Solved Argh! Adware Generic5.RVQ virus infection

[snowscreen]

Hi guys

Dell Inspiron laptop, think I've actually managed to get this from my Gopro camera memory card
:-(
AVG popped up with the warning earlier but can't remove it.
c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
Adware Generic5.RQV

Please find the required logs below

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.13.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dave And Nikki :: DAVEANDNIKKI-PC [administrator]
13/01/2013 17:13:49
mbam-log-2013-01-13 (17-13-49).txt
Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 415614
Time elapsed: 1 hour(s), 42 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[snowscreen]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
Run by Dave And Nikki at 17:16:59 on 2013-01-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2008.832 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer provided by Dell
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DriverFinder] c:\program files\driverfinder\DriverFinder.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0EA37DDA-3BC2-4820-948A-891859D97D8E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{403361AB-F474-4712-8614-8B7CF920E81F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C5077265-DA75-4B60-A90D-5592DAE97239} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dave and nikki\appdata\roaming\mozilla\firefox\profiles\czbvvy18.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dave and nikki\appdata\roaming\facebook\npfbplugin_1_0_1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-12 255968]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-5-5 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\mobilebrserv\mbbService.exe [2012-12-27 232288]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-21 54632]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-13 40776]
S2 Browser Manager;Browser Manager;c:\programdata\browser manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-11-10 2312216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-01-13 17:04:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-27 13:16:45 -------- d-----w- c:\programdata\MobileBrServ
2012-12-22 08:58:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 08:58:17 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-18 20:07:11 106240 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-12-16 20:55:36 -------- d-----w- c:\users\dave and nikki\appdata\roaming\redsn0w
.
==================== Find3M ====================
.
2012-12-21 16:49:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-21 16:49:25 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:36:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-12 04:47:48 255968 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-11-11 10:16:54 40437664 ----a-w- c:\users\dave and nikki\QuickTimeInstaller.exe
2012-11-11 10:08:32 10016339 ----a-w- c:\users\dave and nikki\K-Lite_Codec_Pack_940_Basic.exe
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-10-25 03:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 03:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 17:23:41.12 ===============

 

[snowscreen]

DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 05/05/2009 05:35:46
System Uptime: 13/01/2013 16:58:07 (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 124.117 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 8.302 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AVG 2011
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bonjour
Browser Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell-eBay
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
Download Manager and Options
DriverFinder
EasiestSoft Video Converter 1.0.2
Facebook Plug-In
FrostWire 5.3.2
FTDI USB Serial Converter Drivers
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
ImTOO DVD Ripper Platinum 5
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 37
Junk Mail filter update
K-Lite Codec Pack 9.4.0 (Basic)
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mobile Broadband HL Service
MobileMe Control Panel
Mozilla Firefox 5.0.1 (x86 en-GB)
MSVCRT
OGA Notifier 2.0.0048.0
Paint.NET v3.5.10
PowerDVD
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
SolveigMM Video Splitter
TomTom HOME Visual Studio Merge Modules
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VideoPad Video Editor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
.
==== End Of File ===========================

 

[Jay Pfoutz]

Hello, and welcome back to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• Warning! Once the scan is complete JRT will shut down your browser with NO warning.

• Shut down your protection software now to avoid potential conflicts.
• Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Copy and Paste the JRT.txt log into your next message.

 

[snowscreen]

Thanks Jay, as requested -

# AdwCleaner v2.105 - Logfile created 01/13/2013 at 19:26:57
# Updated 08/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dave And Nikki - DAVEANDNIKKI-PC
# Boot Mode : Normal
# Running from : C:\Users\Dave And Nikki\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****
Stopped & Deleted : Browser Manager
***** [Files / Folders] *****
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\bprotector_extensions.sqlite
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Dave And Nikki\AppData\LocalLow\TheBflix
Folder Deleted : C:\Users\Dave And Nikki\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\DAVEAN~1\AppData\Local\Temp\AskSearch
***** [Registry] *****
Key Deleted : HKCU\Software\5e2dadee03dbe17
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\5e2dadee03dbe17
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v5.0.1 (en-GB)
File : C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\prefs.js
Deleted : user_pref("extensions.4fa25eca5a032.scode", "\n(function(){var bdomains={\"search.babylon.com\":1,\"[...]
*************************
AdwCleaner[S1].txt - [2574 octets] - [13/01/2013 19:26:57]
########## EOF - C:\AdwCleaner[S1].txt - [2634 octets] ##########

 

[Jay Pfoutz]

Good!


OTL Quick Scan

Please download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
• Click Quick Scan button and let the program run uninterrupted.
• It will produce a log for you called OTL.txt, please post it in your next reply.
• You may need to use two posts to get it all.

 

[snowscreen]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Dave And Nikki on 13/01/2013 at 19:31:57.87
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/01/2013 at 19:36:58.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Jay Pfoutz]

See post 6 for next scan...

 

[snowscreen]

OTL logfile created on: 13/01/2013 19:42:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave And Nikki\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.99% Memory free
4.16 Gb Paging File | 2.97 Gb Available in Paging File | 71.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 123.79 Gb Free Space | 56.73% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 8.30 Gb Free Space | 56.67% Space Free | Partition Type: NTFS

Computer Name: DAVEANDNIKKI-PC | User Name: Dave And Nikki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/13 19:42:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave And Nikki\Desktop\OTL.exe
PRC - [2012/08/01 03:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/03/12 09:05:33 | 000,232,288 | ---- | M] () -- C:\ProgramData\MobileBrServ\mbbService.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/30 05:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 05:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/09 17:06:32 | 001,735,760 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/12/18 18:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/15 04:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/15 04:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/15 04:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/09/04 05:29:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/09/04 05:29:10 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/09/04 05:29:10 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/09/04 05:29:10 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/07 22:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 22:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/20 19:29:28 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
MOD - [2012/11/20 19:29:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll
MOD - [2012/11/20 19:29:15 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll
MOD - [2012/11/20 19:29:05 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7844c1ae91c8f584025756ad72e65176\System.Web.Services.ni.dll
MOD - [2012/11/20 19:28:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012/11/20 18:14:30 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012/11/20 18:14:02 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012/11/20 18:13:47 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012/11/20 18:10:39 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/20 18:09:44 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 12:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 12:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 12:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 12:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
MOD - [2008/12/22 10:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2008/11/03 14:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll


========== Services (SafeList) ==========

SRV - [2012/03/12 09:05:33 | 000,232,288 | ---- | M] () [Auto | Running] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/05/05 10:01:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/30 05:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/12/18 18:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/15 04:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/15 04:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/07 22:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/11/12 04:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/05/27 18:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/04/30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/12/22 10:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/15 04:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/11/04 23:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/09/04 05:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2004/02/04 13:19:32 | 000,024,177 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2004/02/04 13:19:16 | 000,057,372 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{1FB2961F-6B70-4D6E-A3FD-7EFE3D225950}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {DFD439A9-3067-49C5-89F2-276A92BF2342}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5B982E6D-9F9E-4D89-A8A1-A50ABB0CBC17}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKCU\..\SearchScopes\{DFD439A9-3067-49C5-89F2-276A92BF2342}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.11.0
FF - prefs.js..extensions.enabledAddons: 4fa25eca5a02b@4fa25eca5a02d.info:5.1
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledAddons: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1423
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\Facebook.com/FBPlugin,version=1.0.1: C:\Users\Dave And Nikki\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/12/11 18:22:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/13 19:27:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/16 22:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Extensions
[2011/12/16 22:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/06/12 20:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\extensions
[2012/06/12 20:51:38 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\extensions\4fa25eca5a02b@4fa25eca5a02d.info
[2011/08/14 17:32:47 | 000,195,100 | ---- | M] () (No name found) -- C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
[2012/11/08 07:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/16 19:30:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/08 07:40:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/12/11 18:22:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2009/07/06 16:08:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 07:31:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 08:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 08:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 08:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 08:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 08:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: warez-bb.org ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab (Bonusprint Image Uploader Version 6.x Control)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EA37DDA-3BC2-4820-948A-891859D97D8E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{403361AB-F474-4712-8614-8B7CF920E81F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5077265-DA75-4B60-A90D-5592DAE97239}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3dbdfd5f-5027-11e2-b5a7-002564405641}\Shell - "" = AutoRun
O33 - MountPoints2\{3dbdfd5f-5027-11e2-b5a7-002564405641}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/13 19:42:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dave And Nikki\Desktop\OTL.exe
[2013/01/13 19:31:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/13 19:21:41 | 000,499,023 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Dave And Nikki\Desktop\JRT.exe
[2013/01/13 19:20:12 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/13 17:07:16 | 000,000,000 | ---D | C] -- C:\Users\Dave And Nikki\Desktop\DPS
[2013/01/13 17:02:25 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dave And Nikki\Desktop\dds.com
[2012/12/27 13:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MobileBrServ
[2012/12/26 06:43:59 | 000,000,000 | ---D | C] -- C:\Users\Dave And Nikki\Desktop\Best
[2012/12/23 16:31:13 | 000,000,000 | ---D | C] -- C:\Users\Dave And Nikki\Desktop\GB XMAS
[2012/12/16 20:55:36 | 000,000,000 | ---D | C] -- C:\Users\Dave And Nikki\AppData\Roaming\redsn0w
[2012/11/11 10:13:26 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Users\Dave And Nikki\QuickTimeInstaller.exe
[2009/07/21 20:05:45 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Dave And Nikki\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2013/01/13 19:42:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave And Nikki\Desktop\OTL.exe
[2013/01/13 19:29:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 19:29:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 19:29:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/13 19:28:54 | 2105,921,536 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/13 19:28:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/13 19:21:44 | 000,499,023 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Dave And Nikki\Desktop\JRT.exe
[2013/01/13 19:19:05 | 000,554,087 | ---- | M] () -- C:\Users\Dave And Nikki\Desktop\adwcleaner.exe
[2013/01/13 17:10:11 | 000,614,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/13 17:10:11 | 000,111,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/13 17:04:26 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/13 17:02:25 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dave And Nikki\Desktop\dds.com
[2013/01/13 15:36:08 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/01/13 15:34:38 | 105,858,234 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/08 20:06:58 | 105,490,279 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2013/01/07 22:19:10 | 000,050,358 | ---- | M] () -- C:\Users\Dave And Nikki\Desktop\ZonePlusZ322.PDF
[2013/01/07 18:02:39 | 001,484,223 | ---- | M] () -- C:\Users\Dave And Nikki\Desktop\ultimate50ff.pdf
[2012/12/31 19:34:06 | 129,836,444 | ---- | M] () -- C:\Users\Dave And Nikki\Desktop\MumfordBabelDelIT.zip
[2012/12/27 22:33:21 | 000,029,679 | ---- | M] () -- C:\Users\Dave And Nikki\Desktop\gopro-hero-hd-2-3d-flymount-adaptor3.jpg
[2012/12/27 22:11:46 | 000,060,302 | ---- | M] () -- C:\Users\Dave And Nikki\Desktop\quality1.jpg
[2012/12/23 16:27:10 | 000,297,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/20 18:06:40 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Dave And Nikki\Desktop\uTorrent.exe

========== Files Created - No Company Name ==========

[2013/01/13 19:19:05 | 000,554,087 | ---- | C] () -- C:\Users\Dave And Nikki\Desktop\adwcleaner.exe
[2013/01/13 16:00:11 | 2105,921,536 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/07 22:19:09 | 000,050,358 | ---- | C] () -- C:\Users\Dave And Nikki\Desktop\ZonePlusZ322.PDF
[2013/01/07 18:02:39 | 001,484,223 | ---- | C] () -- C:\Users\Dave And Nikki\Desktop\ultimate50ff.pdf
[2012/12/31 19:10:53 | 129,836,444 | ---- | C] () -- C:\Users\Dave And Nikki\Desktop\MumfordBabelDelIT.zip
[2012/12/27 22:11:46 | 000,060,302 | ---- | C] () -- C:\Users\Dave And Nikki\Desktop\quality1.jpg
[2012/12/27 17:59:54 | 000,029,679 | ---- | C] () -- C:\Users\Dave And Nikki\Desktop\gopro-hero-hd-2-3d-flymount-adaptor3.jpg
[2012/11/11 10:07:38 | 010,016,339 | ---- | C] ( ) -- C:\Users\Dave And Nikki\K-Lite_Codec_Pack_940_Basic.exe
[2012/08/05 18:38:59 | 000,004,096 | -H-- | C] () -- C:\Users\Dave And Nikki\AppData\Local\keyfile3.drm
[2011/01/22 14:51:55 | 000,000,000 | ---- | C] () -- C:\Users\Dave And Nikki\avg_pct_stf_all_2011_24_c5.exe
[2010/02/05 18:46:14 | 000,061,224 | ---- | C] () -- C:\Users\Dave And Nikki\GoToAssistDownloadHelper.exe
[2009/07/05 14:57:21 | 000,002,128 | ---- | C] () -- C:\Users\Dave And Nikki\AppData\Roaming\wklnhst.dat
[2009/05/25 08:49:05 | 000,006,080 | ---- | C] () -- C:\Users\Dave And Nikki\AppData\Local\d3d9caps.dat
[2009/05/24 13:13:15 | 000,162,304 | ---- | C] () -- C:\Users\Dave And Nikki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/01/14 07:09:45 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\AVG10
[2011/12/24 16:21:11 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Azureus
[2010/03/07 14:31:13 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\DriverFinder
[2009/10/08 18:08:24 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\EA
[2012/01/16 20:41:55 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\EasiestSoft
[2010/02/07 18:20:41 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Facebook
[2011/09/17 17:55:27 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\FrostWire
[2012/08/18 14:15:06 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Mufyub
[2011/07/24 12:07:47 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\PCDr
[2012/01/06 20:48:47 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Publish Providers
[2012/12/16 21:41:00 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\redsn0w
[2010/01/06 19:45:50 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\reflectionweb
[2012/01/06 20:48:38 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Sony
[2010/04/22 21:58:16 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Template
[2011/12/16 22:11:15 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\TomTom
[2012/08/18 14:15:51 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Upfi
[2012/12/20 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\uTorrent
[2012/08/18 14:18:47 | 000,000,000 | ---D | M] -- C:\Users\Dave And Nikki\AppData\Roaming\Xetydu

========== Purity Check ==========


< End of report >


AVG has ran a scheduled scan while I'd left the laptop on, didn't find any problems.

 

[Jay Pfoutz]

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

 

[snowscreen]

Ouch
It found 11, see below.
Laptop froze while trying to start up before doing the ESET test tonight but on 2nd try it worked fine.
It was trying to do about 10 windows updates so maybe that didn't help.
I've also started to get this message over the last 2 days -
Windows has blocked some startup programs.
Windows blocks programs that require permission to run
when Windows starts. Click to view blocked programs.

ESET -

C:\Users\Dave And Nikki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MZY4NUM\optimizerpro11[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application cleaned by deleting - quarantined
C:\Users\Dave And Nikki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H580RSLM\babylon_nodns[1].exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Dave And Nikki\AppData\Local\Temp\ICReinstall\cnet2_SolveigMM_Video_Splitter_2_5_1109_29_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Dave And Nikki\AppData\Local\Temp\air8D2E.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Dave And Nikki\AppData\Local\Temp\jar_cache1294153318854106948.tmp multiple threats deleted - quarantined
C:\Users\Dave And Nikki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\22ade100-19f20392 Java/Exploit.CVE-2012-0507.BR trojan cleaned by deleting - quarantined
C:\Users\Dave And Nikki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-229815a5 Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Users\Dave And Nikki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\69f477ec-74eba587 multiple threats deleted - quarantined
C:\Users\Dave And Nikki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\2576f1fc-62d366f2 Java/TrojanDownloader.OpenStream.NCO trojan deleted - quarantined
C:\Users\Dave And Nikki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\1f00abff-60880481 a variant of Java/Agent.DM trojan deleted - quarantined
C:\Users\Dave And Nikki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7aac5307-7589e118 a variant of Java/Exploit.Agent.NEO trojan deleted - quarantined

 

[snowscreen]

AVG is still finding attacks when browsing webpages
Today was Exploit Rogue Scanner (type 1929)

 

[Jay Pfoutz]

Run AdwCleaner and Junkware Removal Tool as noted here: https://www.techspot.com/community/...ric5-rvq-virus-infection.188905/#post-1268410

 

[snowscreen]

# AdwCleaner v2.105 - Logfile created 01/15/2013 at 18:30:55
# Updated 08/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dave And Nikki - DAVEANDNIKKI-PC
# Boot Mode : Normal
# Running from : C:\Users\Dave And Nikki\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v5.0.1 (en-GB)
File : C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2703 octets] - [13/01/2013 19:26:57]
AdwCleaner[S2].txt - [771 octets] - [15/01/2013 18:30:55]
########## EOF - C:\AdwCleaner[S2].txt - [830 octets] ##########

 

[snowscreen]

Cheers Jay

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Dave And Nikki on 15/01/2013 at 18:37:31.94
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/01/2013 at 18:40:10.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Jay Pfoutz]

Hitman Pro

Please download Hitman Pro

• After the download completes please double click the program to run it.
• Accept the terms of the license agreement and click Next
• Let the scan run. It will not take long
• When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
• Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
• Upload log.xml here for review please

Farbar Service Scanner

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

 

[snowscreen]

Ok done -

HitmanPro 3.7.0.185
[URL='http://www.hitmanpro.com']www.hitmanpro.com[/URL]
   Computer name . . . . : DAVEANDNIKKI-PC
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : DaveAndNikki-PC\Dave And Nikki
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)
   Scan date . . . . . . : 2013-01-16 14:52:28
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 14m 3s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 59
   Objects scanned . . . : 1,934,683
   Files scanned . . . . : 98,563
   Remnants scanned  . . : 443,935 files / 1,392,185 keys
Malware _____________________________________________________________________
   C:\Users\Dave And Nikki\VIDEOPAD___NCH.VideoPad.v2.41.Incl.Keymaker-DJiNN\Keygen.exe -> Deleted
      Size . . . . . . . : 94,720 bytes
      Age  . . . . . . . : 66.2 days (2012-11-11 11:01:41)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : BAAC5FD9848723F61112BF4BB5F7D38F1E4B2BC068A954B352C8018B39ACC11E
    > G Data . . . . . . : Trojan.Fakealert.29014 (Engine-A)
    > Ikarus . . . . . . : Win32.SuspectCrc!IK
      Fuzzy  . . . . . . : 118.0
      References
         HKU\S-1-5-21-2376080593-3171216475-503929467-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Dave And Nikki\VIDEOPAD___NCH.VideoPad.v2.41.Incl.Keymaker-DJiNN\Keygen.exe

Potential Unwanted Programs _________________________________________________
   HKU\S-1-5-21-2376080593-3171216475-503929467-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro)
   HKU\S-1-5-21-2376080593-3171216475-503929467-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-2376080593-3171216475-503929467-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
Cookies _____________________________________________________________________
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\10JMMYMX.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\1BFN1VG0.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\1Z23BRO1.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\2C5BMNFP.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\4OIAM677.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\6EU3YLU7.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\6UPT660M.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\6ZCJ0YBQ.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\85EQQFV2.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\8BOSJQQM.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\A65O2J1Z.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\AM6FUIW4.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\ATQGOW18.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\AYEDEYC5.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\CGKCXGHC.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\dave_and_nikki@atdmt[1].txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\dave_and_nikki@atdmt[2].txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\dave_and_nikki@bs.serving-sys[2].txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\dave_and_nikki@microsoftwllivemkt.112.2o7[1].txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\DXVD7Z1W.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\F49HNQU2.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\FJ33AHQG.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\FSFY3NAC.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\FYF4VB2Z.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\GSKMV7LD.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\GTA5ET4B.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\H0QXPC98.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\IB79Y0Q2.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\IT2YML1J.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\IWASTZAR.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\J9Q23DJX.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\JBLM3116.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\JZMD5URE.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\M66N0551.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\OGR9O467.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\S1KIJQXL.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\TF8Z3IWH.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\UGLOJM51.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\VFEV88N2.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\VPY35L4O.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\WSLM2HWI.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Microsoft\Windows\Cookies\YZBXPEUR.txt
   C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:adtech.de
   C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:advertising.com
   C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:apmebf.com
   C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:atdmt.com
   C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:debenhams.122.2o7.net
   C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:doubleclick.net
   C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:fastclick.net
   C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:mediaplex.com
   C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:uk.at.atwola.com
   C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:www.burstnet.com
   C:\Users\Dave And Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\czbvvy18.default\cookies.sqlite:www4.smartadserver.com

 

[snowscreen]

Farbar Service Scanner Version: 16-01-2013
Ran by Dave And Nikki (administrator) on 16-01-2013 at 15:09:12
Running from "C:\Users\Dave And Nikki\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

 

[Jay Pfoutz]

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

 

[snowscreen]

ESET was all clear, took 1.5 hours instead of 2 this time.
Not seen any virus warnings today,
only the same message of - Windows has blocked some startup programs.
Windows blocks programs that require permission to run
when Windows starts. Click to view blocked programs

 

[Jay Pfoutz]

What programs list?

 

[snowscreen]

Nothing out of the ordinary, I just never used to have that message pop up in the bottom right corner before.
The programs that are blocked from start up have been that way for a year.
MobileMe
Apple Push
iTunes
Quicktime
Those are all from apple.
Also
Windows Live Messenger
Ahead Software gmbh nerocheck
Cyberlink Powerdvd
Tomtomhome.eve


Does it look like my system might now be clean following the clear ESET test?

 

[Jay Pfoutz]

Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Remove tools, temp files, old Restore Points

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :files
  ipconfig /flushdns /c
  
  :commands
  [CREATERESTOREPOINT]
  [CLEARALLRESTOREPOINTS]
  [emptyflash]
  [emptytemp]
  [emptyjava]
  [reboot]

• Then click the Run Fix button at the top.
• Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
• It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[snowscreen]

Thanks for all your time and help on this,

Here's the security check -
Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2011
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 6 Update 37
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.5 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (5.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

 

[Jay Pfoutz]

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from Adobe.com

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?