Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijack.shell.gen.a [Closed]


  • This topic is locked This topic is locked

#16
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
This is a good news. Please copy FRST to your Desktop and run from your admin account and click Scan and post the log. No need to use the recovery console this time. Also, Re-run OTL and click on Quick Scan and post the log.
  • 0

Advertisements


#17
Taurus76

Taurus76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thanks again for all your help. Here is FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by David (administrator) on DAVID-PC on 13-02-2014 17:56:26
Running from C:\Users\David\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3563520 2008-11-20] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [1662032 2008-08-27] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-08] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-24] (CyberLink Corp.)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [442460 2008-09-17] (IDT, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3821291098-3813080071-2103431083-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-12-22] (Google Inc.)
HKU\S-1-5-21-3821291098-3813080071-2103431083-1000\...\Run: [Google Update] - C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-08-11] (Google Inc.)
HKU\S-1-5-21-3821291098-3813080071-2103431083-1000\...\MountPoints2: {1218f5dc-08c3-11e1-accf-0023ae04e481} - G:\AutoRun.exe
HKU\S-1-5-21-3821291098-3813080071-2103431083-1000\...\MountPoints2: {1218f5e9-08c3-11e1-accf-0023ae04e481} - G:\AutoRun.exe
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Shino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=1081222
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=uk&ibd=1081222
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=1081222
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.16.0.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe [73728 2008-09-17] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-24] (Stardock Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe [225362 2008-09-17] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-11-20] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R1 ASPI32; C:\Windows\system32\Drivers\ASPI32.sys [16512 2007-02-06] (Adaptec)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-20] (Broadcom Corporation)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-13 17:56 - 2014-02-13 17:58 - 00013038 _____ () C:\Users\David\Desktop\FRST.txt
2014-02-13 17:55 - 2014-02-13 17:55 - 00000000 ____D () C:\Users\David\Desktop\FRST-OlderVersion
2014-02-13 17:54 - 2014-02-13 17:55 - 01141248 _____ (Farbar) C:\Users\David\Desktop\FRST.exe
2014-02-12 07:41 - 2014-02-13 17:56 - 00000000 ____D () C:\FRST
2014-02-11 00:31 - 2014-02-11 00:31 - 00000000 ____D () C:\_OTL
2014-02-10 16:03 - 2014-02-10 16:03 - 00003264 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_160304.txt
2014-02-10 16:03 - 2014-02-10 16:03 - 00002298 _____ () C:\Users\Shino\Desktop\RKreport[0]_SC_02102014_160312.txt
2014-02-10 16:02 - 2014-02-10 16:02 - 00003115 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_160220.txt
2014-02-10 15:51 - 2014-02-10 15:51 - 00003239 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_155106.txt
2014-02-10 15:50 - 2014-02-10 15:50 - 00003089 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_155057.txt
2014-02-10 15:42 - 2014-02-10 15:42 - 00003172 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_154223.txt
2014-02-10 15:41 - 2014-02-10 15:41 - 00003020 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_154125.txt
2014-02-10 15:39 - 2014-02-10 15:39 - 00003309 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_153912.txt
2014-02-10 15:39 - 2014-02-10 15:39 - 00002136 _____ () C:\Users\Shino\Desktop\RKreport[0]_SC_02102014_153926.txt
2014-02-10 15:38 - 2014-02-10 15:38 - 00003146 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_153846.txt
2014-02-10 15:35 - 2014-02-10 16:03 - 00000000 ____D () C:\Users\Shino\Desktop\RK_Quarantine
2014-02-10 15:34 - 2014-02-10 15:34 - 03809792 _____ () C:\Users\Shino\Desktop\RogueKiller.exe
2014-02-10 15:25 - 2014-02-10 15:25 - 00052030 _____ () C:\Users\Shino\Desktop\OTL.Txt
2014-02-10 15:25 - 2014-02-10 15:25 - 00047708 _____ () C:\Users\Shino\Desktop\Extras.Txt
2014-02-10 15:12 - 2014-02-10 15:14 - 00602112 _____ (OldTimer Tools) C:\Users\Shino\Desktop\OTL.exe
2014-02-10 14:58 - 2014-02-10 14:58 - 05180173 _____ (Swearware) C:\Users\Shino\Desktop\ComboFix.exe
2014-02-10 14:16 - 2014-02-10 14:16 - 00000000 ____D () C:\Users\Shino\AppData\Roaming\Malwarebytes
2014-02-09 12:28 - 2014-02-09 12:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla
2014-01-26 21:26 - 2014-02-06 23:23 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-26 05:35 - 2014-01-26 05:35 - 00006952 _____ () C:\Users\David\Documents\cc_20140126_053513.reg
2014-01-26 05:34 - 2014-01-26 05:34 - 00071600 _____ () C:\Users\David\Documents\cc_20140126_053359.reg

==================== One Month Modified Files and Folders =======

2014-02-13 17:58 - 2014-02-13 17:56 - 00013038 _____ () C:\Users\David\Desktop\FRST.txt
2014-02-13 17:58 - 2008-12-22 05:05 - 01187640 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 17:56 - 2014-02-12 07:41 - 00000000 ____D () C:\FRST
2014-02-13 17:55 - 2014-02-13 17:55 - 00000000 ____D () C:\Users\David\Desktop\FRST-OlderVersion
2014-02-13 17:55 - 2014-02-13 17:54 - 01141248 _____ (Farbar) C:\Users\David\Desktop\FRST.exe
2014-02-13 17:54 - 2010-12-20 21:04 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-02-13 17:50 - 2013-02-14 03:27 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 17:49 - 2006-11-02 22:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 17:49 - 2006-11-02 21:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 17:49 - 2006-11-02 21:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 08:22 - 2006-11-02 22:01 - 00032532 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-13 08:18 - 2013-02-14 03:28 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 07:37 - 2008-01-21 11:47 - 00066964 _____ () C:\Windows\PFRO.log
2014-02-13 07:27 - 2009-08-11 21:16 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3821291098-3813080071-2103431083-1000UA.job
2014-02-13 07:24 - 2012-04-02 23:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 14:30 - 2006-11-02 19:33 - 00703516 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 01:27 - 2009-08-11 21:16 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3821291098-3813080071-2103431083-1000Core.job
2014-02-11 00:31 - 2014-02-11 00:31 - 00000000 ____D () C:\_OTL
2014-02-10 16:03 - 2014-02-10 16:03 - 00003264 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_160304.txt
2014-02-10 16:03 - 2014-02-10 16:03 - 00002298 _____ () C:\Users\Shino\Desktop\RKreport[0]_SC_02102014_160312.txt
2014-02-10 16:03 - 2014-02-10 15:35 - 00000000 ____D () C:\Users\Shino\Desktop\RK_Quarantine
2014-02-10 16:02 - 2014-02-10 16:02 - 00003115 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_160220.txt
2014-02-10 15:51 - 2014-02-10 15:51 - 00003239 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_155106.txt
2014-02-10 15:50 - 2014-02-10 15:50 - 00003089 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_155057.txt
2014-02-10 15:42 - 2014-02-10 15:42 - 00003172 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_154223.txt
2014-02-10 15:41 - 2014-02-10 15:41 - 00003020 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_154125.txt
2014-02-10 15:39 - 2014-02-10 15:39 - 00003309 _____ () C:\Users\Shino\Desktop\RKreport[0]_D_02102014_153912.txt
2014-02-10 15:39 - 2014-02-10 15:39 - 00002136 _____ () C:\Users\Shino\Desktop\RKreport[0]_SC_02102014_153926.txt
2014-02-10 15:38 - 2014-02-10 15:38 - 00003146 _____ () C:\Users\Shino\Desktop\RKreport[0]_S_02102014_153846.txt
2014-02-10 15:34 - 2014-02-10 15:34 - 03809792 _____ () C:\Users\Shino\Desktop\RogueKiller.exe
2014-02-10 15:25 - 2014-02-10 15:25 - 00052030 _____ () C:\Users\Shino\Desktop\OTL.Txt
2014-02-10 15:25 - 2014-02-10 15:25 - 00047708 _____ () C:\Users\Shino\Desktop\Extras.Txt
2014-02-10 15:14 - 2014-02-10 15:12 - 00602112 _____ (OldTimer Tools) C:\Users\Shino\Desktop\OTL.exe
2014-02-10 14:58 - 2014-02-10 14:58 - 05180173 _____ (Swearware) C:\Users\Shino\Desktop\ComboFix.exe
2014-02-10 14:16 - 2014-02-10 14:16 - 00000000 ____D () C:\Users\Shino\AppData\Roaming\Malwarebytes
2014-02-10 08:16 - 2010-03-14 13:59 - 00000000 ____D () C:\Users\David\Documents\Anki
2014-02-09 12:28 - 2014-02-09 12:28 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla
2014-02-08 15:14 - 2009-05-22 01:01 - 00215552 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-07 02:55 - 2009-12-15 19:23 - 00000000 ____D () C:\Users\David\Documents\Admin
2014-02-06 23:23 - 2014-01-26 21:26 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-06 22:27 - 2012-04-02 23:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-06 22:27 - 2011-05-20 07:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-30 22:25 - 2012-08-14 09:57 - 00000750 _____ () C:\Users\Shino\Desktop\Anki.lnk
2014-01-30 22:25 - 2009-05-22 00:20 - 00000750 _____ () C:\Users\David\Desktop\Anki.lnk
2014-01-29 01:03 - 2009-12-15 19:23 - 00000000 ____D () C:\Users\David\Documents\Creative Writing
2014-01-29 00:48 - 2009-12-15 19:22 - 00000000 ___RD () C:\Users\David\Documents\Japanese language
2014-01-26 21:26 - 2009-05-22 00:52 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-01-26 21:26 - 2008-12-22 11:25 - 00000000 ____D () C:\Program Files\Google
2014-01-26 05:44 - 2013-10-24 23:26 - 00000000 ____D () C:\Users\David\Documents\Metaps
2014-01-26 05:40 - 2010-01-11 20:37 - 00000000 ____D () C:\Users\David\Documents\ebooks
2014-01-26 05:38 - 2009-05-21 22:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-26 05:37 - 2013-08-18 20:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-26 05:35 - 2014-01-26 05:35 - 00006952 _____ () C:\Users\David\Documents\cc_20140126_053513.reg
2014-01-26 05:34 - 2014-01-26 05:34 - 00071600 _____ () C:\Users\David\Documents\cc_20140126_053359.reg
2014-01-26 05:32 - 2009-05-22 00:18 - 00000000 ____D () C:\Program Files\Soulseek
2014-01-26 05:32 - 2006-11-02 19:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-26 05:30 - 2013-10-01 05:18 - 00000000 ____D () C:\ProgramData\WebEx
2014-01-26 05:30 - 2011-09-19 10:46 - 00000000 ____D () C:\Program Files\Sega Saturn

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-13 17:55

==================== End Of Log ============================

And Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by David at 2014-02-13 17:58:55
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft)
7-Zip 4.65 (Version: - )
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (Version: 9.5.4 - Adobe Systems Incorporated)
Anki (Version: - )
Apple Application Support (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (Version: - )
AVG 2012 (Version: 12.0.3697 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
AVG 2012 (Version: 2012.1.2247 - AVG Technologies)
BBC iPlayer Desktop (Version: 3.2.14 - British Broadcasting Corp.)
BBC iPlayer Desktop (Version: 3.2.14 - British Broadcasting Corp.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (Version: 1.00.0000 - Dell)
CCleaner (Version: 3.04 - Piriform)
Cisco EAP-FAST Module (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Best of Web (Version: 1.00.0000 - Dell)
Dell Dock (Version: 1.0.0 - Dell)
Dell Getting Started Guide (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card Utility (Version: 4.170.77.17 - Dell Inc.)
DVD Decrypter (Remove Only) (Version: - )
EDocs (Version: - )
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Talk Plugin (Version: 5.1.4.17398 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (Version: - )
Handbrake 0.9.4 (Version: 0.9.4 - )
Image Resizer for Windows (Version: 3.0.4442.6002 - Brice Lambson)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
iTunes (Version: 11.0.1.12 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 21 (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 7 (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.98.2 for Audacity (Version: - )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Partner (Version: 11.302.09.00.03 - Huawei Technologies Co.,Ltd)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PowerDVD (Version: 8.1 - Dell)
QuickSet (Version: 9.2.11 - Dell Inc.)
QuickTime (Version: 7.73.80.64 - Apple Inc.)
Real Alternative 1.9.0 Lite (Version: 1.9.0 - )
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.1 (Version: 6.1.129 - Skype Technologies S.A.)
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab CYRI (Version: 4.4.16.0 - Husdawg, LLC)
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
Veoh Video Compass (Version: 1.4.5.1004 - Veoh Networks, Inc.)
Veoh Web Player (Version: 1.1.3.1027 - Veoh Networks, Inc.)
VLC media player 0.9.9 (Version: 0.9.9 - VideoLAN Team)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (Version: - )

==================== Restore Points =========================

06-10-2013 13:39:10 Scheduled Checkpoint
10-10-2013 16:50:18 Windows Update
18-10-2013 13:00:32 Scheduled Checkpoint
14-11-2013 15:57:10 Windows Update
10-12-2013 14:11:34 Scheduled Checkpoint
12-12-2013 15:00:43 Windows Update
05-01-2014 11:32:33 Scheduled Checkpoint
25-01-2014 20:31:42 Windows Update

==================== Hosts content: ==========================

2006-11-02 19:23 - 2014-02-13 08:20 - 00450757 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1C5DB2D7-C173-4B9F-B3CF-4F0A54E10C67} - System32\Tasks\{3AB3E3FE-26D7-41A1-9C56-8CFDFE4B0975} => C:\Program Files\Skype\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {23B9B4EE-D082-424B-8F70-BDEAE8BD15FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-14] (Google Inc.)
Task: {2F876E63-014F-4388-9E28-1D3009FF3D78} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {388A83B3-F904-4362-B144-376096D3BD88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06] (Adobe Systems Incorporated)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {9B81C808-C205-418E-BFD1-DCC22E052ED1} - System32\Tasks\{DF4C4ECB-87FB-4633-967C-8B760F243109} => Iexplore.exe http://ui.skype.com/...led;madedefault
Task: {B2CD9072-D12E-4117-9E6A-A7555BB53790} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-14] (Google Inc.)
Task: {B7B07EA5-6236-49FE-B914-62FCB0CEE3BA} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: {D7B5EC93-9E8F-4E93-B5D1-5DD78564C3F3} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EAEE1B0A-95D7-49D2-A122-14DE2786A6BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3821291098-3813080071-2103431083-1000UA => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-11] (Google Inc.)
Task: {FCDF2EFA-CA89-4F2E-B48B-768A8BD20E05} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3821291098-3813080071-2103431083-1000Core => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3821291098-3813080071-2103431083-1000Core.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3821291098-3813080071-2103431083-1000UA.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => C:\Program Files\Dell Support Center\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2009-09-21 00:06 - 2009-08-16 17:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-19 23:27 - 2013-08-19 23:27 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\0e47927f23b2b510e83586cabb6dfa3e\VistaBridgeLibrary.ni.dll
2008-12-22 11:21 - 2008-11-20 19:19 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2014 05:49:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 07:38:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 07:14:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 03:20:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2014 02:34:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 05:46:09 PM) (Source: EventSystem) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/11/2014 02:49:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13198

Error: (02/11/2014 02:49:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13198

Error: (02/11/2014 02:49:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/11/2014 02:49:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10998


System errors:
=============
Error: (02/13/2014 05:55:03 PM) (Source: Dhcp) (User: )
Description: The IP address lease 10.255.132.239 for the Network Card with network address 00234E4BD2EE has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/13/2014 05:49:45 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.101 for the Network Card with network address 00234E4BD2EE has been denied by the DHCP server 10.255.132.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/13/2014 07:22:43 AM) (Source: Dhcp) (User: )
Description: The IP address lease 10.255.132.239 for the Network Card with network address 00234E4BD2EE has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/12/2014 03:20:02 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:44:07 on 2014/02/12 was unexpected.

Error: (02/12/2014 02:37:52 AM) (Source: Dhcp) (User: )
Description: The IP address lease 10.255.144.239 for the Network Card with network address 00234E4BD2EE has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/12/2014 02:34:18 AM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (02/12/2014 02:34:18 AM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058

Error: (02/11/2014 02:44:45 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (02/11/2014 02:44:45 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058

Error: (02/11/2014 02:35:43 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00234E4BD2EE. The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-02-13 17:58:23.047
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 17:58:22.657
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 17:58:22.189
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 17:58:21.799
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 07:48:37.371
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 07:48:37.059
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 07:48:36.747
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 07:48:36.435
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 07:48:36.107
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-13 07:48:35.795
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3033.63 MB
Available physical RAM: 1530.33 MB
Total Pagefile: 6295.54 MB
Available Pagefile: 4619.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.68 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:223.08 GB) (Free:2.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:4.55 GB) NTFS
Drive f: (SPINAL_TAP) (CDROM) (Total:4.37 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 92CD386F)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=223 GB) - (Type=07 NTFS)

==================== End Of Log ============================

And OST.txt:

OTL logfile created on: 13/02/2014 18:13:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 58.34% Memory free
6.15 Gb Paging File | 4.83 Gb Available in Paging File | 78.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 2.05 Gb Free Space | 0.92% Space Free | Partition Type: NTFS
Drive E: | 9.77 Gb Total Space | 4.55 Gb Free Space | 46.64% Space Free | Partition Type: NTFS
Drive F: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/13 18:12:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2013/03/12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/02/27 16:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/11/08 03:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2010/04/05 16:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 13:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/11 15:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 15:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/01/26 23:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/24 13:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/24 13:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/17 14:17:20 | 000,442,460 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/09/17 14:17:12 | 000,225,362 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\stacsv.exe
PRC - [2008/09/17 14:17:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe
PRC - [2008/08/27 15:29:00 | 001,662,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/05/24 05:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/08 08:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/08 08:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/11 21:21:32 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/11 08:16:02 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/08/19 23:28:16 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\7fd66554e201554f067d56ec2ea231bc\MenuSkinning.ni.dll
MOD - [2013/08/19 23:27:31 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\0e47927f23b2b510e83586cabb6dfa3e\VistaBridgeLibrary.ni.dll
MOD - [2013/08/19 23:27:28 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/08/19 23:27:26 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\9cc93eb4abb656108271027774b6b08a\DellDock.ni.exe
MOD - [2013/08/19 23:27:24 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\a7366c517a928f66691745f5c667d82f\MyDock.Util.ni.dll
MOD - [2013/08/19 23:27:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/19 23:27:09 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/19 22:37:15 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/19 22:36:17 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/19 22:32:40 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/11 21:39:33 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll
MOD - [2013/07/11 21:35:30 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/11/20 19:19:52 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2014/02/06 22:27:11 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2008/12/22 11:32:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/24 13:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/09/17 14:17:12 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\stacsv.exe -- (STacSV)
SRV - [2008/09/17 14:17:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/08 08:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/21 11:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/04/11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/10 03:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/08 03:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2010/04/15 13:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/12/13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/20 19:19:34 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/09/17 14:17:22 | 000,382,976 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/01/21 11:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/02/06 15:01:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2006/11/02 16:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=1081222
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=uk&ibd=1081222
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=1081222
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\David\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\David\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/11/15 23:28:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 16:37:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/05 02:21:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2014/02/13 08:20:05 | 000,450,757 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15475 more lines...
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.16.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32846F07-919A-4265-8EE6-C66020E22E3E}: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA901DA2-2ED6-4760-9490-C4D3003DF898}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 06:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1218f5dc-08c3-11e1-accf-0023ae04e481}\Shell - "" = AutoRun
O33 - MountPoints2\{1218f5dc-08c3-11e1-accf-0023ae04e481}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1218f5e9-08c3-11e1-accf-0023ae04e481}\Shell - "" = AutoRun
O33 - MountPoints2\{1218f5e9-08c3-11e1-accf-0023ae04e481}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/13 18:12:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2014/02/13 17:55:46 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\FRST-OlderVersion
[2014/02/13 17:54:51 | 001,141,248 | ---- | C] (Farbar) -- C:\Users\David\Desktop\FRST.exe
[2014/02/12 07:41:47 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/11 00:31:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/09 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Mozilla
[2014/01/26 21:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

========== Files - Modified Within 30 Days ==========

[2014/02/13 18:12:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2014/02/13 17:55:46 | 001,141,248 | ---- | M] (Farbar) -- C:\Users\David\Desktop\FRST.exe
[2014/02/13 17:54:00 | 153,260,190 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2014/02/13 17:50:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/13 17:49:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/13 17:49:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/13 17:49:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/13 17:49:35 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/13 08:20:05 | 000,450,757 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/02/13 08:18:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/13 07:27:40 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3821291098-3813080071-2103431083-1000UA.job
[2014/02/13 07:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/11 14:30:40 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/11 14:30:40 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/11 01:27:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3821291098-3813080071-2103431083-1000Core.job
[2014/02/08 15:14:35 | 000,215,552 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/06 23:23:27 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/30 22:25:03 | 000,000,750 | ---- | M] () -- C:\Users\David\Desktop\Anki.lnk
[2014/01/27 00:56:47 | 000,001,997 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/26 05:35:17 | 000,006,952 | ---- | M] () -- C:\Users\David\Documents\cc_20140126_053513.reg
[2014/01/26 05:34:15 | 000,071,600 | ---- | M] () -- C:\Users\David\Documents\cc_20140126_053359.reg

========== Files Created - No Company Name ==========

[2014/02/11 00:28:12 | 3181,760,512 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/26 21:26:39 | 000,001,997 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/26 21:26:39 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/26 05:35:15 | 000,006,952 | ---- | C] () -- C:\Users\David\Documents\cc_20140126_053513.reg
[2014/01/26 05:34:04 | 000,071,600 | ---- | C] () -- C:\Users\David\Documents\cc_20140126_053359.reg
[2009/11/24 18:36:20 | 000,005,972 | ---- | C] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2009/06/07 19:43:18 | 000,000,373 | ---- | C] () -- C:\Users\David\Documents - Shortcut.lnk
[2009/05/22 01:01:37 | 000,215,552 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 21:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 15:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 15:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/19 00:24:52 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.anki
[2010/01/01 14:24:58 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.matplotlib
[2011/10/21 00:28:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG2012
[2012/03/06 11:04:00 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/09/19 10:34:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DAEMON Tools Lite
[2009/05/26 10:35:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\FileZilla
[2010/02/21 11:18:08 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\HandBrake
[2009/09/21 00:11:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\mplayer
[2011/03/31 14:38:32 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\NCH Swift Sound
[2011/03/05 11:36:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PCDr

========== Purity Check ==========



< End of report >
  • 0

#18
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi Taurus76, :)

  • Step #4 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
    O33 - MountPoints2\{1218f5dc-08c3-11e1-accf-0023ae04e481}\Shell - "" = AutoRun
    O33 - MountPoints2\{1218f5dc-08c3-11e1-accf-0023ae04e481}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{1218f5e9-08c3-11e1-accf-0023ae04e481}\Shell - "" = AutoRun
    O33 - MountPoints2\{1218f5e9-08c3-11e1-accf-0023ae04e481}\Shell\AutoRun\command - "" = G:\AutoRun.exe

    :Commands
    [resethosts]
    [emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.

 

  • Step #5 Scan with Malwarebytes' Anti-Malware
  • Re-rum MBAM;
  • From the update tab, check for update and search for update and update it if an update is available.
  • Once the program has loaded, select Perform Quick Scan, then click Scan. The scan may take some time to finish, so please be patient.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
    Posted Image
  • Make sure that everything is checked, and click Remove Selected.
    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by Malwarebytes' Anti-Malware and can be viewed by clicking the Logs tab in the interface.
  • Copy and paste the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

  • Step #6 Run ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista / 7 users: You will need to to right-click on the either the Internet Explorer or Firefox icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
    • Please go here then click on: Posted Image

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

    • Select the option YES, I accept the Terms of Use then click on:Posted Image
    • When prompted allow the Add-On/Active X to install.
    • Uncheck the box beside Remove Found Threats
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.


When The Scan is Complete:

  • If No Threats Were Found:

    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here


Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

  • Required Log(s):
  • OTL Fix Log;
  • MBAM Log;
  • ESET Scan Log

Regards,
Valinorum
  • 0

#19
Taurus76

Taurus76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thanks again for all your help!

When I ran OTL the first time I got a message saying that it had stopped running for some reason. I used Task Manager to log off and then logged back on and ran it again and it seemed to run fine. Here is the log (about to run Malwarebytes and will post the log in a moment):

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
File C:\Program Files\AVG\AVG2012\avgssie.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1218f5dc-08c3-11e1-accf-0023ae04e481}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1218f5dc-08c3-11e1-accf-0023ae04e481}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1218f5dc-08c3-11e1-accf-0023ae04e481}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1218f5dc-08c3-11e1-accf-0023ae04e481}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1218f5e9-08c3-11e1-accf-0023ae04e481}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1218f5e9-08c3-11e1-accf-0023ae04e481}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1218f5e9-08c3-11e1-accf-0023ae04e481}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1218f5e9-08c3-11e1-accf-0023ae04e481}\ not found.
File G:\AutoRun.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 224429 bytes
->Temporary Internet Files folder emptied: 30554436 bytes
->Java cache emptied: 2078610 bytes
->Flash cache emptied: 15593004 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Shino
->Temp folder emptied: 54031 bytes
->Temporary Internet Files folder emptied: 5681053 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44687055 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1014823 bytes

Total Files Cleaned = 95.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02162014_220502

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#20
Taurus76

Taurus76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Malwarebytes didn't find any malicious items. Here is the log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.16.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [administrator]

16/02/2014 22:21:37
mbam-log-2014-02-16 (22-21-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237300
Time elapsed: 8 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#21
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Do the ESET scan and tell me how is the system running.
  • 0

#22
Taurus76

Taurus76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Apologies again for taking a little while to reply. ESET Online took a while to reply. The system seems to be running fine, but ESET Online found 3 threats. Here is the log:

C:\FRST\Quarantine\KB1948985.exe12-02-2014_03-16-51 Win32/LockScreen.BAN trojan
C:\Users\David\Downloads\cnet_DTLite4413-0173_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\David\Downloads\essetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
  • 0

#23
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi Taurus76, :)

The system seems to be running fine, but ESET Online found 3 threats. Here is the log:

One of them was already quarantined earlier. Let's address the other two.

  • Step #7 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]

    :Files
    C:\Users\David\Downloads\cnet_DTLite4413-0173_exe.exe
    C:\Users\David\Downloads\essetup.exe

  • Click on "Run Fix" and let the program run unhindered;

By looking at your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 

♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

Cleanup with Delfix
Please download DelFix by Xplode to your Desktop.
Download Link
  • Double-click to run the program;
    • Note: Windows Vista/7/8 users right-click and choose Run as administrator
  • Make sure that all the boxes are checked;
  • Click Run;
  • A log will be opened after the operation is finished;
  • Copy and Paste it in your next reply
[/list]
 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,
Valinorum
  • 0

#24
Taurus76

Taurus76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thanks again so much - I really appreciate your hard work.

In a moment I will update all of my software and protect my PC as directed; in the meantime, here is the Delfix log (you didn't ask to see the OTL log, but let me know if you want me to post it):

# DelFix v10.6 - Logfile created 18/02/2014 at 22:45:05
# Updated 11/11/2013 by Xplode
# Username : David - DAVID-PC
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\Users\David\Desktop\Addition.txt
Deleted : C:\Users\David\Desktop\Extras.Txt
Deleted : C:\Users\David\Desktop\FRST.exe
Deleted : C:\Users\David\Desktop\FRST.txt
Deleted : C:\Users\David\Desktop\OTL.Txt
Deleted : C:\Users\David\Desktop\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #511 [Scheduled Checkpoint | 10/18/2013 13:00:32]
Deleted : RP #512 [Windows Update | 11/14/2013 15:57:10]
Deleted : RP #513 [Scheduled Checkpoint | 12/10/2013 14:11:34]
Deleted : RP #514 [Windows Update | 12/12/2013 15:00:43]
Deleted : RP #515 [Scheduled Checkpoint | 01/05/2014 11:32:33]
Deleted : RP #516 [Windows Update | 01/25/2014 20:31:42]
Deleted : RP #517 [Windows Update | 02/13/2014 18:49:13]
Deleted : RP #518 [OTL Restore Point - 16/02/2014 21:54:59 | 02/16/2014 12:54:59]
Deleted : RP #519 [OTL Restore Point - 16/02/2014 22:05:14 | 02/16/2014 13:05:14]
Deleted : RP #520 [OTL Restore Point - 18/02/2014 22:27:05 | 02/18/2014 13:27:08]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
  • 0

#25
Taurus76

Taurus76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I have an update. I uninstalled AVG (my previous antivirus software) and downloaded one important Windows update. I then restarted my computer and tried to install Microsoft Security Essentials from your link using my regular browser (IE9). It told me that the file could not be downloaded. I tried restarting but still no joy. Then I tried downloading FileHippo and got the same message. I tried downloading various files and had the same problem. I turned off Windows Firewall in case that had anything to do with it but still no joy. Then I used Chrome to download and install Security Essentials and it's now running its initial scan (EDIT: which is now completed but didn't find anything), but I still can't download any files using IE9.

Edited by Taurus76, 18 February 2014 - 09:59 AM.

  • 0

Advertisements


#26
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Check on Tools > Internet Options > Security Tab > Custom level.. > Download > File download, ensure "Enable" is selected,
  • 0

#27
Taurus76

Taurus76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yep, it is selected but I still can't download files. I guess this is unconnected to the infection though so maybe I should try to find a solution elsewhere unless you suggest otherwise. Thanks again for all of your help!
  • 0

#28
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Can you reset IE setting after perusing here?

Edited by Valinorum, 19 February 2014 - 09:21 AM.

  • 0

#29
Taurus76

Taurus76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Still no luck. I tried resetting the Internet explorer settings; I made sure that the 'do not save encrypted files to disk' option was not checked; I tried re-installing and then re-uninstalling AVG: I tried uninstalling IE9 and then re-installing it. I had no problem downloading files with IE7, but upon re-installing, IE9 still fails to download files (although actually sometimes the files DO download, either completely or partially, to wherever I have set them to download; but the message in IE9 remains the same). I intend to re-run the ESET Online Scanner this evening just in case it picks anything up (having come across someone who had a similar problem who found something using ESET). Other than that I'm a little stumped. It seems to be a bit of a thing though. I guess I should just get my skates on and buy a new laptop.
  • 0

#30
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Do you still have IE7?
Disable one add-on at a time and check if this issue is caused by any of the add-on.
  • Open Internet Explorer by clicking the Start button Posted Image. In the search box, type Internet Explorer, and then, in the list of results, click Internet Explorer.
  • Click the Tools button Posted Image, and then click Manage add-ons.
  • Under Show, click All add-ons.
  • Click an add-on, and then do one of the following:

    • To make the add-on available for use in the browser, click Enable.
    • To turn the add-on off so it can't be used in the browser, click Disable.
  • Repeat step 4 for each add-on that you want to turn on or off. When you're finished, click Close.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP