Solve : West Yorkshire Police Virus?

1.	Solve : West Yorkshire Police Virus?
Answer» Hi! We've got a laptop that's running Vista that has picked up a virus. There's a pop up stating it's from 'West Yorkshire Police' which covers the whole screen stating that the computer has been locked for illegal downloads and that we have to pay £100 to some moody pay site. I can access safe mode, but there doesn't seem to be a system restore point? I've run spybot search and destroy, malware bytes and hosecall through it and it's still there when I reboot the machine. Any ideas please? Thanks in advance Hi there! Download Farbar Recovery Scan Tool and save it to a flash drive. Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. How do I tell? Plug the flashdrive into the infected PC. Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Choose your language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. To enter System Recovery Options by using Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Choose your language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt [/list] Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst.exe and press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to the disclaimer. Place a check next to List Drivers MD5 as well as the default check marks that are already there Press Scan button. It will do its scan and save a log on your flash drive. Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below: When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive. Type exit in the Command Prompt window and reboot the computer normally FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply. Hi, thanks for your help so far! Logs on my flash drive are as follows; Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 29-08-2012 03 Ran by SYSTEM at 29-08-2012 20:27:12 Running from E:\ Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [ISTray] "C:\Program FILES\Spyware Doctor\pctsTray.exe" [1243088 2009-11-18] (PC Tools) HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM\...\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe [1229104 2012-08-23] (Anvisoft) HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\Default\...\RunOnce: [BurnImage] regsvr32 /s c:\windows\IMAPIShellExt.dll [720896 2008-08-28] (Dell Inc) HKU\Default User\...\RunOnce: [BurnImage] regsvr32 /s c:\windows\IMAPIShellExt.dll [720896 2008-08-28] (Dell Inc) HKU\Gemma\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKU\Gemma\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\Gemma\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation) HKU\Gemma\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.) HKU\Gemma\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKU\Gemma\...\Run: [WindowsCodecsExt] C:\Users\Gemma\AppData\Local\Microsoft\Windows\228\WindowsCodecsExt.exe [75264 2012-08-27] () Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X] Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ========================== Services (Whitelisted) ======================== 2 asdsrv; C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [686896 2012-08-23] (Anvisoft) 2 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.) 2 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-07] (AVG Technologies CZ, s.r.o.) 2 Browser Defender Update Service; "C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe" [112592 2010-01-21] (Threat Expert Ltd.) 2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.) 2 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [359624 2009-10-30] (PC Tools) 2 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1141712 2009-11-06] (PC Tools) 2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter ==================== Drivers (Whitelisted) =================== 3 alcan5wn; C:\Windows\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) 3 alcaudsl; C:\Windows\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) 1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [16208 2012-08-20] (Anvisoft) 2 asdrs; \??\C:\Windows\system32\DRIVERS\asdrs.sys [22864 2012-08-20] (Anvisoft) 2 asdws; \??\C:\Windows\system32\DRIVERS\asdws.sys [14160 2012-08-20] () 3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-21] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-09] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [28624 2011-02-09] (AVG Technologies CZ, s.r.o. ) 1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-06] (AVG Technologies CZ, s.r.o.) 1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.) 0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.) 1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-04] (AVG Technologies CZ, s.r.o.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation) 0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [207792 2009-11-09] (PC Tools) 3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [86824 2009-03-25] (MCCI Corporation) 3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2009-03-25] (MCCI Corporation) 3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [114728 2009-03-25] (MCCI Corporation) 3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-25] (MCCI Corporation) 3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [26024 2009-03-25] (MCCI Corporation) 3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation) 3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [109864 2009-03-25] (MCCI Corporation) 3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys 3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS 3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys 3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms 3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys ==================== NetSvcs (Whitelisted) ================= ============ One Month Created Files and Folders ============== 2012-08-29 20:26 - 2012-08-29 20:26 - 00000000 ____D C:\FRST 2012-08-28 15:09 - 2012-08-28 15:10 - 00000000 ____D C:\Users\Gemma\AppData\Roaming\hellomoto 2012-08-28 11:42 - 2012-08-28 11:42 - 06954184 ____A C:\Users\Gemma\Downloads\spybotsd_includes.exe 2012-08-28 11:17 - 2012-08-28 11:17 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-28 11:15 - 2012-08-28 11:15 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Gemma\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-28 09:56 - 2012-08-28 10:25 - 00001458 ____A C:\Windows\System32\avgrep.txt 2012-08-28 07:11 - 2012-08-28 07:11 - 00000979 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk 2012-08-28 07:11 - 2012-08-28 07:11 - 00000000 ____D C:\Users\Gemma\AppData\Roaming\Anvisoft 2012-08-28 07:11 - 2012-08-28 07:11 - 00000000 ____D C:\Users\All Users\Anvisoft 2012-08-28 07:11 - 2012-08-28 07:11 - 00000000 ____D C:\Program Files\Anvisoft 2012-08-28 07:11 - 2012-08-20 01:23 - 00022864 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys 2012-08-28 07:11 - 2012-08-20 01:23 - 00016208 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys 2012-08-28 07:11 - 2012-08-20 01:23 - 00014160 ____A C:\Windows\System32\Drivers\asdws.sys 2012-08-28 07:08 - 2012-08-28 07:08 - 16680192 ____A C:\Users\Gemma\Downloads\asdsetup_16.exe 2012-08-28 07:01 - 2012-08-28 07:01 - 02002944 ____A (Trend Micro Inc.) C:\Users\Gemma\Downloads\HousecallLauncher(9).exe 2012-08-28 01:18 - 2012-08-28 01:19 - 00000000 ____D C:\Users\Gemma\AppData\Local\{94447B95-2C31-450D-9891-0A31668D3720} 2012-08-18 13:55 - 2012-08-18 13:56 - 00000000 ____D C:\Users\Gemma\AppData\Local\{D06149FA-5C31-4A05-99A9-E589DEF82FF1} 2012-08-18 13:55 - 2012-08-18 13:55 - 00000000 ____D C:\Users\Gemma\AppData\Local\{A6A552F1-E76C-45AB-858C-F45E67BE5CC3} 2012-08-17 14:20 - 2012-08-17 14:20 - 00000000 ____D C:\Users\Gemma\AppData\Local\{91E5961A-2EC3-4DD7-99C6-0481718275CC} 2012-08-17 14:03 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-17 14:03 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-17 14:03 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-17 14:03 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-17 14:03 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-17 14:02 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-17 14:02 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-17 14:02 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-17 14:02 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-17 14:02 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-17 14:02 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-17 14:02 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-17 14:02 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-17 14:02 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-17 14:01 - 2012-07-04 06:02 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-08-15 11:49 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-08-15 11:49 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll ============ 3 Months Modified Files ======================== 2012-08-29 11:00 - 2006-11-02 02:33 - 00706628 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-29 10:59 - 2009-11-22 04:01 - 00001356 ____A C:\Users\Gemma\AppData\Local\d3d9caps.dat 2012-08-28 22:16 - 2012-06-22 13:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-28 22:16 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-28 22:16 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-28 15:11 - 2008-08-26 11:04 - 01665058 ____A C:\Windows\WindowsUpdate.log 2012-08-28 15:06 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-28 14:58 - 2006-11-02 05:01 - 00032536 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-28 11:42 - 2012-08-28 11:42 - 06954184 ____A C:\Users\Gemma\Downloads\spybotsd_includes.exe 2012-08-28 11:17 - 2012-08-28 11:17 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-28 11:15 - 2012-08-28 11:15 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Gemma\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-28 10:25 - 2012-08-28 09:56 - 00001458 ____A C:\Windows\System32\avgrep.txt 2012-08-28 07:11 - 2012-08-28 07:11 - 00000979 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk 2012-08-28 07:10 - 2012-02-17 12:27 - 00326277 ____A C:\Users\Gemma\AppData\Local\census.cache 2012-08-28 07:10 - 2012-02-17 11:37 - 00185002 ____A C:\Users\Gemma\AppData\Local\ars.cache 2012-08-28 07:08 - 2012-08-28 07:08 - 16680192 ____A C:\Users\Gemma\Downloads\asdsetup_16.exe 2012-08-28 07:01 - 2012-08-28 07:01 - 02002944 ____A (Trend Micro Inc.) C:\Users\Gemma\Downloads\HousecallLauncher(9).exe 2012-08-28 01:13 - 2008-01-20 18:47 - 00144932 ____A C:\Windows\PFRO.log 2012-08-27 16:02 - 2010-06-14 13:12 - 00000402 ___AH C:\Windows\Tasks\Norton Security Scan for Gemma.job 2012-08-24 15:34 - 2008-09-15 11:47 - 00091648 ____A C:\Users\Gemma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-08-20 01:23 - 2012-08-28 07:11 - 00022864 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys 2012-08-20 01:23 - 2012-08-28 07:11 - 00016208 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys 2012-08-20 01:23 - 2012-08-28 07:11 - 00014160 ____A C:\Windows\System32\Drivers\asdws.sys 2012-08-17 14:15 - 2006-11-02 04:47 - 00381896 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-17 14:04 - 2006-11-02 02:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-08-14 10:52 - 2012-06-22 13:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-08-14 10:52 - 2011-05-15 08:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-07-12 12:26 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini 2012-07-07 09:48 - 2011-12-18 04:07 - 00013404 ____A C:\Users\Gemma\Desktop\Ebay.xlsx 2012-07-07 09:32 - 2012-07-07 09:32 - 00812368 ____A (PortableApps.com) C:\Users\Gemma\Downloads\SkypePortable_5.10.0.115_online.paf.exe 2012-07-07 09:22 - 2012-07-07 09:22 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Gemma\Downloads\SkypeSetup(1).exe 2012-07-04 06:02 - 2012-08-17 14:01 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-03 04:46 - 2011-05-14 10:41 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-29 08:01 - 2012-08-15 11:49 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-06-28 16:52 - 2012-08-17 14:02 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-28 16:27 - 2012-08-17 14:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-28 16:16 - 2012-08-17 14:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-28 16:09 - 2012-08-17 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-28 16:09 - 2012-08-17 14:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-28 16:08 - 2012-08-17 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-28 16:07 - 2012-08-17 14:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-28 16:06 - 2012-08-17 14:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-28 16:04 - 2012-08-17 14:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-28 16:04 - 2012-08-17 14:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-28 16:01 - 2012-08-17 14:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-28 16:01 - 2012-08-17 14:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-28 16:00 - 2012-08-17 14:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-28 15:57 - 2012-08-17 14:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-15 10:09 - 2012-06-15 10:09 - 02002320 ____A (Trend Micro Inc.) C:\Users\Gemma\Downloads\HousecallLauncher(.exe 2012-06-08 09:47 - 2012-07-10 16:06 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-06 11:59 - 2012-06-06 11:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX 2012-06-05 08:47 - 2012-07-10 16:06 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 08:47 - 2012-07-10 16:06 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-04 07:26 - 2012-07-10 16:06 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-02 14:19 - 2012-06-21 11:34 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 11:34 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 11:34 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 11:34 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 11:34 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:12 - 2012-06-21 11:34 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:12 - 2012-06-21 11:34 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 06:19 - 2012-06-21 11:33 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 06:12 - 2012-06-21 11:33 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 16:04 - 2012-07-10 16:06 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 16:03 - 2012-07-10 16:06 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 01:53 - 2006-11-02 04:52 - 00104975 ____A C:\Windows\setupact.log ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is LEGIT C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 2037.31 MB Available physical RAM: 1683.78 MB Total Pagefile: 1970.94 MB Available Pagefile: 1846.59 MB Total Virtual: 2047.88 MB Available Virtual: 1975.56 MB ==================== Partitions ============================ 1 Drive c: (OS) (Fixed) (Total:99.19 GB) (Free:59.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive e: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT32 4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.15 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 112 GB 0 B Disk 1 Online 965 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 102 MB 32 KB Partition 2 Primary 10 GB 102 MB Partition 3 Primary 99 GB 10 GB Partition 0 Extended 2560 MB 109 GB Partition 4 Logical 2559 MB 109 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 102 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 X RECOVERY NTFS Partition 10 GB Healthy Boot ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 99 GB Healthy ================================================================================== Disk: 0 Partition 4 Type : DD Hidden: Yes Active: No There is no volume associated with this partition. ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 965 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E FAT32 Removable 965 MB Healthy ================================================================================== Last Boot: 2012-08-28 15:13 ==================== End Of Log ============================= Where would I find the other data log? I've SEARCHED on the laptop and can't find it?That's okay. Let's go to Safe Mode with Networking... ComboFix Please download ComboFix by sUBs From BleepingComputer.com Please save the file to your Desktop, but rename it first to svchost.exe [SIZE=14]Important information about ComboFix[/SIZE] Before the download: Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access. It is important to rename ComboFix before the download. Please do not rename ComboFix to other names, but only the one indicated. After the download: Close any open browsers. Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished. If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection. Running ComboFix: Double click on svchost.exe & follow the prompts. It will attempt to install the Recovery Console: When ComboFix finishes, it will produce a report for you. Please post the "C:\Combo-Fix.txt" in your next reply. [SIZE=14]Troubleshooting ComboFix[/SIZE] Safe Mode: If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there. (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode.") Re-downloading: If this doesn't work either, try the same method (above method), but try to download it again, except name ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe. Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe. NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Hi and thanks again, I have the following ComboFix 12-08-30.05 - Gemma 31/08/2012 10:22:06.1.1 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1433 [GMT 1:00] Running from: c:\users\Gemma\Desktop\svchost.exe.exe SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Gemma\AppData\Local\{42545D07-923E-4CDB-922B-2BB467D52D64} c:\users\Gemma\AppData\Local\{42545D07-923E-4CDB-922B-2BB467D52D64}\chrome.manifest c:\users\Gemma\AppData\Local\{42545D07-923E-4CDB-922B-2BB467D52D64}\chrome\content\_cfg.js c:\users\Gemma\AppData\Local\{42545D07-923E-4CDB-922B-2BB467D52D64}\chrome\content\overlay.xul c:\users\Gemma\AppData\Local\{42545D07-923E-4CDB-922B-2BB467D52D64}\install.rdf c:\users\Gemma\AppData\Local\qrly c:\users\Gemma\AppData\Roaming\6E3C.CA9 c:\users\Gemma\AppData\Roaming\Adobe\plugs c:\users\Gemma\AppData\Roaming\Adobe\shed . . ((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 ))))))))))))))))))))))))))))))) . . 2012-08-31 09:28 . 2012-08-31 09:28--------d-----w-c:\users\Default\AppData\Local\temp 2012-08-31 09:28 . 2012-08-31 09:28--------d-----w-c:\users\Gemma\AppData\Local\temp 2012-08-30 04:26 . 2012-08-30 04:26--------d-----w-C:\FRST 2012-08-28 23:09 . 2012-08-28 23:10--------d-----w-c:\users\Gemma\AppData\Roaming\hellomoto 2012-08-28 16:41 . 2012-08-28 16:41--------d-----w-C:\Temp 2012-08-28 15:11 . 2012-08-31 08:36--------d-----w-c:\users\Gemma\AppData\Roaming\Anvisoft 2012-08-28 15:11 . 2012-08-28 15:11--------d-----w-c:\programdata\Anvisoft 2012-08-28 15:11 . 2012-08-28 15:11--------d-----w-c:\program files\Anvisoft 2012-08-17 22:03 . 2012-06-29 01:00140920----a-w-c:\program files\Internet Explorer\sqmapi.dll 2012-08-17 22:03 . 2012-06-29 00:002382848----a-w-c:\windows\system32\mshtml.tlb 2012-08-17 22:03 . 2012-06-29 00:06194560----a-w-c:\program files\Internet Explorer\ieproxy.dll 2012-08-17 22:03 . 2012-06-29 00:06194048----a-w-c:\program files\Internet Explorer\IEShims.dll 2012-08-17 22:03 . 2012-06-29 00:04142848----a-w-c:\windows\system32\ieUnatt.exe 2012-08-17 22:02 . 2012-06-29 00:161800704----a-w-c:\windows\system32\jscript9.dll 2012-08-17 22:02 . 2012-06-29 00:091129472----a-w-c:\windows\system32\wininet.dll 2012-08-17 22:02 . 2012-06-29 01:00748664----a-w-c:\program files\Internet Explorer\iexplore.exe 2012-08-17 22:02 . 2012-06-29 00:10678912----a-w-c:\program files\Internet Explorer\iedvtool.dll 2012-08-17 22:02 . 2012-06-29 00:10387584----a-w-c:\program files\Internet Explorer\jsdbgui.dll 2012-08-17 22:02 . 2012-06-29 00:081427968----a-w-c:\windows\system32\inetcpl.cpl 2012-08-17 22:01 . 2012-07-04 14:022047488----a-w-c:\windows\system32\win32k.sys 2012-08-15 19:49 . 2012-05-11 15:57623616----a-w-c:\windows\system32\localspl.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-14 18:52 . 2012-06-22 21:02426184----a-w-c:\windows\system32\FlashPlayerApp.exe 2012-08-14 18:52 . 2011-05-15 16:3270344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 12:46 . 2011-05-14 18:4122344----a-w-c:\windows\system32\drivers\mbam.sys 2012-06-06 19:59 . 2012-06-06 19:591070152----a-w-c:\windows\system32\MSCOMCTL.OCX 2012-06-05 16:47 . 2012-07-11 00:061401856----a-w-c:\windows\system32\msxml6.dll 2012-06-05 16:47 . 2012-07-11 00:061248768----a-w-c:\windows\system32\msxml3.dll 2012-06-04 15:26 . 2012-07-11 00:06440704----a-w-c:\windows\system32\drivers\ksecdd.sys 2012-06-02 22:19 . 2012-06-21 19:3453784----a-w-c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 19:3445080----a-w-c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 19:3435864----a-w-c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 19:34577048----a-w-c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 19:341933848----a-w-c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 19:342422272----a-w-c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 19:3488576----a-w-c:\windows\system32\wudriver.dll 2012-06-02 14:19 . 2012-06-21 19:33171904----a-w-c:\windows\system32\wuwebv.dll 2012-06-02 14:12 . 2012-06-21 19:3333792----a-w-c:\windows\system32\wuapp.exe 2012-07-18 20:15 . 2011-05-28 22:48136672----a-w-c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "WindowsCodecsExt"="c:\users\Gemma\AppData\Local\Microsoft\Windows\228\WindowsCodecsExt.exe" [2012-08-28 75264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtU VREQ0gtNElKTUg&inst=NzctNjI0MDU1MjQ0LVRUKzEtVDUtVUNBTEwrMS1TVDErMi1 GUDkyKzYtQkFSOU8rMS1GTCs5LVhPMzYrMS1GOU 0xMEErMi1GOU0yKzEtRkwxMCsxLVhPMTArMTEtT ElDKzItRERUKzU4ODg5LUREMTBGKzEtU1 QxMEZBUFArMS1GMTBNMTJUQSsxLVUxMCsxLVZJU DEyKzEtRjEwTTEyUisxLUYxME0xMlIyKzEtQ0lE MTArMS1DSUQrMTA∏=90&ver=10.0.1424" [?] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-10-13 18:0916680----a-w-c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Gemma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk] path=c:\users\Gemma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk backup=c:\windows\pss\Dell Dock.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 01:0439792----a-w-c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2008-05-04 09:25167936----a-w-c:\program files\DellTPad\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2008-05-16 12:173444736----a-w-c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp] 2009-12-07 11:501584640----a-w-c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DACSMiniApp] 2007-07-24 11:20197888----a-w-c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:081259376----a-w-c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2008-02-29 04:1817920----a-w-c:\dell\E-Center\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25125952----a-w-c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 18:3630040----a-w-c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-03-06 07:58166424----a-w-c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-03-21 12:00174872----a-w-c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-03-06 07:58141848----a-w-c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-07-03 12:46973488----a-w-c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 17:504280184----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2007-12-21 09:58184320----a-w-c:\program files\Dell\MediaDirect\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-03-06 07:58133656----a-w-c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2007-11-12 11:07405504----a-w-c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-07-13 12:3317418928----a-r-c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2009-06-18 09:04772096----a-w-c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] 2004-01-26 10:38866816----a-w-c:\program files\Thomson\SpeedTouch USB\dragdiag.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 15:072260480--sha-r-c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 10:44248552----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-05-20 22:40202256----a-w-c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31247144----a-w-c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:231008184----a-w-c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe . . --- Other Services/Drivers In Memory --- . NewlyCreated - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 18:52] . 2012-08-28 c:\windows\Tasks\Norton Security Scan for Gemma.job - c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-26 01:45] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms} mWindow Title = Microsoft Internet Explorer Provided by Wanadoo uInternet Settings,ProxyOverride = uInternet Settings,ProxyServer = http=127.0.0.1:58343 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Gemma\AppData\Roaming\Mozilla\Firefox\Profiles\75cd0c58.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2 FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 58343 FF - prefs.js: network.proxy.type - 4 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . Toolbar-BigBitmap - (no file) Toolbar-SmallBitmap - (no file) HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-31 10:28 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ********************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-08-31 10:32:28 ComboFix-quarantined-files.txt 2012-08-31 09:32 . Pre-Run: 65,570,836,480 bytes free Post-Run: 66,023,469,056 bytes free . - - End Of File - - 3B5C74C0FDE1CAB09C16CC280DEE2D21 Please download aswMBR from here Save aswMBR.exe to your Desktop Double click aswMBR.exe to run it Click the Scan button to start the scan as illustrated below Note: Do not take action against any Rootkit entries until I have reviewed the log. Often there are false positives Once the scan finishes click Save log to save the log to your Desktop Copy and paste the contents of aswMBR.txt back here for review I've got the following aswMBR version 0.9.9.1665 COPYRIGHT(c) 2011 AVAST Software Run date: 2012-08-31 13:17:32 ----------------------------- 13:17:32.961 OS Version: Windows 6.0.6002 Service Pack 2 13:17:32.961 Number of processors: 1 586 0x1601 13:17:32.961 ComputerName: GEMMA-PC UserName: Gemma 13:17:50.433 Initialize success 13:18:08.717 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 13:18:08.717 Disk 0 Vendor: ST912081 3.AD Size: 114473MB BusType: 3 13:18:08.748 Disk 0 MBR read successfully 13:18:08.748 Disk 0 MBR scan 13:18:08.763 Disk 0 Windows VISTA default MBR code 13:18:08.779 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63 13:18:08.795 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 208896 13:18:08.810 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 101569 MB offset 21180416 13:18:08.810 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 229195776 13:18:08.888 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 229197824 13:18:08.919 Disk 0 scanning sectors +234438656 13:18:09.044 Disk 0 scanning C:\Windows\system32\drivers 13:18:16.220 Service scanning 13:18:38.591 Modules scanning 13:18:44.300 Disk 0 trace - called modules: 13:18:44.347 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 13:18:44.347 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b02f878] 13:18:44.363 3 CLASSPNP.SYS[8d9a78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a5c0030] 13:18:44.363 Scan finished successfully 13:41:27.849 Disk 0 MBR has been saved successfully to "C:\Users\Gemma\Desktop\MBR.dat" 13:41:27.865 The log file has been saved successfully to "C:\Users\Gemma\Desktop\aswMBR.txt" Thanks again, I appreciate your help!Excellent work! ESET Online Scan Please run a free online scan with the ESET Online Scanner Tick the box next to YES, I accept the Terms of Use Click Start When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it. Click Start or wait for the scanner to load. Make sure that the options Remove found threats and the option Scan unwanted applications are checked. Click Scan (This scan can take several hours, so please be patient) Once the scan is completed, there are a couple of things to keep in mind: 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window. 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window. Open the logfile from wherever you saved it Copy and paste the contents in your next reply. 7 threats found C:\Users\Gemma\AppData\Local\Microsoft\Windows\228\WindowsCodecsExt.exea variant of Win32/Kryptik.ALBD trojancleaned by deleting - quarantined C:\Users\Gemma\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120217225646367.rsc_tmpmultiple threatsdeleted - quarantined C:\Users\Gemma\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120217231620925.rscmultiple threatsdeleted - quarantined C:\Users\Gemma\AppData\Roaming\B4414EE8A7520B62EDE608ED711EDA7A\enemies-names.txtWin32/Adware.AntimalwareDoctor.AE.Gen applicationcleaned by deleting - quarantined C:\Users\Gemma\AppData\Roaming\B4414EE8A7520B62EDE608ED711EDA7A\local.iniWin32/Adware.AntimalwareDoctor.AE.Gen applicationcleaned by deleting - quarantined C:\Users\Gemma\Downloads\BitZipper50TrialSetupEn.exea variant of Win32/InstallIQ applicationcleaned by deleting - quarantined C:\Users\Gemma\Downloads\BitZipperH2010.v8326484.TrialSetupEn.exea variant of Win32/InstallIQ applicationcleaned by deleting - quarantined ThanksAny more issues? We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here. Many of the things to note for us would be: Slow computer Error messages Fake antivirus alerts or the icon in the system tray svchost.exe running at 100% System crashes or blue screen of death Sorry I was away for the weekend. All seems well thank you very much Is there a good free anti virus you can recommend? Thanks again!Let's clean up, then you will be able to see them. This is preventative measures to make sure you don't get infected again... Clean up System Restore Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back." To manually create a new Restore Point Go to Control Panel and select System and Maintenance Select System On the left select Advance System Settings and accept the warning if you get one Select System Protection Tab Select Create at the bottom Type in a name i.e. Clean Select Create Now we can purge the infected ones Go back to the System and Maintenance page Select Performance Information and Tools On the left select Open Disk Cleanup Select Files from all users and accept the warning if you get one In the drop down box select your main drive i.e. C For a few moments the system will make some calculations: Select the More Options tab In the System Restore and Shadow Backups select Clean up Select Delete on the pop up Select OK Select Delete Run OTC to remove our tools To remove all of the tools we used and the files and folders they created, please do the following: Please download OTC.exe by OldTimer: Save it to your Desktop. Double click OTC.exe. Click the CleanUp! button. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. Purge old temporary files Download CCleaner Slim and save it to your Desktop - Alternate download link When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe** Follow the prompts to install the program. * Double-click the CCleaner shortcut on the desktop to start the program. * Click on the Options block on the left, then choose Cookies. * Under Cookies to Delete, highlight any cookies you would like to retain permanently * Click the right arrow > to move them to the Cookies to Keep window. * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours * Click Cleaner on the left then Run Cleaner on the right to run the program. * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner Caution: Only use the Registry feature if you are very familiar with the registry. Always back up your registry before making any changes. Exit CCleaner after it has completed it's process. Security Check Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Answer»

Hi!

We've got a laptop that's running Vista that has picked up a virus. There's a pop up stating it's from 'West Yorkshire Police' which covers the whole screen stating that the computer has been locked for illegal downloads and that we have to pay £100 to some moody pay site.

I can access safe mode, but there doesn't seem to be a system restore point? I've run spybot search and destroy, malware bytes and hosecall through it and it's still there when I reboot the machine. Any ideas please?

Thanks in advance Hi there!

Download Farbar Recovery Scan Tool and save it to a flash drive.

Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. How do I tell?

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[/list]

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button. It will do its scan and save a log on your flash drive.
Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
Type exit in the Command Prompt window and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

Hi, thanks for your help so far!

Logs on my flash drive are as follows;

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 29-08-2012 03
Ran by SYSTEM at 29-08-2012 20:27:12
Running from E:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [ISTray] "C:\Program FILES\Spyware Doctor\pctsTray.exe" [1243088 2009-11-18] (PC Tools)
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe [2339168 2012-01-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe [1229104 2012-08-23] (Anvisoft)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Default\...\RunOnce: [BurnImage] regsvr32 /s c:\windows\IMAPIShellExt.dll [720896 2008-08-28] (Dell Inc)
HKU\Default User\...\RunOnce: [BurnImage] regsvr32 /s c:\windows\IMAPIShellExt.dll [720896 2008-08-28] (Dell Inc)
HKU\Gemma\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Gemma\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Gemma\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation)
HKU\Gemma\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Gemma\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Gemma\...\Run: [WindowsCodecsExt] C:\Users\Gemma\AppData\Local\Microsoft\Windows\228\WindowsCodecsExt.exe [75264 2012-08-27] ()
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

========================== Services (Whitelisted) ========================

2 asdsrv; C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [686896 2012-08-23] (Anvisoft)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-07] (AVG Technologies CZ, s.r.o.)
2 Browser Defender Update Service; "C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe" [112592 2010-01-21] (Threat Expert Ltd.)
2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [359624 2009-10-30] (PC Tools)
2 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1141712 2009-11-06] (PC Tools)
2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter

==================== Drivers (Whitelisted) ===================

3 alcan5wn; C:\Windows\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON)
3 alcaudsl; C:\Windows\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON)
1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [16208 2012-08-20] (Anvisoft)
2 asdrs; \??\C:\Windows\system32\DRIVERS\asdrs.sys [22864 2012-08-20] (Anvisoft)
2 asdws; \??\C:\Windows\system32\DRIVERS\asdws.sys [14160 2012-08-20] ()
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-21] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-09] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [28624 2011-02-09] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-06] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-04] (AVG Technologies CZ, s.r.o.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [207792 2009-11-09] (PC Tools)
3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [86824 2009-03-25] (MCCI Corporation)
3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2009-03-25] (MCCI Corporation)
3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [114728 2009-03-25] (MCCI Corporation)
3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [106208 2009-03-25] (MCCI Corporation)
3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [26024 2009-03-25] (MCCI Corporation)
3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [109864 2009-03-25] (MCCI Corporation)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys

3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS

3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys

3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms

3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys

==================== NetSvcs (Whitelisted) =================

============ One Month Created Files and Folders ==============

2012-08-29 20:26 - 2012-08-29 20:26 - 00000000 ____D C:\FRST
2012-08-28 15:09 - 2012-08-28 15:10 - 00000000 ____D C:\Users\Gemma\AppData\Roaming\hellomoto
2012-08-28 11:42 - 2012-08-28 11:42 - 06954184 ____A C:\Users\Gemma\Downloads\spybotsd_includes.exe
2012-08-28 11:17 - 2012-08-28 11:17 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-28 11:15 - 2012-08-28 11:15 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Gemma\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-28 09:56 - 2012-08-28 10:25 - 00001458 ____A C:\Windows\System32\avgrep.txt
2012-08-28 07:11 - 2012-08-28 07:11 - 00000979 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2012-08-28 07:11 - 2012-08-28 07:11 - 00000000 ____D C:\Users\Gemma\AppData\Roaming\Anvisoft
2012-08-28 07:11 - 2012-08-28 07:11 - 00000000 ____D C:\Users\All Users\Anvisoft
2012-08-28 07:11 - 2012-08-28 07:11 - 00000000 ____D C:\Program Files\Anvisoft
2012-08-28 07:11 - 2012-08-20 01:23 - 00022864 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys
2012-08-28 07:11 - 2012-08-20 01:23 - 00016208 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys
2012-08-28 07:11 - 2012-08-20 01:23 - 00014160 ____A C:\Windows\System32\Drivers\asdws.sys
2012-08-28 07:08 - 2012-08-28 07:08 - 16680192 ____A C:\Users\Gemma\Downloads\asdsetup_16.exe
2012-08-28 07:01 - 2012-08-28 07:01 - 02002944 ____A (Trend Micro Inc.) C:\Users\Gemma\Downloads\HousecallLauncher(9).exe
2012-08-28 01:18 - 2012-08-28 01:19 - 00000000 ____D C:\Users\Gemma\AppData\Local\{94447B95-2C31-450D-9891-0A31668D3720}
2012-08-18 13:55 - 2012-08-18 13:56 - 00000000 ____D C:\Users\Gemma\AppData\Local\{D06149FA-5C31-4A05-99A9-E589DEF82FF1}
2012-08-18 13:55 - 2012-08-18 13:55 - 00000000 ____D C:\Users\Gemma\AppData\Local\{A6A552F1-E76C-45AB-858C-F45E67BE5CC3}
2012-08-17 14:20 - 2012-08-17 14:20 - 00000000 ____D C:\Users\Gemma\AppData\Local\{91E5961A-2EC3-4DD7-99C6-0481718275CC}
2012-08-17 14:03 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-17 14:03 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-17 14:03 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-17 14:03 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-17 14:03 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-17 14:02 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-17 14:02 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-17 14:02 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-17 14:02 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-17 14:02 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-17 14:02 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-17 14:02 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-17 14:02 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-17 14:02 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-17 14:01 - 2012-07-04 06:02 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 11:49 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 11:49 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll

============ 3 Months Modified Files ========================

2012-08-29 11:00 - 2006-11-02 02:33 - 00706628 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-29 10:59 - 2009-11-22 04:01 - 00001356 ____A C:\Users\Gemma\AppData\Local\d3d9caps.dat
2012-08-28 22:16 - 2012-06-22 13:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-28 22:16 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-28 22:16 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-28 15:11 - 2008-08-26 11:04 - 01665058 ____A C:\Windows\WindowsUpdate.log
2012-08-28 15:06 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-28 14:58 - 2006-11-02 05:01 - 00032536 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-28 11:42 - 2012-08-28 11:42 - 06954184 ____A C:\Users\Gemma\Downloads\spybotsd_includes.exe
2012-08-28 11:17 - 2012-08-28 11:17 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-28 11:15 - 2012-08-28 11:15 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Gemma\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-28 10:25 - 2012-08-28 09:56 - 00001458 ____A C:\Windows\System32\avgrep.txt
2012-08-28 07:11 - 2012-08-28 07:11 - 00000979 ____A C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2012-08-28 07:10 - 2012-02-17 12:27 - 00326277 ____A C:\Users\Gemma\AppData\Local\census.cache
2012-08-28 07:10 - 2012-02-17 11:37 - 00185002 ____A C:\Users\Gemma\AppData\Local\ars.cache
2012-08-28 07:08 - 2012-08-28 07:08 - 16680192 ____A C:\Users\Gemma\Downloads\asdsetup_16.exe
2012-08-28 07:01 - 2012-08-28 07:01 - 02002944 ____A (Trend Micro Inc.) C:\Users\Gemma\Downloads\HousecallLauncher(9).exe
2012-08-28 01:13 - 2008-01-20 18:47 - 00144932 ____A C:\Windows\PFRO.log
2012-08-27 16:02 - 2010-06-14 13:12 - 00000402 ___AH C:\Windows\Tasks\Norton Security Scan for Gemma.job
2012-08-24 15:34 - 2008-09-15 11:47 - 00091648 ____A C:\Users\Gemma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-20 01:23 - 2012-08-28 07:11 - 00022864 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys
2012-08-20 01:23 - 2012-08-28 07:11 - 00016208 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys
2012-08-20 01:23 - 2012-08-28 07:11 - 00014160 ____A C:\Windows\System32\Drivers\asdws.sys
2012-08-17 14:15 - 2006-11-02 04:47 - 00381896 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-17 14:04 - 2006-11-02 02:24 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-08-14 10:52 - 2012-06-22 13:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-14 10:52 - 2011-05-15 08:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-12 12:26 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini
2012-07-07 09:48 - 2011-12-18 04:07 - 00013404 ____A C:\Users\Gemma\Desktop\Ebay.xlsx
2012-07-07 09:32 - 2012-07-07 09:32 - 00812368 ____A (PortableApps.com) C:\Users\Gemma\Downloads\SkypePortable_5.10.0.115_online.paf.exe
2012-07-07 09:22 - 2012-07-07 09:22 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Gemma\Downloads\SkypeSetup(1).exe
2012-07-04 06:02 - 2012-08-17 14:01 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-03 04:46 - 2011-05-14 10:41 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-29 08:01 - 2012-08-15 11:49 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-06-28 16:52 - 2012-08-17 14:02 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 16:27 - 2012-08-17 14:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 16:16 - 2012-08-17 14:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 16:09 - 2012-08-17 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 16:09 - 2012-08-17 14:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 16:08 - 2012-08-17 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 16:07 - 2012-08-17 14:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 16:06 - 2012-08-17 14:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 16:04 - 2012-08-17 14:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 16:04 - 2012-08-17 14:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 16:01 - 2012-08-17 14:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 16:01 - 2012-08-17 14:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 16:00 - 2012-08-17 14:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 15:57 - 2012-08-17 14:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-15 10:09 - 2012-06-15 10:09 - 02002320 ____A (Trend Micro Inc.) C:\Users\Gemma\Downloads\HousecallLauncher(.exe
2012-06-08 09:47 - 2012-07-10 16:06 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 11:59 - 2012-06-06 11:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX
2012-06-05 08:47 - 2012-07-10 16:06 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-10 16:06 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-10 16:06 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-21 11:34 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 11:34 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:34 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 11:34 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 11:34 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 11:34 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 11:34 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 11:33 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:12 - 2012-06-21 11:33 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 16:04 - 2012-07-10 16:06 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-10 16:06 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 01:53 - 2006-11-02 04:52 - 00104975 ____A C:\Windows\setupact.log

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is LEGIT
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 2037.31 MB
Available physical RAM: 1683.78 MB
Total Pagefile: 1970.94 MB
Available Pagefile: 1846.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.56 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:99.19 GB) (Free:59.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT32
4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.15 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B
Disk 1 Online 965 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 102 MB 32 KB
Partition 2 Primary 10 GB 102 MB
Partition 3 Primary 99 GB 10 GB
Partition 0 Extended 2560 MB 109 GB
Partition 4 Logical 2559 MB 109 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 102 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 10 GB Healthy Boot

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 99 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : DD
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 965 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT32 Removable 965 MB Healthy

==================================================================================

Last Boot: 2012-08-28 15:13

==================== End Of Log =============================

Where would I find the other data log? I've SEARCHED on the laptop and can't find it?That's okay. Let's go to Safe Mode with Networking...

ComboFix

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

[SIZE=14]Important information about ComboFix[/SIZE]

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

[SIZE=14]Troubleshooting ComboFix[/SIZE]

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Hi and thanks again, I have the following

ComboFix 12-08-30.05 - Gemma 31/08/2012 10:22:06.1.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1433 [GMT 1:00]
Running from: c:\users\Gemma\Desktop\svchost.exe.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gemma\AppData\Local\{42545D07-923E-4CDB-922B-2BB467D52D64}
c:\users\Gemma\AppData\Local\{42545D07-923E-4CDB-922B-2BB467D52D64}\chrome.manifest
c:\users\Gemma\AppData\Local\{42545D07-923E-4CDB-922B-2BB467D52D64}\chrome\content\_cfg.js
c:\users\Gemma\AppData\Local\{42545D07-923E-4CDB-922B-2BB467D52D64}\chrome\content\overlay.xul
c:\users\Gemma\AppData\Local\{42545D07-923E-4CDB-922B-2BB467D52D64}\install.rdf
c:\users\Gemma\AppData\Local\qrly
c:\users\Gemma\AppData\Roaming\6E3C.CA9
c:\users\Gemma\AppData\Roaming\Adobe\plugs
c:\users\Gemma\AppData\Roaming\Adobe\shed
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 09:28 . 2012-08-31 09:28--------d-----w-c:\users\Default\AppData\Local\temp
2012-08-31 09:28 . 2012-08-31 09:28--------d-----w-c:\users\Gemma\AppData\Local\temp
2012-08-30 04:26 . 2012-08-30 04:26--------d-----w-C:\FRST
2012-08-28 23:09 . 2012-08-28 23:10--------d-----w-c:\users\Gemma\AppData\Roaming\hellomoto
2012-08-28 16:41 . 2012-08-28 16:41--------d-----w-C:\Temp
2012-08-28 15:11 . 2012-08-31 08:36--------d-----w-c:\users\Gemma\AppData\Roaming\Anvisoft
2012-08-28 15:11 . 2012-08-28 15:11--------d-----w-c:\programdata\Anvisoft
2012-08-28 15:11 . 2012-08-28 15:11--------d-----w-c:\program files\Anvisoft
2012-08-17 22:03 . 2012-06-29 01:00140920----a-w-c:\program files\Internet Explorer\sqmapi.dll
2012-08-17 22:03 . 2012-06-29 00:002382848----a-w-c:\windows\system32\mshtml.tlb
2012-08-17 22:03 . 2012-06-29 00:06194560----a-w-c:\program files\Internet Explorer\ieproxy.dll
2012-08-17 22:03 . 2012-06-29 00:06194048----a-w-c:\program files\Internet Explorer\IEShims.dll
2012-08-17 22:03 . 2012-06-29 00:04142848----a-w-c:\windows\system32\ieUnatt.exe
2012-08-17 22:02 . 2012-06-29 00:161800704----a-w-c:\windows\system32\jscript9.dll
2012-08-17 22:02 . 2012-06-29 00:091129472----a-w-c:\windows\system32\wininet.dll
2012-08-17 22:02 . 2012-06-29 01:00748664----a-w-c:\program files\Internet Explorer\iexplore.exe
2012-08-17 22:02 . 2012-06-29 00:10678912----a-w-c:\program files\Internet Explorer\iedvtool.dll
2012-08-17 22:02 . 2012-06-29 00:10387584----a-w-c:\program files\Internet Explorer\jsdbgui.dll
2012-08-17 22:02 . 2012-06-29 00:081427968----a-w-c:\windows\system32\inetcpl.cpl
2012-08-17 22:01 . 2012-07-04 14:022047488----a-w-c:\windows\system32\win32k.sys
2012-08-15 19:49 . 2012-05-11 15:57623616----a-w-c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 18:52 . 2012-06-22 21:02426184----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-08-14 18:52 . 2011-05-15 16:3270344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 12:46 . 2011-05-14 18:4122344----a-w-c:\windows\system32\drivers\mbam.sys
2012-06-06 19:59 . 2012-06-06 19:591070152----a-w-c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 00:061401856----a-w-c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 00:061248768----a-w-c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 00:06440704----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 19:3453784----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:3445080----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:3435864----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:34577048----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 19:341933848----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 19:342422272----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 19:3488576----a-w-c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 19:33171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-21 19:3333792----a-w-c:\windows\system32\wuapp.exe
2012-07-18 20:15 . 2011-05-28 22:48136672----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WindowsCodecsExt"="c:\users\Gemma\AppData\Local\Microsoft\Windows\228\WindowsCodecsExt.exe" [2012-08-28 75264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtU
VREQ0gtNElKTUg&inst=NzctNjI0MDU1MjQ0LVRUKzEtVDUtVUNBTEwrMS1TVDErMi1
GUDkyKzYtQkFSOU8rMS1GTCs5LVhPMzYrMS1GOU 0xMEErMi1GOU0yKzEtRkwxMCsxLVhPMTArMTEtT ElDKzItRERUKzU4ODg5LUREMTBGKzEtU1
QxMEZBUFArMS1GMTBNMTJUQSsxLVUxMCsxLVZJU DEyKzEtRjEwTTEyUisxLUYxME0xMlIyKzEtQ0lE MTArMS1DSUQrMTA∏=90&ver=10.0.1424" [?]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-10-13 18:0916680----a-w-c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Gemma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Gemma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:0439792----a-w-c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-05-04 09:25167936----a-w-c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-05-16 12:173444736----a-w-c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2009-12-07 11:501584640----a-w-c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DACSMiniApp]
2007-07-24 11:20197888----a-w-c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:081259376----a-w-c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:1817920----a-w-c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25125952----a-w-c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 18:3630040----a-w-c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-03-06 07:58166424----a-w-c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 12:00174872----a-w-c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-03-06 07:58141848----a-w-c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-07-03 12:46973488----a-w-c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 17:504280184----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 09:58184320----a-w-c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-06 07:58133656----a-w-c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-11-12 11:07405504----a-w-c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 12:3317418928----a-r-c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2009-06-18 09:04772096----a-w-c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2004-01-26 10:38866816----a-w-c:\program files\Thomson\SpeedTouch USB\dragdiag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:072260480--sha-r-c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44248552----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-20 22:40202256----a-w-c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31247144----a-w-c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:231008184----a-w-c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 18:52]
.
2012-08-28 c:\windows\Tasks\Norton Security Scan for Gemma.job
- c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-26 01:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
mWindow Title = Microsoft Internet Explorer Provided by Wanadoo
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:58343
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Gemma\AppData\Roaming\Mozilla\Firefox\Profiles\75cd0c58.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58343
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-BigBitmap - (no file)
Toolbar-SmallBitmap - (no file)
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-31 10:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-31 10:32:28
ComboFix-quarantined-files.txt 2012-08-31 09:32
.
Pre-Run: 65,570,836,480 bytes free
Post-Run: 66,023,469,056 bytes free
.
- - End Of File - - 3B5C74C0FDE1CAB09C16CC280DEE2D21
Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

I've got the following

aswMBR version 0.9.9.1665 COPYRIGHT(c) 2011 AVAST Software
Run date: 2012-08-31 13:17:32
-----------------------------
13:17:32.961 OS Version: Windows 6.0.6002 Service Pack 2
13:17:32.961 Number of processors: 1 586 0x1601
13:17:32.961 ComputerName: GEMMA-PC UserName: Gemma
13:17:50.433 Initialize success
13:18:08.717 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:18:08.717 Disk 0 Vendor: ST912081 3.AD Size: 114473MB BusType: 3
13:18:08.748 Disk 0 MBR read successfully
13:18:08.748 Disk 0 MBR scan
13:18:08.763 Disk 0 Windows VISTA default MBR code
13:18:08.779 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
13:18:08.795 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 208896
13:18:08.810 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 101569 MB offset 21180416
13:18:08.810 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 229195776
13:18:08.888 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 229197824
13:18:08.919 Disk 0 scanning sectors +234438656
13:18:09.044 Disk 0 scanning C:\Windows\system32\drivers
13:18:16.220 Service scanning
13:18:38.591 Modules scanning
13:18:44.300 Disk 0 trace - called modules:
13:18:44.347 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
13:18:44.347 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b02f878]
13:18:44.363 3 CLASSPNP.SYS[8d9a78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a5c0030]
13:18:44.363 Scan finished successfully
13:41:27.849 Disk 0 MBR has been saved successfully to "C:\Users\Gemma\Desktop\MBR.dat"
13:41:27.865 The log file has been saved successfully to "C:\Users\Gemma\Desktop\aswMBR.txt"

Thanks again, I appreciate your help!Excellent work!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
Click Start or wait for the scanner to load.
Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, there are a couple of things to keep in mind:
1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
Open the logfile from wherever you saved it
Copy and paste the contents in your next reply.

7 threats found

C:\Users\Gemma\AppData\Local\Microsoft\Windows\228\WindowsCodecsExt.exea variant of Win32/Kryptik.ALBD trojancleaned by deleting - quarantined
C:\Users\Gemma\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120217225646367.rsc_tmpmultiple threatsdeleted - quarantined
C:\Users\Gemma\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120217231620925.rscmultiple threatsdeleted - quarantined
C:\Users\Gemma\AppData\Roaming\B4414EE8A7520B62EDE608ED711EDA7A\enemies-names.txtWin32/Adware.AntimalwareDoctor.AE.Gen applicationcleaned by deleting - quarantined
C:\Users\Gemma\AppData\Roaming\B4414EE8A7520B62EDE608ED711EDA7A\local.iniWin32/Adware.AntimalwareDoctor.AE.Gen applicationcleaned by deleting - quarantined
C:\Users\Gemma\Downloads\BitZipper50TrialSetupEn.exea variant of Win32/InstallIQ applicationcleaned by deleting - quarantined
C:\Users\Gemma\Downloads\BitZipperH2010.v8326484.TrialSetupEn.exea variant of Win32/InstallIQ applicationcleaned by deleting - quarantined

ThanksAny more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

Sorry I was away for the weekend. All seems well thank you very much

Is there a good free anti virus you can recommend?

Thanks again!Let's clean up, then you will be able to see them. This is preventative measures to make sure you don't get infected again...

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive i.e. C
For a few moments the system will make some calculations:

Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Solve : West Yorkshire Police Virus?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment