[Taurus76]

Hi there,

I wonder if you can help. I am currently on a business trip in Amsterdam. I switched on my PC (a Dell laptop running Windows Vista, Service Pack 2) early this morning to check my personal and work emails, connecting to the internet via the hotel's free, unsecured wi-fi connection. I was just checking my emails when another browser window randomly opened up with the title 'Child Porn' showing some pretty horrific images. I tried to close it down as quickly as possible but then the entire screen was taken over by a screen apparently purporting to be some kind of police warning or something (it was all in what I presume was Dutch, so can't be entirely sure). I tried to use ctrl-alt-delte to access task manager but all that would allow me to do was to log off or switch user. So I did a hard reboot using the power button to switch the computer off. When I restarted (I didn't bother with safe mode) and logged on the screen was entirely white with a message saying 'please connect to the internet' on the top right. I used ctrl-alt-del to log into my wife's account (not an admin account) and ran Malwarebytes. After a short scan I got a report saying that it had found hijack.shell.gen.a. It said I would have to restart the computer to fix it, which I did. I logged on to my own account and it was still showing the white screen. I went back into my wife's account, ran Malwarebytes again, and when prompted to restart I didn't log into my own account but straight into my wife's account. Ran Malwarebytes again. At this point I can't remember whether hijack.shell.gen.a showed up or did not, but the next time I tried to log into my own account it was still showing the white screen. I tried downloading ComboFix to my wife's account but was told I need to be an Admin to run it. And then I found this forum.

I would be enormously grateful for any help.

Here is the OTL file:

OTL logfile created on: 10/02/2014 15:15:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shino\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 48.00% Memory free
6.15 Gb Paging File | 3.82 Gb Available in Paging File | 62.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 3.87 Gb Free Space | 1.74% Space Free | Partition Type: NTFS
Drive E: | 9.77 Gb Total Space | 4.55 Gb Free Space | 46.64% Space Free | Partition Type: NTFS
Drive F: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DAVID-PC | User Name: Shino | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/10 15:14:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shino\Desktop\OTL.exe
PRC - [2013/03/12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2010/04/05 16:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 13:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/11 15:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 15:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/09/24 13:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/17 14:17:20 | 000,442,460 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/08/27 15:29:00 | 001,662,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/05/24 05:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/08 08:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/11 21:21:32 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/11 08:16:02 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/08/19 23:28:16 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\7fd66554e201554f067d56ec2ea231bc\MenuSkinning.ni.dll
MOD - [2013/08/19 23:27:31 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\0e47927f23b2b510e83586cabb6dfa3e\VistaBridgeLibrary.ni.dll
MOD - [2013/08/19 23:27:28 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/08/19 23:27:26 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\9cc93eb4abb656108271027774b6b08a\DellDock.ni.exe
MOD - [2013/08/19 23:27:24 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\a7366c517a928f66691745f5c667d82f\MyDock.Util.ni.dll
MOD - [2013/08/19 23:27:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/19 22:37:15 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/19 22:36:17 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/19 22:32:40 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/11 21:39:33 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll
MOD - [2013/07/11 21:35:30 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/11/20 19:19:52 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Unknown] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2014/02/06 22:27:11 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Unknown] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Unknown] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Unknown] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Unknown] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2008/12/22 11:32:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Unknown] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/24 13:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Unknown] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/09/17 14:17:12 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Unknown] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\stacsv.exe -- (STacSV)
SRV - [2008/09/17 14:17:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Unknown] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/08 08:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Unknown] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/21 11:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/04/11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/10 03:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/08 03:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Unknown] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Unknown] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2010/04/15 13:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/12/13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/20 19:19:34 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/09/17 14:17:22 | 000,382,976 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/01/21 11:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/02/06 15:01:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2006/11/02 16:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=1081222
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=uk&ibd=1081222
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=1081222
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7DKUK_enGB328
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/11/15 23:28:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 16:37:31 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/12/16 12:10:44 | 000,439,288 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15110 more lines...
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KB1948985] "C:\Users\David\AppData\Local\KB1948985\KB1948985.exe" File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Shino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: KB1948985 = "C:\Users\David\AppData\Local\KB1948985\KB1948985.exe"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.16.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.255.132.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32846F07-919A-4265-8EE6-C66020E22E3E}: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA901DA2-2ED6-4760-9490-C4D3003DF898}: DhcpNameServer = 10.255.132.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\Users\David\AppData\Local\KB1948985\KB1948985.exe") - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 06:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/10 15:12:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shino\Desktop\OTL.exe
[2014/02/10 14:58:03 | 005,180,173 | ---- | C] (Swearware) -- C:\Users\Shino\Desktop\ComboFix.exe
[2014/02/10 14:16:32 | 000,000,000 | ---D | C] -- C:\Users\Shino\AppData\Roaming\Malwarebytes
[2014/01/26 21:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

========== Files - Modified Within 30 Days ==========

[2014/02/10 15:18:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/10 15:14:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shino\Desktop\OTL.exe
[2014/02/10 15:04:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/10 14:58:18 | 005,180,173 | ---- | M] (Swearware) -- C:\Users\Shino\Desktop\ComboFix.exe
[2014/02/10 14:48:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/10 14:48:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/10 14:48:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/10 14:47:59 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/10 14:27:31 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3821291098-3813080071-2103431083-1000UA.job
[2014/02/10 14:24:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/10 14:16:03 | 000,001,997 | ---- | M] () -- C:\Users\Shino\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/10 07:11:05 | 153,006,639 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2014/02/09 01:37:33 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3821291098-3813080071-2103431083-1000Core.job
[2014/02/06 23:23:27 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/30 22:25:03 | 000,000,750 | ---- | M] () -- C:\Users\Shino\Desktop\Anki.lnk

========== Files Created - No Company Name ==========

[2014/02/10 14:16:03 | 000,001,997 | ---- | C] () -- C:\Users\Shino\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/26 21:26:39 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/07 19:14:35 | 000,026,900 | ---- | C] () -- C:\Users\Shino\AppData\Local\dt.dat
[2011/11/28 22:15:24 | 000,005,972 | ---- | C] () -- C:\Users\Shino\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 21:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 15:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 15:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/28 22:15:47 | 000,000,000 | ---D | M] -- C:\Users\Shino\AppData\Roaming\AVG2012

========== Purity Check ==========



< End of report >

EDIT: I just noticed that OTL also produced a file called 'exras.txt'. Here it is:

OTL Extras logfile created on: 10/02/2014 15:15:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shino\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 48.00% Memory free
6.15 Gb Paging File | 3.82 Gb Available in Paging File | 62.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 3.87 Gb Free Space | 1.74% Space Free | Partition Type: NTFS
Drive E: | 9.77 Gb Total Space | 4.55 Gb Free Space | 46.64% Space Free | Partition Type: NTFS
Drive F: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DAVID-PC | User Name: Shino | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1801FB37-06A5-4532-8ED8-FED748829D85}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4B1C3522-E106-4FBE-8E86-5BE8BB331D72}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5E69D3D7-005A-400B-9363-3C13E517EE59}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FEA4ED92-B540-45A8-B4A9-431ECE851611}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C53B32-85A3-4EEE-832E-B83DFBCA9848}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{099D0F3C-9410-4CD2-943B-6EA50D1BC05A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{0DF1D0F8-2474-4E84-81D0-973E328E429B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{0E1B77FE-D52C-4F3F-B30A-1F63168B24B6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1A7ED8D3-D89F-4B25-8755-121152204B4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A6380E3-42A3-4E74-9DCA-225172378374}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2B289445-5896-4ECA-A8E6-5A99D2E702E3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{33BCE6D6-F6B9-473A-9CB7-55E313FDA9AE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3F8D2296-8270-4716-ADDB-C48AE1F140A1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{40080F83-F343-4BD2-857C-EDE66555FCD1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{43337703-0719-44B6-B11C-D4E77E72D5B0}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{4554EA7F-AFB8-40C4-B8F2-6284BDEE008B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{47A8A8B4-8429-4698-9A5E-FA23227F68D3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{5404E410-7E1F-4097-A660-708A372D7627}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{57E11509-C78C-4388-8017-5CB95B816F66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58CD2761-55D4-45FD-8EF3-D0DE9CE9F703}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{70DE778E-2B87-4C82-9761-BEB58815DBE7}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{77281894-7065-4798-AEDC-C2FFB8CDDE40}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7BE34CB7-74D1-4D3E-A9D7-6649D3D6B6B9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{7C538F56-997F-4C1A-B10B-B36AABB6C73D}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{7E13049F-FEE6-4398-ADA8-0C0FA704F2C8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{7F62BFDE-875D-4A2B-AFE4-8479D385C2D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BAE7F5E-16F8-4B3F-AF65-2A62F59DBA63}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9051956B-0B89-4AB6-B314-8FFA5956F56E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95DA604C-05C9-4093-B5F9-51DC86269B54}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95FD58DC-1D04-42DD-892F-8914CB480929}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9829B591-6DD9-4B94-91D5-3CCB2F690019}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A453E59B-0719-4C44-B35A-F0BFD24B57BF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A80EBC89-D260-45F9-8F6E-EE6CFE2F7887}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{A8256A69-E30F-4B3A-BF60-AC350338685C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A94FEF68-3966-4E66-AF36-6DBAFA913884}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{A9CDC85E-86F2-49A6-8107-05EB9399C8D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF1EF07B-1CF1-48DA-B6F1-90F17541F6FA}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{C06F0646-F81B-4580-BD20-AB55C7C663E9}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C2557D71-56E0-47F6-AD4D-4360B397685B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4EF501A-CBDE-4F82-B825-DFFCA9B163D7}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C9FEACE6-0EDE-4724-AB61-3C0AA3E73D2C}" = protocol=17 | dir=in | app=c:\program files\vso\vso downloader\3\vsodownloader.exe |
"{CA0A0850-8835-4AA1-B279-15FFBDECDE2A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{CE847EBF-9B5C-4416-92A5-A178702CE658}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFD642C9-0E96-42A9-B4BB-06394907A0F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D045E870-795C-4111-8902-5BE9D7C00D4C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{D9524A56-65E8-42F0-9AF6-AA14B5418534}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DEED58D5-B2FB-466B-A66C-090072301468}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E25DFE94-A5E2-467F-947F-C7976D223384}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4600108-A406-4F7D-9104-BBB268699C15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4A431A5-B4A4-45BE-826A-BDFFF3C0C54F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{E4D8809C-45D6-4108-B817-06A694E63C92}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{E6AE61CD-3EBB-49A9-ACBC-F0F416BA01B1}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{E92F1329-71E3-4099-B72D-A2E9583BA45E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{EB5F50F7-274B-4F20-A27A-D8322815E984}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{EB82D25A-A9E2-463B-8C8C-688A16D8DDE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB989FF3-8E9A-4F5F-A967-5C4C08E9E45C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F0C53548-59C6-4225-8A36-45B67FF15B96}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F1CC5445-5207-4DFD-93EA-31FFE7F6E044}" = protocol=6 | dir=in | app=c:\program files\vso\vso downloader\3\vsodownloader.exe |
"{F51350AF-2674-4F0E-BAB9-6E870199676E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{FB44E109-FC87-4AEC-B127-F791E8C72172}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{FB7DB4C5-28FF-44B5-BCAB-97CC69F2F79A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCFD042C-1D6C-45DD-865A-E5E55DC3D22B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE103504-CF92-4B6F-A6E1-C1FBA3946202}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{1B38ADEE-C6AD-4A4D-B0C1-9A4898694C6E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2722ADC4-4D57-4F66-BF5F-793F99C55F4C}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{397D6BC6-BEB4-4296-BA04-353D86D05FC3}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{7DDA879D-6C21-4803-AC05-8B4D57C8E871}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{E3FA1D2B-F035-429F-AE25-1690E67B7612}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{2F36510A-2282-4CFF-B0D4-D066D1A0B9A3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8BD2EEE4-D463-4008-9AEA-B239129065F8}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{B6E03ED0-3496-456A-BD31-BEB973304405}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{D682FAD5-D102-4C37-A5BA-E80ED43C1111}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{ECEECECD-1B4B-4B7C-8691-80FE5543C770}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14ebe571-096e-4cdd-8ee5-a2c0cc6b9b5e}" = Image Resizer for Windows
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{854C5F15-0B8E-4DC2-890C-D1C77BAFEBC2}" = AVG 2012
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8F61FB-37D9-4796-B3D5-A04991ABB20A}" = Image Resizer for Windows
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C5FB822B-2EED-44F2-B38F-5C7DD1FC5EB0}" = AVG 2012
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC085605-79A6-3D50-6AE8-42D213ECBAFC}" = BBC iPlayer Desktop
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Anki" = Anki
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2012
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"Handbrake" = Handbrake 0.9.4
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

Edited by Taurus76, 10 February 2014 - 12:30 AM.

[Advertisements]

Hi Taurus76,



My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Privet Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face.

 

Can you log into your own account(with Admin Privilege) in Safe Mode? Can you do the works normally in your Wife's account?

Regards.
Valinorum

[Valinorum]

Hi Taurus76,



My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Privet Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face.

 

Can you log into your own account(with Admin Privilege) in Safe Mode? Can you do the works normally in your Wife's account?

Regards.
Valinorum

[Taurus76]

Thanks so much for your reply, I really appreciate it. When I log into my own account using safe mode, the blank screen is still there and I am unable to access the desktop or task manager. My wife's account is functioning completely normally but it does not have admin privileges.

[Valinorum]

Hi Taurus76,

For this fix, we will be using your wife's user account which does not have any administrator privilege. Every time I ask you to run any tool you need to right-click and choose Run as administrator. Please provide the administrator password if asked.

 

• Step #1 Fix with OTL
• Re-run OTL by right clicking and choosing Run as administrator;
• Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').
  

  :Commands
  [createrestorepoint]
  
  :OTL
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
  O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
  O4 - HKLM..\Run: [KB1948985] "C:\Users\David\AppData\Local\KB1948985\KB1948985.exe" File not found
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: KB1948985 = "C:\Users\David\AppData\Local\KB1948985\KB1948985.exe"
  O13 - gopher Prefix: missing
  O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
  O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
  O20 - HKLM Winlogon: Shell - ("C:\Users\David\AppData\Local\KB1948985\KB1948985.exe") - File not found
  
  :Commands
  [emptytemp]
  

• Click on "Run Fix" and let the program run unhindered;
• Your PC will reboot automatically and a log will be opened;
• Please post it in your next reply.

 

Try to boot into your own user account and report me the result. Can you also try and reset the wallpaper?

• Required Log(s):
• OTL Fix Log

Regards,
Valinorum

[Taurus76]

Thanks again for all of your help. I ran OTL as per your instructions but when the computer rebooted it did not open a log and nor can I find one anywhere on the desktop. When I tried to log in to my own account the 'please connect to the internet' window was still taking up the whole screen and preventing me from accessing the desktop. I tried closing it using ctrl-w, alt-f4 etc. but to no avail. And then (I guess when the internet connection had been established) the screen became some kind of police warning again, as per the original incident. Should I try to run OTL again?

[Valinorum]

The log can be found in C:\_OTL\MovedFiles. Please post it for me.

[Taurus76]

It seems to be this one:

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Unable to set value : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E!
Unable to set value : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E!
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Program Files\AVG\AVG2012\avgssie.dll scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KB1948985 scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\KB1948985 scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Users\David\AppData\Local\KB1948985\KB1948985.exe" scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David

User: Default
->Temp folder emptied: 0 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
->Temporary Internet Files folder emptied: 33170 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
->Temporary Internet Files folder emptied: 33170 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
->Flash cache emptied: 56475 bytes

User: Public

User: Shino
->Temp folder emptied: 4059936 bytes
->Temporary Internet Files folder emptied: 13271156 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3149 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 228 bytes

Total Files Cleaned = 17.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02112014_003129

[Valinorum]

Do you have a flash drive with at least 1GB storage and a clean computer?

[Valinorum]

Hi Taurus76,

• Step #2
  For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
  
  Plug the flashdrive into the infected PC.
  
  Enter System Recovery Options.
  
  To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  
  On the System Recovery Options menu you will get the following options:Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[/list]
 

• Required Log(s):
• Farbar Recovery Scan Tool Log

Regards,
Valinorum

[Taurus76]

Apologies for taking so long to reply, but here is the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014 01
Ran by SYSTEM on MINWINPC on 11-02-2014 14:41:54
Running from D:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3563520 2008-11-20] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [1662032 2008-08-26] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-27] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-11] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [442460 2008-09-16] (IDT, Inc.)
HKLM\...\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ()
HKLM\...\Winlogon: [Shell] explorer.exe, "C:\Users\David\AppData\Local\KB1948985\KB1948985.exe" [x ] ()
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ( ())
HKU\David\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-12-21] (Google Inc.)
HKU\David\...\Run: [Google Update] - C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-08-11] (Google Inc.)
HKU\David\...\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ()
HKU\David\...\Policies\Explorer\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ()
HKU\David\...\Policies\system: [DisableTaskMgr] 1
HKU\David\...\Policies\system: [DisableRegistryTools] 1
HKU\Shino\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-24] (Apple Inc.)
HKU\Shino\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-12-21] (Google Inc.)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Shino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

========================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe [73728 2008-09-16] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-15] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe [225362 2008-09-16] (IDT, Inc.)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-11-20] (Dell Inc.)
S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

S1 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [16512 2007-02-05] (Adaptec)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-09] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-22] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-18] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-22] (AVG Technologies CZ, s.r.o. )
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-07] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-22] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-30] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-10] (AVG Technologies CZ, s.r.o.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-20] (Broadcom Corporation)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-11 14:41 - 2014-02-11 14:41 - 00000000 ____D () C:\FRST
2014-02-10 07:31 - 2014-02-10 07:31 - 00000000 ____D () C:\_OTL
2014-02-09 23:03 - 2014-02-09 23:03 - 00003264 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_160304.txt
2014-02-09 23:03 - 2014-02-09 23:03 - 00002298 _____ () C:\Users\Shino\Desktop\RKreport[0]_SC_02102014_160312.txt
2014-02-09 23:02 - 2014-02-09 23:02 - 00003115 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_160220.txt
2014-02-09 22:51 - 2014-02-09 22:51 - 00003239 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_155106.txt
2014-02-09 22:50 - 2014-02-09 22:50 - 00003089 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_155057.txt
2014-02-09 22:42 - 2014-02-09 22:42 - 00003172 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_154223.txt
2014-02-09 22:41 - 2014-02-09 22:41 - 00003020 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_154125.txt
2014-02-09 22:39 - 2014-02-09 22:39 - 00003309 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_153912.txt
2014-02-09 22:39 - 2014-02-09 22:39 - 00002136 _____ () C:\Users\Shino\Desktop\RKreport[0]_SC_02102014_153926.txt
2014-02-09 22:38 - 2014-02-09 22:38 - 00003146 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_153846.txt
2014-02-09 22:35 - 2014-02-09 23:03 - 00000000 ____D () C:\Users\Shino\Desktop\RK_Quarantine
2014-02-09 22:34 - 2014-02-09 22:34 - 03809792 _____ () C:\Users\Shino\Desktop\RogueKiller.exe
2014-02-09 22:25 - 2014-02-09 22:25 - 00052030 _____ () C:\Users\Shino\Desktop\OTL.Txt
2014-02-09 22:25 - 2014-02-09 22:25 - 00047708 _____ () C:\Users\Shino\Desktop\Extras.Txt
2014-02-09 22:12 - 2014-02-09 22:14 - 00602112 _____ (OldTimer Tools) C:\Users\Shino\Desktop\OTL.exe
2014-02-09 21:58 - 2014-02-09 21:58 - 05180173 _____ (Swearware) C:\Users\Shino\Desktop\ComboFix.exe
2014-02-09 21:16 - 2014-02-09 21:16 - 00000000 ____D () C:\Users\Shino\AppData\Roaming\Malwarebytes
2014-02-09 21:08 - 2014-02-09 21:08 - 00000000 ____D () C:\Users\David\AppData\Local\KB1948985
2014-02-08 19:28 - 2014-02-08 19:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla
2014-01-26 04:26 - 2014-02-06 06:23 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-25 12:35 - 2014-01-25 12:35 - 00006952 _____ () C:\Users\David\Documents\cc_20140126_053513.reg
2014-01-25 12:34 - 2014-01-25 12:34 - 00071600 _____ () C:\Users\David\Documents\cc_20140126_053359.reg

==================== One Month Modified Files and Folders =======

2014-02-11 14:41 - 2014-02-11 14:41 - 00000000 ____D () C:\FRST
2014-02-10 21:35 - 2008-12-21 12:05 - 01112807 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 21:35 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 21:35 - 2006-11-02 04:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 21:30 - 2006-11-02 02:33 - 00703516 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-10 21:29 - 2010-12-20 04:04 - 00000000 ____D () C:\Windows\System32\Drivers\AVG
2014-02-10 07:31 - 2014-02-10 07:31 - 00000000 ____D () C:\_OTL
2014-02-09 23:03 - 2014-02-09 23:03 - 00003264 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_160304.txt
2014-02-09 23:03 - 2014-02-09 23:03 - 00002298 _____ () C:\Users\Shino\Desktop\RKreport[0]_SC_02102014_160312.txt
2014-02-09 23:03 - 2014-02-09 22:35 - 00000000 ____D () C:\Users\Shino\Desktop\RK_Quarantine
2014-02-09 23:02 - 2014-02-09 23:02 - 00003115 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_160220.txt
2014-02-09 22:51 - 2014-02-09 22:51 - 00003239 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_155106.txt
2014-02-09 22:50 - 2014-02-09 22:50 - 00003089 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_155057.txt
2014-02-09 22:42 - 2014-02-09 22:42 - 00003172 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_154223.txt
2014-02-09 22:41 - 2014-02-09 22:41 - 00003020 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_154125.txt
2014-02-09 22:39 - 2014-02-09 22:39 - 00003309 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_153912.txt
2014-02-09 22:39 - 2014-02-09 22:39 - 00002136 _____ () C:\Users\Shino\Desktop\RKreport[0]_SC_02102014_153926.txt
2014-02-09 22:38 - 2014-02-09 22:38 - 00003146 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_153846.txt
2014-02-09 22:34 - 2014-02-09 22:34 - 03809792 _____ () C:\Users\Shino\Desktop\RogueKiller.exe
2014-02-09 22:25 - 2014-02-09 22:25 - 00052030 _____ () C:\Users\Shino\Desktop\OTL.Txt
2014-02-09 22:25 - 2014-02-09 22:25 - 00047708 _____ () C:\Users\Shino\Desktop\Extras.Txt
2014-02-09 22:14 - 2014-02-09 22:12 - 00602112 _____ (OldTimer Tools) C:\Users\Shino\Desktop\OTL.exe
2014-02-09 21:58 - 2014-02-09 21:58 - 05180173 _____ (Swearware) C:\Users\Shino\Desktop\ComboFix.exe
2014-02-09 21:16 - 2014-02-09 21:16 - 00000000 ____D () C:\Users\Shino\AppData\Roaming\Malwarebytes
2014-02-09 21:08 - 2014-02-09 21:08 - 00000000 ____D () C:\Users\David\AppData\Local\KB1948985
2014-02-09 15:16 - 2010-03-13 20:59 - 00000000 ____D () C:\Users\David\Documents\Anki
2014-02-08 19:28 - 2014-02-08 19:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla
2014-02-07 22:14 - 2009-05-21 08:01 - 00215552 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-06 09:55 - 2009-12-15 02:23 - 00000000 ____D () C:\Users\David\Documents\Admin
2014-02-06 06:23 - 2014-01-26 04:26 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-06 05:27 - 2012-04-02 06:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-02-06 05:27 - 2011-05-19 14:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-01-30 05:25 - 2012-08-13 16:57 - 00000750 _____ () C:\Users\Shino\Desktop\Anki.lnk
2014-01-30 05:25 - 2009-05-21 07:20 - 00000750 _____ () C:\Users\David\Desktop\Anki.lnk
2014-01-28 08:03 - 2009-12-15 02:23 - 00000000 ____D () C:\Users\David\Documents\Creative Writing
2014-01-28 07:48 - 2009-12-15 02:22 - 00000000 ___RD () C:\Users\David\Documents\Japanese language
2014-01-26 07:56 - 2008-01-20 18:47 - 00066286 _____ () C:\Windows\PFRO.log
2014-01-26 04:26 - 2009-05-21 07:52 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-01-26 04:26 - 2008-12-21 18:25 - 00000000 ____D () C:\Program Files\Google
2014-01-25 12:44 - 2013-10-24 06:26 - 00000000 ____D () C:\Users\David\Documents\Metaps
2014-01-25 12:40 - 2010-01-11 03:37 - 00000000 ____D () C:\Users\David\Documents\ebooks
2014-01-25 12:38 - 2009-05-21 05:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-25 12:37 - 2013-08-18 03:34 - 00000000 ____D () C:\Windows\System32\MRT
2014-01-25 12:35 - 2014-01-25 12:35 - 00006952 _____ () C:\Users\David\Documents\cc_20140126_053513.reg
2014-01-25 12:34 - 2014-01-25 12:34 - 00071600 _____ () C:\Users\David\Documents\cc_20140126_053359.reg
2014-01-25 12:32 - 2009-05-21 07:18 - 00000000 ____D () C:\Program Files\Soulseek
2014-01-25 12:32 - 2006-11-02 02:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-01-25 12:30 - 2013-09-30 12:18 - 00000000 ____D () C:\ProgramData\WebEx
2014-01-25 12:30 - 2011-09-18 17:46 - 00000000 ____D () C:\Program Files\Sega Saturn

Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\David\AppData\Local\Temp\LOCK.exe
C:\Users\David\AppData\Local\Temp\ose00000.exe
C:\Users\David\AppData\Local\Temp\ResetDevice.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-10-06 05:39:27
Restore point made on: 2013-10-10 08:50:40
Restore point made on: 2013-10-18 05:01:20
Restore point made on: 2013-11-14 07:57:31
Restore point made on: 2013-12-10 06:11:42
Restore point made on: 2013-12-12 07:02:26
Restore point made on: 2014-01-05 03:32:56
Restore point made on: 2014-01-25 12:32:16

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 3033.63 MB
Available physical RAM: 2716.82 MB
Total Pagefile: 2932.29 MB
Available Pagefile: 2791.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:223.08 GB) (Free:2.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:3.74 GB) (Free:2.58 GB) FAT32
Drive f: (SPINAL_TAP) (CDROM) (Total:4.37 GB) (Free:0 GB) UDF
Drive x: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:4.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 92CD386F)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=223 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2014-02-10 21:31

==================== End Of Log ============================

[Valinorum]

Hi Taurus76,

Apologies for taking so long to reply

No worries.

• Step #3 Fix with FRST
  This section of the fix has two parts. For the first part please peruse the following --
  
  Make sure that you have access to a clean PC or a functioning user account and still have FRST.exe in your flash drive. If you do not have it, download the suitable version from here to your flash-drive.
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --
    

    Start
    HKLM\...\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ()
    HKLM\...\Winlogon: [Shell] explorer.exe, "C:\Users\David\AppData\Local\KB1948985\KB1948985.exe" [x ] ()
    C:\Users\David\AppData\Local\KB1948985\KB1948985.exe
    HKLM\...\Policies\Explorer\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ( ())
    HKU\David\...\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ()
    HKU\David\...\Policies\Explorer\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ()
    S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
    2014-02-09 21:08 - 2014-02-09 21:08 - 00000000 ____D () C:\Users\David\AppData\Local\KB1948985
    C:\Users\David\AppData\Local\Temp\DataCard_Setup.exe
    C:\Users\David\AppData\Local\Temp\LOCK.exe
    C:\Users\David\AppData\Local\Temp\ose00000.exe
    C:\Users\David\AppData\Local\Temp\ResetDevice.exe
    HKU\David\...\Policies\system: [DisableTaskMgr] 1
    HKU\David\...\Policies\system: [DisableRegistryTools] 1
    End

  • Click on File > Save as...
  • Inside the File Name box type fixlist.txt;
  • From the Save as type drop down list, choose All Files
• Copy and Paste fixlist.txt to your flash drive.

You are ready to move to the second part. Please peruse --

• Connect your flash drive to the infected PC;
• Enter the System Recovery Options and select Command Prompt;
• Run FRST.exe( or FRST64.exe for 64-bit machine) again as outlined in the previous post;
• After the fix a log will be created in the flash drive named FixLog.txt;
• Copy and Paste the contents of the log in your next reply;
• Try to boot into Normal Mode.

 

• Required Log(s):
• FixLog.txt

Regards,
Valinorum

[Taurus76]

Thanks again!

I have a quick question: when running the farbar recovery scan tool, should I choose 'scan' or 'fix'?

[Valinorum]

Oops my bad. Click on Fix.

[Taurus76]

Thanks again!

Here is the Fix Log (posted from my wife's account - I will try to log in to my own account in a moment):

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-02-2014 01
Ran by SYSTEM at 2014-02-12 03:16:50 Run:1
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ()
HKLM\...\Winlogon: [Shell] explorer.exe, "C:\Users\David\AppData\Local\KB1948985\KB1948985.exe" [x ] ()
C:\Users\David\AppData\Local\KB1948985\KB1948985.exe
HKLM\...\Policies\Explorer\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ( ())
HKU\David\...\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ()
HKU\David\...\Policies\Explorer\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ()
S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
2014-02-09 21:08 - 2014-02-09 21:08 - 00000000 ____D () C:\Users\David\AppData\Local\KB1948985
C:\Users\David\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\David\AppData\Local\Temp\LOCK.exe
C:\Users\David\AppData\Local\Temp\ose00000.exe
C:\Users\David\AppData\Local\Temp\ResetDevice.exe
HKU\David\...\Policies\system: [DisableTaskMgr] 1
HKU\David\...\Policies\system: [DisableRegistryTools] 1
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KB1948985 => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
C:\Users\David\AppData\Local\KB1948985\KB1948985.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\KB1948985 => Value deleted successfully.
HKU\David\Software\Microsoft\Windows\CurrentVersion\Run\\KB1948985 => Value deleted successfully.
HKU\HKU\David\...\Policies\Explorer\Run: [KB1948985] - C:\Users\David\AppData\Local\KB1948985\KB1948985.exe [106333 2014-02-09] ()\Software\Microsoft\Windows\CurrentVersion\Run\\KB1948985 => Value not found.
yksvc => Service deleted successfully.
C:\Users\David\AppData\Local\KB1948985 => Moved successfully.
C:\Users\David\AppData\Local\Temp\DataCard_Setup.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\LOCK.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\ResetDevice.exe => Moved successfully.
HKU\David\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => Value deleted successfully.
HKU\David\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => Value deleted successfully.

==== End of Fixlog ====

[Taurus76]

And able to log in from my own account perfectly! Thank you!

(Just FYI: I am just heading out now so will be unable to reply immediately if there are any follow-up steps required.)