Jump to content

Recommended Posts

(This fist bit posted on the Canon forums a fortnight ago) I downloaded Quick Gamma from CBS interactive's Download.com  on 10th Aug. I got a load more than I bargained for. Two extra bits of software installed, My search dial and TopArcade Hits as well as my default search engine and homepage switched to My search dial. It took me 3 hours to rid these burdens, and what should have been a nice Saturday editing wedding photos became a triple check that lasted all night. At lest 3 different people got a this software snuck in the backdoor like me. There were no untick boxes at all.I thought I was fine....... Until my weekly banking software showed 5 logins to my Ebay acct. On Satuday night whilst I was cleaning the infestation. Luckilly, my Pay Pal acct had my previous bank details not my current one. I thought 'If they got my Ebay account details will they get my online banking details. My bank was informed and they've suspended my online banking and told me to get my laptop professionally sorted (I have a friend in that business who is looking at m laptop - I'm typing this on my mobile). Anyhow, did I read a thread about this on here a few months back? CBS' reply was a kind of 'Sorry you got infected, we bundle software with our dloads, not our fault you got hit.' Kind of reply. An Asian friend on a Fuji page says CNet is geting a reputation for this, and the Tech mags etc are up in arms about it. Has anyone else had a similar thing happen? If so what happened to you? CBSi will be geting the repair bill! I'm outraged a repected company allows its software to be hacked and does nothing to remedy this.I'm running Win 7.

(New post on here) I got the laptop back Sat, but was busy until 10 pm. Firefox had been reloaded along with No script by my technician. Loaded it up and put AVG free and Office 2010 and elements on. Missed the tick box that puts premier elements on. Then shut down. Away all day Sun @ wedding (lots of tips from the pro, held his off cam flash and got lovely shots and great ideas with just enough images for a portfolio now).Arrive home Monday lunch. 3pm AVG first scan ran. NO INFECTION. Went to D/load Photoscape for its preset filters. Got it from Filehippo which was reccomended by its makers (heck not using Cnet anymore). IE9 pop up appeared asking to be set up and I did then went 'S***t!' As I never use it. AVG scanned Photoscape as, OK. Went to Install it and AVG flashes up two trojans and search engine changed to Delta search and two Delta toolbars have installs. Add remove shows also Browser Defender and Norton Security scan also installed. Rang my tech to see what he put on then removed what he hadn't installed and D/loaded Malware bytes which Found (in about 5 or 6hrs of usage plus a further 2 hrs for the Mbytes scan) 71 infections. My tech had scanned from Linux and feformatedn and put my emails and backups in a direxctory after scanning on a sepertate secure HDD. In those 71 infections 3 old versions of Photoscape were flagged and removed. I have a report in skydrive and on. My HDD. During the scan, AVG flagged another trojan, pointig at Malwarebytes. My tech said roll back to before I installed anything. I'd tried to saved 2 Mbytes logs to my desktop when they were created but they weren't there. Upon rolling back they were, as was the browser history. Also when I held the. Mouse over the IE icon on the taskbar several web pages appeared in the frequent pane, includding an edsn.ebay.com or .co.uk /catalogue page, which on searching reveald a probable spyware distributing page. I'm assuming my tech only used it to d/load firefox. I went to add/remove in Cpanel and disabled it as I couldn't uninstall it (not listed in programmes) and, apart from another AVG first scan, that is where I'm at now. I'm looking at three possible causes. 1). Router hack or Virus, 2). Bios Virus or 3). The Viruses/Malware in the Photoscape backups somehow working to cause it. I'm going insane. Please help. MWB log below.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.26.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: LUKE [administrator]

26/08/2013 18:21:47
MBAM-log-2013-08-26 (20-02-51).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 428230
Time elapsed: 1 hour(s), 40 minute(s), 32 second(s)

Memory Processes Detected: 1
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 4316 -> No action taken.

Memory Modules Detected: 1
C:\Users\user\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (PUP.Optional.BabSolution.A) -> No action taken.

Registry Keys Detected: 31
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> No action taken.
HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> No action taken.
HKCR\escort.escortIEPane (PUP.Optional.Delta) -> No action taken.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> No action taken.
HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
HKCR\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> No action taken.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> No action taken.
HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> No action taken.
HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> No action taken.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken.
HKCR\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> No action taken.
HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> No action taken.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> No action taken.
HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> No action taken.
HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> No action taken.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> No action taken.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> No action taken.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> No action taken.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> No action taken.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> No action taken.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> No action taken.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> No action taken.
HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> No action taken.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> No action taken.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data:  -> No action taken.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NTRedirect (PUP.Optional.BabSolution.A) -> Data:  -> No action taken.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bad: (c:\progra~2\browse~1\261562~1.220\{c16c1~1\browse~1.dll) Good: () -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www2.delta-search.com/?babsrc=HP_ss&mntrId=843F001644B807AA&affID=119357&tsp=4986) Good: (http://www.google.com) -> No action taken.

Folders Detected: 6
C:\Users\user\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\Users\user\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\user\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> No action taken.

Files Detected: 31
C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (PUP.Optional.Delta) -> No action taken.
C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files\Delta\delta\1.8.24.6\deltaApp.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files\Delta\delta\1.8.24.6\deltasrv.exe (PUP.Optional.Delta) -> No action taken.
C:\backup\Users\Colin\Downloads\PhotoScape_V3.6.4.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\backup\Users\Colin\Downloads\PhotoScape_V3.6.3.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\backup\Users\Colin\Downloads\PhotoScape_V3.6.5.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\user\AppData\Local\Temp\0AB38C3E-BAB0-7891-BF8D-11267FE837C7\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\user\AppData\Local\Temp\0AB38C3E-BAB0-7891-BF8D-11267FE837C7\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\user\AppData\Local\Temp\0AB38C3E-BAB0-7891-BF8D-11267FE837C7\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> No action taken.
C:\Users\user\AppData\Local\Temp\0AB38C3E-BAB0-7891-BF8D-11267FE837C7\Latest\Setup.exe (PUP.Babylon.A) -> No action taken.
C:\Users\user\AppData\Local\Temp\is1615585457\DeltaTB.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\user\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> No action taken.
C:\Users\user\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (PUP.Optional.BabSolution.A) -> No action taken.

(end)
 

 

 

Link to post
Share on other sites

Hijack this log as follows.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23:48:21, on 27/08/2013
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!

FIREFOX: 23.0.1 (en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe

--
End of file - 3837 bytes
 

Link to post
Share on other sites

Hello Colin_Glover and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hello Borislav,

As requested DDS logfiles.

Thanks.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer:
Run by user at 22:46:35 on 2013-08-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3070.1900 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6ACC9124-906A-469D-9FB0-18CE922E2288} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A018C006-B801-4271-A2D4-86077B97331C} : DHCPNameServer = 172.16.11.7
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\6wbjqcqg.default\
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.5.0\npsitesafety.dll
FF - ExtSQL: 2013-08-19 20:03; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\user\appdata\roaming\mozilla\firefox\profiles\6wbjqcqg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-08-19 20:04; support@lastpass.com; c:\users\user\appdata\roaming\mozilla\firefox\profiles\6wbjqcqg.default\extensions\support@lastpass.com
FF - ExtSQL: 2013-08-26 22:34; avg@toolbar; c:\programdata\avg secure search\firefoxext\15.5.0.2
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-7-10 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-8-26 37664]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-27 1643184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-8-27 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-8-26 1343400]
.
=============== Created Last 30 ================
.
2013-08-27 23:42:20    --------    d-----w-    c:\windows\system32\SPReview
2013-08-27 23:41:37    --------    d-----w-    c:\windows\system32\EventProviders
2013-08-27 22:17:59    762880    ----a-w-    c:\windows\system32\azroles.dll
2013-08-27 22:16:59    73216    ----a-w-    c:\windows\system32\msiexec.exe
2013-08-26 23:06:10    75776    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-26 22:53:54    --------    d-----w-    c:\windows\system32\Wat
2013-08-26 22:51:25    70656    ----a-w-    c:\windows\system32\fontsub.dll
2013-08-26 22:51:25    34304    ----a-w-    c:\windows\system32\atmlib.dll
2013-08-26 22:51:25    295424    ----a-w-    c:\windows\system32\atmfd.dll
2013-08-26 22:36:31    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-08-26 22:36:31    526952    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-08-26 22:36:31    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-08-26 22:35:21    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-08-26 22:35:21    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-08-26 22:35:20    73216    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-08-26 22:35:20    172032    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-08-26 22:35:19    613888    ----a-w-    c:\windows\system32\WUDFx.dll
2013-08-26 22:35:19    38912    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-08-26 22:35:19    196608    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-08-26 22:34:22    5120    ----a-w-    c:\windows\system32\wmi.dll
2013-08-26 22:34:22    19824    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2013-08-26 22:34:22    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2013-08-26 22:31:14    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2013-08-26 22:28:46    317440    ----a-w-    c:\windows\system32\spoolsv.exe
2013-08-26 22:28:44    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-08-26 22:28:41    626688    ----a-w-    c:\windows\system32\usp10.dll
2013-08-26 22:28:33    311808    ----a-w-    c:\windows\system32\drivers\srv.sys
2013-08-26 22:28:33    310272    ----a-w-    c:\windows\system32\drivers\srv2.sys
2013-08-26 22:28:33    114688    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2013-08-26 22:28:25    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-08-26 22:28:20    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-08-26 22:27:25    376832    ----a-w-    c:\windows\system32\dpnet.dll
2013-08-26 22:27:25    2560    ----a-w-    c:\windows\system32\dpnaddr.dll
2013-08-26 22:27:22    31232    ----a-w-    c:\windows\system32\prevhost.exe
2013-08-26 22:26:59    196328    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-08-26 22:26:56    28672    ----a-w-    c:\windows\system32\dnscacheugc.exe
2013-08-26 22:26:56    132608    ----a-w-    c:\windows\system32\dnsrslvr.dll
2013-08-26 22:26:52    708608    ----a-w-    c:\program files\common files\system\wab32.dll
2013-08-26 22:26:44    69632    ----a-w-    c:\windows\system32\smss.exe
2013-08-26 22:26:44    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-08-26 22:23:50    3217408    ----a-w-    c:\windows\system32\mstscax.dll
2013-08-26 22:22:51    1549312    ----a-w-    c:\windows\system32\tquery.dll
2013-08-26 22:21:56    514560    ----a-w-    c:\windows\system32\qdvd.dll
2013-08-26 22:21:56    1328128    ----a-w-    c:\windows\system32\quartz.dll
2013-08-26 22:21:50    542208    ----a-w-    c:\windows\system32\kerberos.dll
2013-08-26 22:21:41    2616320    ----a-w-    c:\windows\explorer.exe
2013-08-26 22:21:36    2342400    ----a-w-    c:\windows\system32\msi.dll
2013-08-26 22:21:30    490496    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-08-26 22:19:50    8192    ----a-w-    c:\windows\system32\rdrmemptylst.exe
2013-08-26 22:18:50    123904    ----a-w-    c:\windows\system32\poqexec.exe
2013-08-26 22:18:48    826880    ----a-w-    c:\windows\system32\rdpcore.dll
2013-08-26 22:18:48    24576    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2013-08-26 22:18:48    18432    ----a-w-    c:\windows\system32\drivers\tdpipe.sys
2013-08-26 22:18:46    27008    ----a-w-    c:\windows\system32\drivers\Diskdump.sys
2013-08-26 22:10:00    --------    d-----w-    c:\program files\common files\PX Storage Engine
2013-08-26 21:58:22    169984    ----a-w-    c:\windows\system32\winsrv.dll
2013-08-26 21:58:11    107520    ----a-w-    c:\windows\system32\cdd.dll
2013-08-26 21:50:32    753664    ----a-w-    c:\windows\system32\nvcplui.exe
2013-08-26 21:50:32    413696    ----a-w-    c:\windows\system32\nvcpl.cpl
2013-08-26 21:50:32    307200    ----a-w-    c:\windows\system32\nvexpbar.dll
2013-08-26 21:50:32    1073152    ----a-w-    c:\windows\system32\nvcpluir.dll
2013-08-26 21:50:02    356352    ----a-w-    c:\windows\system32\NVUNINST.EXE
2013-08-26 21:50:00    729088    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2013-08-26 21:50:00    69715    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2013-08-26 21:50:00    5632    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2013-08-26 21:50:00    32768    ----a-w-    c:\program files\common files\installshield\professional\runtime\Objectps.dll
2013-08-26 21:50:00    266240    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2013-08-26 21:50:00    192512    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2013-08-26 21:49:55    188548    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2013-08-26 21:49:54    311428    ----a-w-    c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2013-08-26 21:49:49    356352    ----a-w-    c:\windows\system32\nvudisp.exe
2013-08-26 21:47:19    155136    ----a-w-    c:\windows\system32\drivers\Apfiltr.sys
2013-08-26 21:47:19    1419232    ----a-w-    c:\windows\system32\WdfCoInstaller01005.dll
2013-08-26 21:47:19    100418    ----a-w-    c:\windows\system32\Vxdif.dll
2013-08-26 21:45:49    45056    ----a-r-    c:\users\user\appdata\roaming\microsoft\installer\{42929f0f-ce14-47af-9fc7-ff297a603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2013-08-26 21:45:48    --------    d-----w-    c:\windows\system32\vmm32
2013-08-26 21:36:00    --------    d-----w-    c:\users\user\appdata\local\AVG Secure Search
2013-08-26 21:34:39    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-08-26 21:34:32    --------    d-----w-    c:\programdata\AVG Secure Search
2013-08-26 21:34:31    --------    d-----w-    c:\program files\common files\AVG Secure Search
2013-08-26 21:34:29    --------    d-----w-    c:\program files\AVG Secure Search
2013-08-26 21:06:52    7166848    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{2f360277-18ab-4331-b38a-c665e035dad0}\mpengine.dll
2013-08-26 21:06:42    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-08-26 20:56:12    --------    d-----w-    c:\users\user\appdata\local\Diagnostics
2013-08-26 17:16:46    --------    d-----w-    c:\users\user\appdata\roaming\Malwarebytes
2013-08-26 17:16:27    --------    d-----w-    c:\programdata\Malwarebytes
2013-08-26 17:16:26    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-08-26 17:15:59    --------    d-----w-    c:\users\user\appdata\local\Programs
2013-08-26 16:33:36    --------    d-----w-    c:\programdata\BrowserDefender
2013-08-26 16:33:32    --------    d-----w-    c:\programdata\Symantec
2013-08-26 16:33:20    --------    d-----w-    c:\programdata\NortonInstaller
2013-08-26 16:33:20    --------    d-----w-    c:\program files\NortonInstaller
2013-08-26 16:33:13    --------    d-----w-    c:\users\user\appdata\roaming\Babylon
2013-08-26 16:33:13    --------    d-----w-    c:\programdata\Babylon
2013-08-26 12:26:35    712048    ----a-w-    c:\windows\system32\drivers\ndis.sys
2013-08-26 12:26:35    652800    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-26 12:26:34    33280    ----a-w-    c:\windows\system32\drivers\RNDISMP.sys
2013-08-26 12:26:30    175104    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-26 12:26:30    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-26 12:26:30    1166848    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-26 12:26:30    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-26 12:24:58    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-26 12:18:40    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-08-26 12:18:40    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-08-26 12:18:40    101720    ----a-w-    c:\windows\system32\consent.exe
2013-08-26 12:15:05    --------    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2013-08-26 12:07:16    --------    d-----w-    c:\programdata\Microsoft SkyDrive
2013-08-26 12:05:53    --------    d-----w-    c:\users\user\appdata\local\Windows Live
2013-08-26 12:05:20    --------    d-----w-    c:\program files\common files\Windows Live
2013-08-24 23:09:38    --------    d-----w-    c:\program files\SmartSound Software
2013-08-24 23:09:33    --------    d-----w-    c:\programdata\SmartSound Software Inc
2013-08-24 23:01:09    --------    d-----w-    c:\users\user\appdata\local\Adobe
2013-08-24 22:39:07    --------    d-----w-    c:\windows\PCHEALTH
2013-08-24 22:37:02    --------    d-----w-    c:\program files\Microsoft Analysis Services
2013-08-24 22:36:28    --------    d-----w-    c:\users\user\appdata\local\Microsoft Help
2013-08-24 22:23:37    --------    d-----w-    c:\program files\DellTPad
2013-08-24 22:01:33    --------    d-----w-    c:\program files\Dell
2013-08-24 21:23:27    --------    d-----w-    c:\users\user\appdata\local\ElevatedDiagnostics
2013-08-24 21:12:11    --------    d-----w-    c:\users\user\appdata\roaming\AVG2013
2013-08-24 21:11:03    --------    d-----w-    c:\users\user\appdata\roaming\TuneUp Software
2013-08-24 21:10:00    --------    d--h--w-    C:\$AVG
2013-08-24 21:09:59    --------    d-----w-    c:\programdata\AVG2013
2013-08-24 21:08:46    --------    d-----w-    c:\program files\AVG
2013-08-24 21:05:35    --------    d-sh--w-    c:\windows\Installer
2013-08-24 21:05:06    --------    d--h--w-    c:\programdata\Common Files
2013-08-24 21:05:06    --------    d-----w-    c:\users\user\appdata\local\MFAData
2013-08-24 21:05:06    --------    d-----w-    c:\users\user\appdata\local\Avg2013
2013-08-24 21:05:06    --------    d-----w-    c:\programdata\MFAData
2013-08-21 21:58:09    --------    d---a-w-    C:\backup
2013-08-20 03:36:07    --------    d-----w-    c:\windows\Panther
2013-08-19 20:02:13    --------    d-----w-    c:\windows\system32\MRT
2013-08-19 19:26:11    --------    d-----w-    c:\users\user\appdata\roaming\OpenDNS Updater
2013-08-19 18:58:07    --------    d-----w-    c:\users\user\appdata\local\Mozilla
2013-08-19 18:56:16    --------    d-----w-    c:\windows\system32\wbem\Performance
2013-08-19 18:55:00    2422272    ----a-w-    c:\windows\system32\wucltux.dll
2013-08-19 18:54:54    88576    ----a-w-    c:\windows\system32\wudriver.dll
2013-08-19 18:54:48    33792    ----a-w-    c:\windows\system32\wuapp.exe
2013-08-19 18:54:48    171904    ----a-w-    c:\windows\system32\wuwebv.dll
.
==================== Find3M  ====================
.
2013-08-28 09:12:12    152576    ----a-w-    c:\windows\system32\msclmd.dll
2013-07-25 08:57:27    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-20 00:51:00    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-20 00:50:56    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-20 00:50:56    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 00:50:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-07-19 01:41:01    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-10 00:32:40    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-07-09 05:03:34    3968960    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53:46    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-06-15 03:38:43    31232    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-06-05 03:05:09    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 04:53:07    509440    ----a-w-    c:\windows\system32\qedit.dll
.
============= FINISH: 22:47:37.17 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 19/08/2013 19:52:41
System Uptime: 28/08/2013 20:25:21 (2 hours ago)
.
Motherboard: Dell Inc. |  | 0UK437
Processor: Intel® Core2 Duo CPU     T5550  @ 1.83GHz | Microprocessor | 989/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 37.491 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01F21028&REV_12\4&1237F73F&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01F21028&REV_12\4&1237F73F&0&0AF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01F21028&REV_12\4&1237F73F&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01F21028&REV_12\4&1237F73F&0&0BF0
Service:
.
==== System Restore Points ===================
.
RP33: 28/08/2013 00:42:11 - Windows 7 Service Pack 1
RP34: 28/08/2013 11:42:28 - Windows Update
.
==== Installed Programs ======================
.
Adobe Photoshop Elements 10
AVG 2013
Dell Resource CD
Dell Touchpad
Elements 10 Organizer
Laptop Integrated Webcam Driver (1.04.01.1011)  
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Drivers
PSE10 STI Installer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
.
==== Event Viewer Messages From Past Week ========
.
28/08/2013 20:24:46, Error: Service Control Manager [7043]  - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
28/08/2013 20:24:11, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
28/08/2013 10:33:53, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB979538).
28/08/2013 10:33:53, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB979688).
28/08/2013 10:33:53, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2756920).
28/08/2013 10:33:52, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2748349).
28/08/2013 10:33:52, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Rights Management Services Client for Windows 7 (KB979099).
28/08/2013 10:33:52, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB979309).
28/08/2013 10:33:52, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2442962).
28/08/2013 10:33:52, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2281679).
28/08/2013 10:33:51, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2467023).
28/08/2013 10:33:51, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2345886).
28/08/2013 10:33:51, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2483614).
28/08/2013 10:33:51, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2789644).
28/08/2013 10:33:49, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB977165).
28/08/2013 10:33:49, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB975560).
28/08/2013 10:33:49, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB972270).
28/08/2013 10:33:49, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2742598).
28/08/2013 10:33:49, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2656355).
28/08/2013 10:33:46, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB979482).
28/08/2013 10:33:46, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2387149).
28/08/2013 10:33:46, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2378111).
28/08/2013 10:33:46, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2296011).
28/08/2013 10:33:46, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2656410).
28/08/2013 10:33:45, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB974431).
28/08/2013 10:33:45, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB978542).
28/08/2013 10:33:45, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2535512).
28/08/2013 10:33:45, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2419640).
28/08/2013 10:33:45, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2736418).
28/08/2013 10:33:44, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB977074).
28/08/2013 10:33:44, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB982799).
28/08/2013 10:33:44, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB982665).
28/08/2013 10:33:44, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB982132).
28/08/2013 10:33:44, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB974571).
28/08/2013 10:33:44, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2423089).
28/08/2013 10:33:44, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Microsoft .NET Framework 3.5 SP1 Update for Windows 7 x86 (KB982526).
28/08/2013 10:33:44, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Update for Media Center for Windows 7 (KB2284742).
28/08/2013 10:33:43, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB979687).
28/08/2013 10:33:43, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB975467).
28/08/2013 10:33:43, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2729451).

28/08/2013 10:25:35, Error: Microsoft-Windows-WMPNSS-Service [14349]  - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
28/08/2013 00:39:28, Error: Service Control Manager [7030]  - The Creative OEM002 RunApp Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
28/08/2013 00:33:09, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
27/08/2013 03:03:00, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2813170).
26/08/2013 23:59:33, Error: Service Control Manager [7023]  -
22/08/2013 19:47:04, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2703157).
22/08/2013 19:47:04, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2598845).
.
==== End Of File ===========================
 

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x86
Ran by user on 28/08/2013 at 23:19:32.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\browserdefender"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babylon"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/08/2013 at 23:24:16.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

ADW Cleaner Before removal

# AdwCleaner v3.001 - Report created 28/08/2013 at 23:25:20

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : user - LUKE

# Running from : C:\Users\user\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Program Files\AVG Secure Search

Folder Found C:\Program Files\Common Files\AVG Secure Search

Folder Found C:\ProgramData\AVG Secure Search

Folder Found C:\users\user\AppData\Local\AVG Secure Search

Folder Found C:\users\user\AppData\LocalLow\AVG Secure Search

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6wbjqcqg.default\prefs.js ]

Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\15.5.0.2\",\"mtime\":137764[...]

*************************

AdwCleaner[R0].txt - [1756 octets] - [28/08/2013 23:25:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1816 octets] ##########

After Cleanup

# AdwCleaner v3.001 - Report created 28/08/2013 at 23:34:56

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : user - LUKE

# Running from : C:\Users\user\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\users\user\AppData\Local\AVG Secure Search

Folder Deleted : C:\users\user\AppData\LocalLow\AVG Secure Search

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6wbjqcqg.default\prefs.js ]

Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\15.5.0.2\",\"mtime\":137764[...]

*************************

AdwCleaner[R0].txt - [1896 octets] - [28/08/2013 23:25:20]

AdwCleaner[s0].txt - [1855 octets] - [28/08/2013 23:34:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1915 octets] ##########

Malwarebytes Log

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.28.08

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

user :: LUKE [administrator]

28/08/2013 23:51:39

mbam-log-2013-08-28 (23-51-39).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 413616

Time elapsed: 1 hour(s), 39 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Re Posting as it all ran into one Adware Cleaner before removal

# AdwCleaner v3.001 - Report created 28/08/2013 at 23:25:20

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : user - LUKE

# Running from : C:\Users\user\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Program Files\AVG Secure Search

Folder Found C:\Program Files\Common Files\AVG Secure Search

Folder Found C:\ProgramData\AVG Secure Search

Folder Found C:\users\user\AppData\Local\AVG Secure Search

Folder Found C:\users\user\AppData\LocalLow\AVG Secure Search

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6wbjqcqg.default\prefs.js ]

Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\15.5.0.2\",\"mtime\":137764[...]

*************************

AdwCleaner[R0].txt - [1756 octets] - [28/08/2013 23:25:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1816 octets] ##########

Link to post
Share on other sites

Adware Cleaner After cleanup

# AdwCleaner v3.001 - Report created 28/08/2013 at 23:34:56
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : user - LUKE
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\users\user\AppData\Local\AVG Secure Search
Folder Deleted : C:\users\user\AppData\LocalLow\AVG Secure Search

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6wbjqcqg.default\prefs.js ]

Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\15.5.0.2\",\"mtime\":137764[...]

*************************

AdwCleaner[R0].txt - [1896 octets] - [28/08/2013 23:25:20]
AdwCleaner[s0].txt - [1855 octets] - [28/08/2013 23:34:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1915 octets] ##########
 

Link to post
Share on other sites

And Malware Bytes after scan.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.28.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: LUKE [administrator]

28/08/2013 23:51:39
mbam-log-2013-08-28 (23-51-39).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 413616
Time elapsed: 1 hour(s), 39 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Been at work all day. I'm typing this on the train home at 20.10. Not been on the computer since this morning. I'll be back on it tonight. What should I be looking for? And what should I put on my computer to make it tight? I intend keeping no script, but can you reccomend anything else? I just found out my wifes laptop had no AV on it, must have been disabled. I'm concerned that viruses might cross network infect each other. What do you reccomend?

Link to post
Share on other sites

You're welcome! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Safe surfing! :)
Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.