
    [2011/11/08 19:20:44 | 000,000,000 | ---D | M] (AthensToolbar) -- C:\Users\Dell User\AppData\Roaming\Mozilla\Firefox\Profiles\9xxn41mx.default\extensions\{B22E157D-283C-498f-9554-C3A80E841E91}
    [2011/11/16 19:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/11/10 01:15:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/11/29 18:20:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/11/05 06:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/11/05 03:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/05 03:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2011/11/23 21:12:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C2320BF-8E49-4369-9899-CF7AEEF0C910}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEE17159-6734-47DE-A779-5DD405222FAF}: DhcpNameServer = 192.168.11.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4A33B5F-B633-4B6E-BDA5-C9C2B6AB00E9}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2004/03/11 19:21:36 | 000,000,148 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/29 18:43:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dell User\Desktop\OTL.exe
    [2011/11/23 21:12:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/11/23 21:10:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/23 21:10:10 | 000,000,000 | ---D | C] -- C:\Users\Dell User\AppData\Local\temp
    [2011/11/23 21:02:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/23 21:02:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/23 21:02:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/23 21:02:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/23 21:02:23 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/11/23 21:02:20 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/23 20:59:11 | 004,306,335 | R--- | C] (Swearware) -- C:\Users\Dell User\Desktop\ComboFix.exe
    [2011/11/23 20:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/11/23 20:57:38 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/11/23 20:57:37 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/11/23 20:57:31 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/11/23 20:57:29 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/11/23 20:57:27 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011/11/23 20:57:22 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/11/23 20:57:01 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/11/23 20:57:01 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/11/23 20:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/11/23 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/11/23 12:48:45 | 000,000,000 | ---D | C] -- C:\Users\Dell User\AppData\Roaming\Malwarebytes
    [2011/11/23 12:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/23 12:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/23 12:48:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/11/23 12:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/11/23 12:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/11/23 12:44:57 | 000,000,000 | ---D | C] -- C:\Users\Dell User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/11/22 21:11:27 | 000,000,000 | ---D | C] -- C:\Users\Dell User\AppData\Local\ivaojcvg
    [2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
    [2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/11/29 18:43:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dell User\Desktop\OTL.exe
    [2011/11/29 18:35:06 | 000,012,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/29 18:35:06 | 000,012,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/29 18:33:17 | 000,458,240 | ---- | M] () -- C:\Users\Dell User\Desktop\CKScanner.exe
    [2011/11/29 18:29:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/29 18:29:18 | 2788,970,496 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/29 18:20:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/11/28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/11/28 18:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/11/23 23:19:43 | 000,127,771 | ---- | M] () -- C:\Users\Dell User\Desktop\Duggan Hr, O2, and energy cost with stairs.pdf
    [2011/11/23 21:12:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/11/23 20:59:35 | 004,306,335 | R--- | M] (Swearware) -- C:\Users\Dell User\Desktop\ComboFix.exe
    [2011/11/23 20:57:39 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/11/23 12:48:39 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/23 12:44:57 | 000,002,983 | ---- | M] () -- C:\Users\Dell User\Desktop\HiJackThis.lnk
    [2011/11/23 10:46:48 | 000,472,013 | ---- | M] () -- C:\Users\Dell User\AppData\Local\census.cache
    [2011/11/23 10:46:40 | 000,125,933 | ---- | M] () -- C:\Users\Dell User\AppData\Local\ars.cache
    [2011/11/23 08:59:16 | 000,000,822 | ---- | M] () -- C:\Windows\DCEBOOT.RST
    [2011/11/23 01:51:11 | 000,022,032 | ---- | M] () -- C:\Windows\DCEBoot.exe
    [2011/11/23 00:49:54 | 000,000,036 | ---- | M] () -- C:\Users\Dell User\AppData\Local\housecall.guid.cache
    [2011/11/16 19:46:28 | 000,001,994 | ---- | M] () -- C:\Users\Dell User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/11/16 19:45:37 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/11/16 00:03:49 | 000,633,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/16 00:03:49 | 000,112,576 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/12 12:24:15 | 000,406,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

    ========== Files Created - No Company Name ==========

    [2011/11/29 18:33:16 | 000,458,240 | ---- | C] () -- C:\Users\Dell User\Desktop\CKScanner.exe
    [2011/11/23 23:19:43 | 000,127,771 | ---- | C] () -- C:\Users\Dell User\Desktop\Duggan Hr, O2, and energy cost with stairs.pdf
    [2011/11/23 21:02:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/23 21:02:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/23 21:02:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/23 21:02:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/23 21:02:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/23 20:57:39 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/11/23 12:48:39 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/23 12:44:57 | 000,002,983 | ---- | C] () -- C:\Users\Dell User\Desktop\HiJackThis.lnk
    [2011/11/23 08:59:16 | 000,000,822 | ---- | C] () -- C:\Windows\DCEBOOT.RST
    [2011/11/23 01:51:00 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
    [2011/11/23 00:57:10 | 000,472,013 | ---- | C] () -- C:\Users\Dell User\AppData\Local\census.cache
    [2011/11/23 00:57:03 | 000,125,933 | ---- | C] () -- C:\Users\Dell User\AppData\Local\ars.cache
    [2011/11/23 00:49:54 | 000,000,036 | ---- | C] () -- C:\Users\Dell User\AppData\Local\housecall.guid.cache
    [2011/11/16 19:45:37 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/09/16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011/09/16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2011/09/16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2011/09/16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2011/09/16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2011/07/06 18:02:10 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
    [2011/06/07 11:11:21 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/06/07 11:10:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/05/24 23:32:50 | 000,014,848 | ---- | C] () -- C:\Users\Dell User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/08 11:20:13 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf504
    [2011/04/01 18:48:03 | 000,000,000 | ---- | C] () -- C:\Users\Dell User\AppData\Local\prvlcl.dat
    [2011/04/01 00:41:40 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2011/03/31 10:12:03 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
    [2011/03/31 09:22:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2011/02/11 17:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2010/02/02 14:07:38 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/08/13 23:54:09 | 000,007,680 | ---- | C] () -- C:\Windows\System32\vmsal.dll
    [2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 04:33:53 | 000,406,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/14 02:05:48 | 000,633,494 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/14 02:05:48 | 000,112,576 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/07/13 22:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
    [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/06/02 18:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/05/29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/05/29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2008/10/22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2011/11/01 22:52:48 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
    [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
    [2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/10/28 06:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2009/10/28 05:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
    [2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

    < %systemroot%\*. /mp /s >

    < End of report >

    OTL Extras logfile created on: 29/11/2011 18:46:39 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dell User\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.46 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 71.28% Memory free
    6.92 Gb Paging File | 5.87 Gb Available in Paging File | 84.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 297.89 Gb Total Space | 169.53 Gb Free Space | 56.91% Space Free | Partition Type: NTFS
    Drive D: | 565.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DELLUSER-PC | User Name: Dell User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
    "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Virtual Windows XP
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3475AD55-62C2-4BB3-A7E7-86EB93FCB4DB}" = BioShock
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
    "{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{EDC08986-48D6-41aa-BCE1-F63FDB63CF6D}" = GraphPad Prism 5 (Trial)
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "avast" = avast! Free Antivirus
    "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
    "Halo 2" = Halo 2 for Windows Vista
    "ImgBurn" = ImgBurn
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Miro" = Miro
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "Rapport_msi" = Rapport
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 16/11/2011 16:31:12 | Computer Name = DellUser-PC | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 1. Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 17/11/2011 20:16:47 | Computer Name = DellUser-PC | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 1. Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 20/11/2011 18:31:31 | Computer Name = DellUser-PC | Source = VSS | ID = 8194
    Description =

    Error - 21/11/2011 12:36:44 | Computer Name = DellUser-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 21/11/2011 12:53:15 | Computer Name = DellUser-PC | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 1. Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 22/11/2011 16:58:12 | Computer Name = DellUser-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 22/11/2011 17:41:32 | Computer Name = DellUser-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AcroRd32.exe, version: 10.1.1.33, time
    stamp: 0xf36bac23 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
    stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x000477b2 Faulting process
    id: 0x103c Faulting application start time: 0x01cca95f76a9136c Faulting application
    path: C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe Faulting module path:
    C:\Windows\SYSTEM32\ntdll.dll Report Id: bdfa8a4b-1552-11e1-a060-f04da2ab1655

    Error - 23/11/2011 09:07:44 | Computer Name = DellUser-PC | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 1. Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 23/11/2011 12:05:13 | Computer Name = DellUser-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AcroRd32.exe, version: 10.1.1.33, time
    stamp: 0x4e64e4e2 Faulting module name: EScript.api, version: 10.1.1.33, time stamp:
    0x4e64f848 Exception code: 0xc0000005 Fault offset: 0x0007dfba Faulting process id:
    0xfb4 Faulting application start time: 0x01cca9f986b8f572 Faulting application path:
    C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe Faulting module path: C:\Program
    Files\Adobe\Reader 10.0\Reader\plug_ins\EScript.api Report Id: ec9aa982-15ec-11e1-8770-f04da2ab1655

    Error - 25/11/2011 15:04:44 | Computer Name = DellUser-PC | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 1. Multiple
    requestedPrivileges elements are not allowed in manifest.

    [ System Events ]
    Error - 04/09/2011 06:05:14 | Computer Name = DellUser-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 04/09/2011 06:05:27 | Computer Name = DellUser-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 04/09/2011 18:17:45 | Computer Name = DellUser-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 04/09/2011 18:17:58 | Computer Name = DellUser-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 05/09/2011 22:21:57 | Computer Name = DellUser-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 05/09/2011 22:22:10 | Computer Name = DellUser-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 06/09/2011 02:43:32 | Computer Name = DellUser-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 06/09/2011 02:43:45 | Computer Name = DellUser-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 06/09/2011 18:19:25 | Computer Name = DellUser-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 06/09/2011 18:19:38 | Computer Name = DellUser-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!


    < End of report >




    Thanks again for all your help!
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Need to sort out a couple of things:
    "Not responding" is not a redirect. It's a failure to connect. Can you clarify exactly what happens when you either paste a URL into the Address Bar or type it in?
    --------------------------------------------
    Can you describe this entry? ANGLE libGLESv2 Dynamic Link Library
    2011-11-05 06:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-11-05 06:53 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

    FYI: Bug 641630 - ANGLE's libEGL.dll and libGLESv2.dll don't have ASLR enabled
    https://bugzilla.mozilla.org/show_bug.cgi?id=641630
    --------------------------------
    Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
    This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

    1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
    2. Does it read "OEM Software" or "OEM Product" in black lettering?
    3. Or, does it have the computer manufacturer's name in black lettering?
    4. DO NOT post the Product Key.

    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
  10. NuclearSausage

    NuclearSausage Newcomer, in training Topic Starter

    Hey there,
    Basically, what used to happen, was if I was to type in a website address, or tried to follow a link from a search engine, I got redirected to a variety of sites. These sites would be selling anti-virus software, website domain names etc. This has pretty much stopped now though, since I started doing the steps suggested on this forum.
    I do still get occasionally a 'block' from MWMB saying a potentially dangerous process has tried to access IP address XXX.XXX (etc). I'm not sure how to stop those from occurring.
    In relation to what you were asking, I have no idea what those libEGL.dll and libGLESv2.dll are. I also I'm not sure what you mean by 'describe' them. Are you asking if they are files I deliberately made or something? I followed that link you gave me, and it said it was a bug. How should I proceed in relation to this?
    Here is the report below. I went through it and deleted what I thought may be sensitive information (i.e. product keys). If I was a little bit too zealous, and I deleted something you needed, just tell me what you need, and I'll repost it!
    Again, thanks a heap for all your help!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: [DELETED BY USER]
    Windows Product Key Hash: [DELETED BY USER]
    Windows Product ID: [DELETED BY USER]
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: [DELETED BY USER]
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000000
    Build lab: 7601.win7sp1_gdr.110622-1506
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 114 Blocked VLK 2
    Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{657B68B9-8FAA-41B8-8913-EA289C3AA57A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>[DELETED BY USER]</PKey><PID>00426-OEM-8992662-00400</PID><PIDType>2</PIDType><SID>S-1-5-21-1428485411-581020340-3678767433</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron N5030 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A02</Version><SMBIOSVersion major="2" minor="4"/><Date>20100913000000.000000+000</Date></BIOS><HWID>CE5A3407018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>WN09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57704</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7601.17514

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: [DELETED BY USER]
    Application ID: [DELETED BY USER]
    Extended PID: [DELETED BY USER]
    Installation ID: [DELETED BY USER]
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=[DELETED BY USER]
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=[DELETED BY USER]
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=[DELETED BY USER]
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=[DELETED BY USER]
    Partial Product Key: [DELETED BY USER]
    License Status: Licensed
    Remaining Windows rearm count: 4
    Trusted time: 06/12/2011 22:22:21

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 10:27:2011 22:18
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NAAAAAIAAgABAAIAAQABAAAAAgABAAEA6GGgLU402oV6f1iQIMfShv4+3ogOOKaoAgdGyg==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC DELL WN09
    FACP DELL WN09
    HPET DELL WN09
    MCFG DELL WN09
    SLIC DELL WN09
    OSFR DELL WN09
    SSDT PmRef CpuPm
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    This is not a redirect. It the security protecting the system
    --------------------------------
    By removing all of the keys and license numbers, you left me no information..The number strings do have a significance in determining whether the system is licensed and has been validated.

    For instance, even a partial product key can determine the status. It could be a default key only good for a specific time until validation.

    I'm sorry to tell you this but your Office install is not legal.

    Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
    This show that "Office" was using a volume license which is not valid.
    Office Status: 114 Blocked VLK 2
    Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.