jsstevo

Hi, All's working now thanks. I think the driver may have been corrupted by a virus that I recently removed. I removed the driver, rebooted and have internet again! Here are the scans though... MiniToolBox by Farbar Version: 25-11-2012 Ran by dell (administrator) on 29-12-2012 at 22:56:14 Running from "C:\Users\dell\Desktop" Windows Vista Home Basic Service Pack 2 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Intel® 82562V 10/100 Network Connection = Local Area Connection (Connected) Marvell Libertas 802.11b/g Wireless LAN Client Adapter = Wireless Network Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : dell-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® 82562V 10/100 Network Connection Physical Address. . . . . . . . . : 00-1D-09-7A-32-7D DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::68b8:581e:bcea:8252%30(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 29 December 2012 22:51:53 Lease Expires . . . . . . . . . . : 30 December 2012 22:51:52 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 503323913 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-11-50-B1-00-1D-09-7A-32-7D DNS Servers . . . . . . . . . . . : 194.168.4.100 194.168.8.100 NetBIOS over Tcpip. . . . . . . . : Enabled Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Marvell Libertas 802.11b/g Wireless LAN Client Adapter #2 Physical Address. . . . . . . . . : 00-B0-8C-04-84-19 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 6: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:381f:3a24:3f57:fffa(Preferred) Link-local IPv6 Address . . . . . : fe80::381f:3a24:3f57:fffa%8(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Local Area Connection* 7: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 10: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{C965E8A6-F574-49CC-86D2-45FB589C304D} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 6TO4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 19: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{97A597F4-5D44-4557-B526-5AE54559B156} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: cache1.service.virginmedia.net Address: 194.168.4.100 Name: google.com Addresses: 2a00:1450:4009:805::1009 173.194.34.162 173.194.34.165 173.194.34.169 173.194.34.174 173.194.34.167 173.194.34.163 173.194.34.168 173.194.34.160 173.194.34.161 173.194.34.166 173.194.34.164 Pinging google.com [173.194.34.169] with 32 bytes of data: Reply from 173.194.34.169: bytes=32 time=29ms TTL=53 Reply from 173.194.34.169: bytes=32 time=18ms TTL=53 Ping statistics for 173.194.34.169: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 18ms, Maximum = 29ms, Average = 23ms Server: cache1.service.virginmedia.net Address: 194.168.4.100 Name: yahoo.com Addresses: 98.139.183.24 72.30.38.140 98.138.253.109 Pinging yahoo.com [72.30.38.140] with 32 bytes of data: Reply from 72.30.38.140: bytes=32 time=226ms TTL=51 Reply from 72.30.38.140: bytes=32 time=254ms TTL=51 Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 226ms, Maximum = 254ms, Average = 240ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time=9ms TTL=128 Reply from 127.0.0.1: bytes=32 time=3ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 3ms, Maximum = 9ms, Average = 6ms =========================================================================== Interface List 30 ...00 1d 09 7a 32 7d ...... Intel® 82562V 10/100 Network Connection 12 ...00 b0 8c 04 84 19 ...... Marvell Libertas 802.11b/g Wireless LAN Client Adapter #2 1 ........................... Software Loopback Interface 1 8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface 32 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 17 ...00 00 00 00 00 00 00 e0 isatap.{C965E8A6-F574-49CC-86D2-45FB589C304D} 10 ...00 00 00 00 00 00 00 e0 6TO4 Adapter 24 ...00 00 00 00 00 00 00 e0 isatap.{97A597F4-5D44-4557-B526-5AE54559B156} =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.5 276 192.168.0.5 255.255.255.255 On-link 192.168.0.5 276 192.168.0.255 255.255.255.255 On-link 192.168.0.5 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.5 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.5 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 8 18 ::/0 On-link 1 306 ::1/128 On-link 8 18 2001::/32 On-link 8 266 2001:0:5ef5:79fd:381f:3a24:3f57:fffa/128 On-link 30 276 fe80::/64 On-link 8 266 fe80::/64 On-link 8 266 fe80::381f:3a24:3f57:fffa/128 On-link 30 276 fe80::68b8:581e:bcea:8252/128 On-link 1 306 ff00::/8 On-link 8 266 ff00::/8 On-link 30 276 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation) Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation) Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation) Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation) Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation) Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation) Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (12/29/2012 07:34:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5446556 Error: (12/29/2012 07:34:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5446556 Error: (12/29/2012 07:34:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/29/2012 05:03:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 16892163 Error: (12/29/2012 05:03:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 16892163 Error: (12/29/2012 05:03:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/29/2012 10:55:40 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 32571792 Error: (12/29/2012 10:55:40 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 32571792 Error: (12/29/2012 10:55:40 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/29/2012 01:53:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15631 System errors: ============= Error: (12/28/2012 10:06:54 PM) (Source: Service Control Manager) (User: ) Description: XAudioService%%2 Error: (12/28/2012 10:06:54 PM) (Source: Service Control Manager) (User: ) Description: 30000Roxio Hard Drive Watcher 9 Error: (12/28/2012 10:06:54 PM) (Source: Service Control Manager) (User: ) Description: LogMeIn Kernel Information Provider%%3 Error: (12/28/2012 10:06:54 PM) (Source: Service Control Manager) (User: ) Description: LMIGuardianSvc%%3 Error: (12/28/2012 09:41:53 PM) (Source: Service Control Manager) (User: ) Description: Windows Search%%1053 Error: (12/28/2012 09:41:53 PM) (Source: Service Control Manager) (User: ) Description: 30000Windows Search Error: (12/28/2012 09:41:53 PM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (12/28/2012 09:38:12 PM) (Source: Service Control Manager) (User: ) Description: LMIGuardianSvc%%3 Error: (12/28/2012 08:31:35 PM) (Source: Service Control Manager) (User: ) Description: XAudioService%%2 Error: (12/28/2012 08:31:35 PM) (Source: Service Control Manager) (User: ) Description: 30000Roxio Hard Drive Watcher 9 Microsoft Office Sessions: ========================= Error: (12/29/2012 07:34:30 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5446556 Error: (12/29/2012 07:34:30 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5446556 Error: (12/29/2012 07:34:30 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/29/2012 05:03:31 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 16892163 Error: (12/29/2012 05:03:31 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 16892163 Error: (12/29/2012 05:03:31 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/29/2012 10:55:40 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 32571792 Error: (12/29/2012 10:55:40 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 32571792 Error: (12/29/2012 10:55:40 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/29/2012 01:53:04 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15631 CodeIntegrity Errors: =================================== Date: 2012-12-28 20:54:09.871 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2012-12-28 20:54:09.419 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2012-12-28 20:54:09.029 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2012-12-28 20:54:08.639 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2012-12-28 20:54:08.171 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2012-12-28 20:54:07.594 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2012-12-28 19:25:22.334 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2012-12-28 19:25:22.131 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2012-12-28 19:25:21.928 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2012-12-28 19:25:21.710 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. =========================== Installed Programs ============================ 32 Bit HP CIO Components Installer (Version: 7.1.8) Adobe Reader X (10.1.4) (Version: 10.1.4) Apple Application Support (Version: 2.2.2) Apple Mobile Device Support (Version: 6.0.0.59) Apple Software Update (Version: 2.1.3.127) ArcSoft PhotoImpression BlackBerry Desktop Software 5.0.1 (Version: 5.0.1.28) BlackBerry® Media Sync (Version: 2.0.28) Bonjour (Version: 3.0.0.10) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) D3DX10 (Version: 15.4.2368.0902) HPDiagnosticAlert (Version: 1.00.0000) iCloud (Version: 2.0.2.187) Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections 12.1.11.0 (Version: ) iTunes (Version: 10.7.0.21) iX-100 Twain Driver ver 1.0 Java 7 Update 10 (Version: 7.0.100) Java Auto Updater (Version: 2.1.9.0) Junk Mail filter update (Version: 15.4.3502.0922) Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Corporation (Version: 9.1.0.0) Microsoft LifeCam (Version: 3.22.270.0) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office Outlook Connector (Version: 14.0.5118.5000) Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0) Microsoft Search Enhancement Pack (Version: 3.0.133.0) Microsoft Security Client (Version: 4.1.0522.0) Microsoft Security Essentials (Version: 4.1.522.0) Microsoft Silverlight (Version: 4.1.10329.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MSVCRT (Version: 15.4.2862.0708) MSVCSetup (Version: 1.00.0000) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) PowerDVD (Version: 7.0) QuickTime (Version: 7.72.80.56) Realtek High Definition Audio Driver Roxio Creator Audio (Version: 3.3.0) Roxio Creator BDAV Plugin (Version: 3.3.0) Roxio Creator Copy (Version: 3.3.0) Roxio Creator Data (Version: 3.3.0) Roxio Creator DE (Version: 3.3.0) Roxio Creator Tools (Version: 3.3.0) Roxio Express Labeler (Version: 2.1.0) Roxio Media Manager (Version: 9.4.067) Roxio Update Manager (Version: 3.0.0) Segoe UI (Version: 15.4.2271.0615) Sonic Activation Module (Version: 1.0) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) W541U (Version: 1.00.0000) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live Family Safety (Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live Sync (Version: 14.0.8089.726) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Windows Mobile Device Center (Version: 6.1.6965.0) Windows Mobile Device Center Driver Update (Version: 6.1.6965.0) WinRAR archiver ========================= Memory info: =================================== Percentage of memory in use: 49% Total physical RAM: 2036.45 MB Available physical RAM: 1021.77 MB Total Pagefile: 4320.18 MB Available Pagefile: 2811.5 MB Total Virtual: 2047.88 MB Available Virtual: 1939.96 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:54.07 GB) NTFS 2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.56 GB) NTFS ========================= Users: ======================================== User accounts for \\DELL-PC Administrator dell Guest LogMeInRemoteUser ========================= Minidump Files ================================== No minidump file found **** End of log **** ______________________________________________________________________________ Farbar Service Scanner Version: 23-12-2012 Ran by dell (administrator) on 29-12-2012 at 23:02:03 Running from "C:\Users\dell\Desktop" Windows Vista Home Basic Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll [2012-10-10 04:37] - [2012-06-02 00:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****

Sorry but have another one for you. Been through basic searches and nothing found so here goes again. Main symptom is that I cannot access the web. Can see local network and router. I've had to download the software from another PC and trf over as no Internet on the infected PC. as a Here's the Malwarebytes log from a quick search............... Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.14.11 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 dell :: DELL-PC [administrator] Protection: Disabled 28/12/2012 00:40:59 mbam-log-2012-12-28 (00-40-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 259601 Time elapsed: 12 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) And yes, I have taken tje network cable out and plugged into another PC to prove it works!

Firewall now seems to be staying on thanks. Here's the log results... SystemLook 30.07.11 by jpshortstuff Log created at 00:46 on 13/12/2012 by Powell Administrator - Elevation successful ========== filefind ========== Searching for "*.pst" No files found. -= EOF =-

Right, installed Windows Security and Defender still not starting. I've Googled this and other forums say it shouldn't with WSE installed. So, apart from the pst going missing, all seems well. Thanks ever so much for your help. Anything else I need to do?

My Windows Defender is still turned off. Could that be due to the virus or could AVG be controlling it?

Farbar Service Scanner Version: 10-12-2012 Ran by Powell (administrator) on 11-12-2012 at 18:11:46 Running from "C:\Users\Powell\Desktop" Windows Vista Home Basic Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll [2012-12-07 11:41] - [2012-06-02 00:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****

CC Support..... Log Opened: 2012-12-11 @ 18:05:38 18:05:38 - ----------------- 18:05:38 - | Begin Logging | 18:05:38 - ----------------- 18:05:38 - Fix started on a WIN_VISTA X86 computer 18:05:38 - Prep in progress. Please Wait. 18:05:39 - Prep complete 18:05:39 - Repairing Services Now. Please wait... INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv> SetACL finished successfully. 18:05:40 - Services Repair Complete. 18:06:08 - Reboot Initiated

The whole Outlook.pst file has vanished! Also can't find ScanPst.exe

FSS Farbar Service Scanner Version: 10-12-2012 Ran by Powell (administrator) on 10-12-2012 at 21:08:46 Running from "C:\Users\Powell\Desktop" Windows Vista Home Basic Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll [2012-12-07 11:41] - [2012-06-02 00:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****

PC seems to be running smoothly, but have lost my PST file, Windows filewall keeps getting turned off and Defender says error 0x800106ba. Thoughts?

Sorry, please ignore last post!

Which one do I download? Windows x86 Online 0.85 MB jre-7u9-windows-i586-iftw.exe Windows x86 Offline 29.72 MB jre-7u9-windows-i586.exe Windows x86 39.42 MB jre-7u9-windows-i586.tar.gz Windows x64 31.18 MB jre-7u9-windows-x64.exe Windows x64 41.19 MB jre-7u9-windows-x64.tar.gz

ESET... C:\Qoobox\Quarantine\C\Windows\Installer\{ff89b466-57b4-627d-bc2f-2671b90096a1}\U\000000cb.@.vir Win32/Conedex.O trojan C:\Users\Powell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3e5a138c-6b0ec259 multiple threats C:\Users\Powell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7502b54c-2dc93ce3 Java/Exploit.CVE-2012-0507.BR trojan C:\Users\Powell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\23dea351-263c965d Java/Exploit.CVE-2012-0507.BS trojan C:\Users\Powell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\55aa8f03-4205d649 Java/Exploit.CVE-2012-0507.BZ trojan C:\Users\Powell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\59516da1-45d16f38 Java/Exploit.CVE-2012-0507.BR trojan C:\Users\Powell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\877c433-657faa19 Java/Exploit.CVE-2012-0507.BR trojan C:\Users\Powell\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120612015248717.rsc multiple threats

AdwCleaner produced no log but did restart the PC

First log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.9.9 (12.08.2012:3) OS: Windows Vista Home Basic x86 Ran by Powell on 08/12/2012 at 17:35:53.69 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2502074296-1060862760-2130226744-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08/12/2012 at 17:37:52.35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here you go..... ComboFix 12-12-04.01 - Powell 07/12/2012 18:09:34.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2036.884 [GMT 0:00] Running from: c:\users\Powell\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Powell\AppData\Local\Temp\12071249-00000110-bhxooivlce\tmp84F8.tmp c:\users\Powell\AppData\Roaming\Efzy c:\users\Powell\AppData\Roaming\Efzy\uhuqo.ruy c:\users\Powell\AppData\Roaming\Microsoft\Windows\.data c:\users\Powell\AppData\Roaming\Obifem c:\users\Powell\AppData\Roaming\Obifem\yppum.cao c:\windows\Installer\{ff89b466-57b4-627d-bc2f-2671b90096a1}\@ c:\windows\Installer\{ff89b466-57b4-627d-bc2f-2671b90096a1}\L\00000004.@ c:\windows\Installer\{ff89b466-57b4-627d-bc2f-2671b90096a1}\L\1afb2d56 c:\windows\Installer\{ff89b466-57b4-627d-bc2f-2671b90096a1}\L\201d3dde c:\windows\Installer\{ff89b466-57b4-627d-bc2f-2671b90096a1}\U\00000004.@ c:\windows\Installer\{ff89b466-57b4-627d-bc2f-2671b90096a1}\U\000000cb.@ c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2012-11-07 to 2012-12-07 ))))))))))))))))))))))))))))))) . . 2012-12-07 18:16 . 2012-12-07 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-07 13:05 . 2012-12-07 13:05 -------- d-----w- c:\windows\en 2012-12-07 13:04 . 2010-09-23 00:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2012-12-07 13:04 . 2012-12-07 13:04 -------- dc----w- c:\windows\system32\DRVSTORE 2012-12-07 13:04 . 2012-12-07 13:04 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2012-12-07 13:02 . 2012-12-07 13:02 -------- d-----w- c:\program files\MSN Toolbar 2012-12-07 13:01 . 2012-12-07 13:02 -------- d-----w- c:\program files\Bing Bar Installer 2012-12-07 13:01 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-12-07 13:01 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2012-12-07 13:01 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2012-12-07 13:01 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2012-12-07 13:00 . 2012-12-07 13:01 -------- d-----w- c:\program files\Microsoft Silverlight 2012-12-07 12:52 . 2012-12-07 12:52 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\c74478321cdd47925\InstallManager_WLE_WLE.exe 2012-12-07 12:52 . 2012-12-07 12:52 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\ac8da9d21cdd4791a\MeshBetaRemover.exe 2012-12-07 12:51 . 2012-12-07 12:51 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\913c22121cdd47912\DSETUP.dll 2012-12-07 12:51 . 2012-12-07 12:51 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\913c22121cdd47912\DXSETUP.exe 2012-12-07 12:51 . 2012-12-07 12:51 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\913c22121cdd47912\dsetup32.dll 2012-12-07 12:51 . 2012-12-07 12:51 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\8ffac8721cdd47911\DSETUP.dll 2012-12-07 12:51 . 2012-12-07 12:51 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\8ffac8721cdd47911\DXSETUP.exe 2012-12-07 12:51 . 2012-12-07 12:51 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\8ffac8721cdd47911\dsetup32.dll 2012-12-07 12:50 . 2012-12-07 12:50 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\679412121cdd47905\Silverlight.4.0.exe 2012-12-07 12:00 . 2012-11-19 01:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8A52066-080A-4FB5-B98A-BAFFF1F9019E}\mpengine.dll 2012-12-07 11:55 . 2012-12-07 11:55 -------- d-----w- c:\program files\Common Files\Skype 2012-12-07 11:41 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-12-07 11:41 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-07 11:41 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-12-07 11:41 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-07 11:41 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-07 11:40 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-12-07 11:34 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-12-07 11:34 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-07 11:11 . 2012-12-07 11:11 -------- d-----w- c:\users\Powell\AppData\Local\PowerDVD DX 2012-12-06 22:29 . 2012-12-06 22:29 -------- d-----w- c:\users\Powell\AppData\Local\Google 2012-12-04 00:14 . 2012-12-04 00:15 -------- d-----w- c:\users\Powell\AppData\Local\Adobe 2012-12-03 23:32 . 2012-12-07 11:13 -------- d-----w- c:\program files\test 2012-12-03 22:25 . 2012-12-03 22:25 -------- d-----w- c:\program files\PC Tools 2012-12-03 22:24 . 2012-12-03 23:04 -------- d-----w- c:\program files\Common Files\PC Tools 2012-12-03 22:24 . 2012-11-01 15:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-12-03 22:23 . 2012-12-03 23:03 -------- d-----w- c:\programdata\PC Tools 2012-12-03 22:23 . 2012-12-03 22:23 -------- d-----w- c:\users\Powell\AppData\Roaming\TestApp 2012-12-02 14:09 . 2012-12-02 14:08 477168 ----a-w- c:\windows\system32\npdeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-07 13:02 . 2010-06-24 11:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-12-02 14:08 . 2011-03-04 16:59 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-02 14:04 . 2012-06-11 23:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-02 14:04 . 2012-06-11 23:13 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-29 19:54 . 2011-03-04 11:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-10 11:23 . 2012-09-10 11:23 254888 ----a-w- c:\windows\msiserv.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-25 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-25 154136] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-25 129560] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2006-11-05 11:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-07-13 13:33 17419952 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2502074296-1060862760-2130226744-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 14:04] . 2012-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 11:32] . 2012-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 11:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 . - - - - ORPHANS REMOVED - - - - . BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\test\SASSEH.DLL MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSConfigStartUp-tgwuc - c:\users\Powell\tgwuc.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-07 18:21 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\windows\servicing\TrustedInstaller.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\msiserv.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\RtHDVCpl.exe c:\windows\system32\igfxsrvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2012-12-07 18:24:44 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-07 18:24 . Pre-Run: 74,774,810,624 bytes free Post-Run: 75,650,760,704 bytes free . - - End Of File - - F0729F5880430FD296928ECE8DFD490C

Completed the above and all seems to be working great now thanks. Below are the 2 logs as requested.... System Log was so big i have to attached it. MBAR log after 1st scan.... Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.12.06.13 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Powell :: POWELL_PC [administrator] 07/12/2012 01:01:19 mbar-log-2012-12-07 (01-01-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 25849 Time elapsed: 14 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 11 C:\Windows\system32\drivers\ab8ab7175eb8cab.sys (Rootkit.Necurs) -> Delete on reboot. [d3e15255e29cd10993c399aea29f7d53] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_3_312496128_infected.mbam (Rootkit.Alureon.E.VBR) -> Delete on reboot. [31ba07904227693b2884b069e702d5d2] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Alureon.E.VBR) -> Delete on reboot. [dc25ad1ba05c99b57384557812ee9d21] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_312480000_user.mbam (Forged physical sector) -> Delete on reboot. [52f75630ce5c4a808d16e59bcde58c7e] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_312497113_user.mbam (Forged physical sector) -> Delete on reboot. [c47c94f4418255cc89d93b07aa7a82da] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_312499983_user.mbam (Forged physical sector) -> Delete on reboot. [711f33ebad49260aefcfc22b92fab5a9] c:\windows\syshost.exe (Trojan.Downloader) -> Delete on reboot. [aa511abf035af93df01a40a2b949f907] c:\users\powell\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot. [33c823b6b5a8dd59e3210b3e996a2ad6] c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot. [ba41a831d885c17574900a3f4fb4de22] c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot. [6e8d5e7b86d7c175d133aa9f57ac6e92] c:\windows\temp\syshost.exe (Spyware.Agent) -> Delete on reboot. [f90219c095c871c560a42c1d44bf35cb] (end) MBAR log after 2nd scan.... Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.12.07.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Powell :: POWELL_PC [administrator] 07/12/2012 11:47:45 mbar-log-2012-12-07 (11-47-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 25876 Time elapsed: 29 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) This there anythnig else I need to do now? What software would you recommend running on a PC full time to prevent re-infection? system-log.txt

Hi all, New to this virus killing so please go gentle on me! The second PC I'm using keeps getting virus' where it redirects the IE to porn sites, etc. when searching for basics like BBC. It also pops up various sites and put odd forign sounds through the speakers! I've followed your instructions have have the below 3 logs. mbam-log-2012-12-06 (23-18-18) Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.06.12 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Powell :: POWELL_PC [administrator] 06/12/2012 23:18:18 mbam-log-2012-12-06 (23-18-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207336 Time elapsed: 3 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 9.0.8112.16448 Run by Powell at 23:30:00 on 2012-12-06 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2036.1177 [GMT 0:00] . AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Explorer.EXE C:\Program Files\test\SASCORE.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uWindow Title = Internet Explorer provided by Dell uSearch Bar = hxxp://www.btopenworld.com/searchpane uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4080105 mDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4080105 BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [sUPERAntiSpyware] c:\program files\test\SUPERAntiSpyware.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [GrpConv] grpconv -o mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: NameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{E0E19315-2928-478F-AA59-5A4739D96A59} : DHCPNameServer = 194.168.4.100 194.168.8.100 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\test\SASSEH.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R2 !SASCORE;SAS Core Service;c:\program files\test\SASCore.exe [2012-7-11 116608] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 27496] S1 SASDIFSV;SASDIFSV;c:\program files\test\sasdifsv.sys [2011-7-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\test\SASKUTIL.SYS [2011-7-12 67664] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-8-16 21504] S2 W32Sch;Windows Scheduler;c:\windows\msiserv.exe [2012-9-10 254888] S3 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-12-06 22:45:16 -------- d-sh--w- C:\$RECYCLE.BIN 2012-12-06 22:43:05 -------- d-s---w- C:\ComboFix 2012-12-06 22:29:59 -------- d-----w- c:\users\powell\appdata\local\Google 2012-12-04 00:14:56 -------- d-----w- c:\users\powell\appdata\local\Adobe 2012-12-03 23:33:01 -------- d-----w- c:\users\powell\appdata\roaming\SUPERAntiSpyware.com 2012-12-03 23:32:37 -------- d-----w- c:\program files\test 2012-12-03 22:25:43 -------- d-----w- c:\program files\PC Tools 2012-12-03 22:24:03 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-12-03 22:24:03 -------- d-----w- c:\program files\common files\PC Tools 2012-12-03 22:23:12 -------- d-----w- c:\users\powell\appdata\roaming\TestApp 2012-12-03 22:23:12 -------- d-----w- c:\programdata\PC Tools 2012-12-02 14:09:23 477168 ----a-w- c:\windows\system32\npdeployJava1.dll . ==================== Find3M ==================== . 2012-12-02 14:08:59 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-02 14:04:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-02 14:04:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-29 19:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-10 11:23:59 254888 ----a-w- c:\windows\msiserv.exe . ============= FINISH: 23:32:43.06 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume3 Install Date: 05/01/2008 14:55:20 System Uptime: 06/12/2012 22:53:11 (1 hours ago) . Motherboard: Dell Inc. | | 0RY007 Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2194/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 139 GiB total, 60.287 GiB free. D: is FIXED (NTFS) - 10 GiB total, 4.253 GiB free. E: is CDROM () F: is CDROM () G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . ABBYY FineReader 6.0 Sprint Adobe Flash Player 11 ActiveX Adobe Reader 8.1.3 Boots F2CD Picture Suite Camera RAW Plug-In for EPSON Creativity Suite Compatibility Pack for the 2007 Office system Conexant D850 PCI V.92 Modem Digital Line Detect EPSON Attach To Email EPSON Easy Photo Print EPSON File Manager EPSON Scan EPSON Scan Assistant EPSON Stylus SX200_SX400_TX200_TX400 Manual EPSON Stylus SX400 Series Printer Uninstall Google Chrome Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® PRO Network Connections 12.1.11.0 Java Auto Updater Java 6 Update 37 Java SE Runtime Environment 6 Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Modem Diagnostic Tool MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NetWaiting OGA Notifier 2.0.0048.0 PowerDVD Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler Roxio MyDVD DE Roxio Update Manager Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype Toolbars Skype™ 5.2 Sonic Activation Module SUPERAntiSpyware Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) User's Guides Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Live Writer Windows Mobile Device Center Windows Mobile Device Center Driver Update . ==== End Of File =========================== Please help as it's driving me mad!