Best Video Downloader

[dominicb]

Hi all

I think I have some infections on my system - I suspect the Best Video Downloader which keeps on opening a tab within my Firefox browser, and maybe something else judging by the recent slow-down in performance.

I have followed the instructions in this thread and run the four utilities. The first MalWare bytes scan found and quarantined 7 infections - I have attached the log from a subsequent scan which came up clean.

Can someone help out and have a look at the log files?

Thanks for any assistance.

DominicB

OTL Logfile
OTL logfile created on: 05/05/2014 19:30:04 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dominic\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 75.36% Memory free
6.50 Gb Paging File | 5.52 Gb Available in Paging File | 84.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 234.95 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive H: | 1.86 Gb Total Space | 0.80 Gb Free Space | 42.97% Space Free | Partition Type: FAT

Computer Name: DOMINIC-PC | User Name: Main | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dominic\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\VIA\VIAudioi\VDeck\skin.dll ()
MOD - C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (RoxWatch12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe (Sonic Solutions)
SRV - (RoxMediaDB12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe (Sonic Solutions)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()


========== Driver Services (SafeList) ==========

DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (dvdfab) -- C:\Windows\System32\drivers\dvdfab.sys (Fengtao Software Inc.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (SaibVd32) -- C:\Windows\System32\drivers\SaibVd32.sys (Sonic Solutions)
DRV - (SahdIa32) -- C:\Windows\System32\drivers\SahdIa32.sys (Sonic Solutions)
DRV - (SaibIa32) -- C:\Windows\System32\drivers\SaibIa32.sys (Sonic Solutions)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 3A 7E 7A 9E B6 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1426
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1426
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/25 09:25:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/16 09:53:24 | 000,000,000 | ---D | M]

[2011/04/09 07:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main\AppData\Roaming\Mozilla\Extensions
[2014/05/05 15:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\e686qe6k.default\extensions
[2013/11/16 09:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/16 09:53:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/07/25 09:25:47 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe (Sonic Solutions)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92D60735-9CEF-4C33-9A06-BE7F107CB6E5}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/05 15:33:52 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/05 15:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/05 15:33:36 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/05/05 15:33:36 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/05/05 15:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/05/05 15:17:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/04 11:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2014/05/04 11:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer
[2014/04/20 12:15:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2014/04/20 12:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2014/04/20 12:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2014/04/20 12:09:05 | 000,000,000 | ---D | C] -- C:\Users\Main\AppData\Local\Downloaded Installations
[2014/04/13 16:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/05 19:26:38 | 000,018,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/05 19:26:38 | 000,018,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/05 19:25:07 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/05 19:25:07 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/05 19:18:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/05 19:18:36 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/05 15:34:49 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/05 15:34:38 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/04 11:35:00 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2014/05/04 11:30:49 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/04 11:30:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2014/04/27 18:35:45 | 160,622,401 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/04 11:35:00 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2013/03/28 18:58:12 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/09/27 18:26:44 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2011/05/01 18:07:45 | 000,002,692 | -HS- | C] () -- C:\ProgramData\5oh7603awd86
[2011/03/26 00:59:25 | 000,001,230 | RHS- | C] () -- C:\Users\Main\ntuser.pol
[2010/05/14 20:19:24 | 000,000,080 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/21 08:44:50 | 000,000,000 | ---D | M] -- C:\Users\Main\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:FB1B13D8

< End of report >

 

[johnb35]

Lets get a better look at whats going on here. Please do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:

The ComboFix log

 

[dominicb]

johnb35

Thanks so much for the offer of further assistance. The ComboFix log is attached below.

Thanks

DominicB



ComboFix 14-05-05.01 - Main 05/05/2014 20:40:41.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3327.2378 [GMT 1:00]
Running from: c:\users\Dominic\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
.
.
((((((((((((((((((((((((( Files Created from 2014-04-05 to 2014-05-05 )))))))))))))))))))))))))))))))
.
.
2014-05-05 19:46 . 2014-05-05 19:48 -------- d-----w- c:\users\Main\AppData\Local\temp
2014-05-05 19:46 . 2014-05-05 19:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-05-05 19:46 . 2014-05-05 19:46 -------- d-----w- c:\users\Dominic\AppData\Local\temp
2014-05-05 19:46 . 2014-05-05 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-05 19:46 . 2014-05-05 19:46 -------- d-----w- c:\users\HomeNetwork\AppData\Local\temp
2014-05-05 19:46 . 2014-05-05 19:46 -------- d-----w- c:\users\HomeGroup\AppData\Local\temp
2014-05-05 14:33 . 2014-05-05 14:34 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-05 14:33 . 2014-05-05 14:34 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-05 14:33 . 2014-04-03 08:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-05 14:33 . 2014-04-03 08:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-05 14:17 . 2014-05-05 14:17 -------- d-----w- c:\windows\ERUNT
2014-05-04 10:25 . 2014-05-04 10:25 -------- d-----w- c:\users\Dominic\.android
2014-05-04 10:24 . 2014-05-04 10:35 -------- d-----w- c:\users\Dominic\AppData\Roaming\MyPhoneExplorer
2014-05-04 10:23 . 2014-05-04 10:35 -------- d-----w- c:\program files\MyPhoneExplorer
2014-04-20 11:15 . 2014-04-20 11:15 -------- d-----w- c:\users\Dominic\AppData\Roaming\Samsung
2014-04-20 11:15 . 2014-04-20 11:15 -------- d-----w- c:\program files\Samsung
2014-04-20 11:09 . 2014-04-20 11:14 -------- d-----w- c:\users\Main\AppData\Local\Downloaded Installations
2014-04-13 15:34 . 2014-04-13 15:34 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-13 15:51 . 2013-11-13 17:56 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-13 15:51 . 2011-11-18 17:23 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-03 08:50 . 2010-09-20 19:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 1681408]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\System32\rstrui.exe" [2009-07-14 262656]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2014-03-05 54072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2012-01-27 23:01 2077536 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-23 00:18 494064 ----a-w- c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDFab Passkey]
2011-09-29 11:22 1135608 ----a-w- c:\program files\DVDFab Passkey\DVDFabPasskey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 09:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R4 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-25 921952]
R4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-25 308136]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-02 21488]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-02 15856]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2013-01-15 226016]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-06 243152]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-02 25584]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2011-08-15 54144]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1086976]
.
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\e686qe6k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - ExtSQL: 2014-04-20 12:16; [email protected]; c:\users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\e686qe6k.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-05 20:49:16
ComboFix-quarantined-files.txt 2014-05-05 19:49
.
Pre-Run: 252,229,574,656 bytes free
Post-Run: 252,605,317,120 bytes free
.
- - End Of File - - 3280ED517B4DDD922EF75F39CA5371AA
A36C5E4F47E84449FF07ED3517B43A31

 

[johnb35]

Are you still having issues? I noticed you have both Avast and AVG installed. You need to uninstall one of them. I would recommend uninstalling AVG since its an older version and keep avast. Kind of hard to determine whats going on when you haven't posted the malwarebytes log that actually removed the infections. Also, did you run adwcleaner to where it removed anything? I noticed you ran it a few times but I would need to know what it removed.

 

[dominicb]

johnb35

Things seem a bit better on the speed front, however, when I open Firefox, three tabs are opened.

• https://www.mozilla.org/en-US/firefox/new/ This is the first one - the one that usually appears when you install a new version of Firefox.
• The second is the default Mozilla search page - which won't change my home page to www.google.co.uk no matter how hard I try.
• http://www.bestvideodownloader.com/turbo The third tab is trying to entice me here - a utility I neither want nor need. Not sure if it's on my system - it's not included in the Control Panel's install list but I believe these downloader type programs like to hide.

How can I get my Firefox back to behaving, opening only one tab and allow me to set my own home page?

BTW I meant to uninstall AVG - I was just waiting to see if I was happy with Avast! (which I am). I'll uninstall it now. Thanks for the advice.

One last thing - the Malwarebytes log that found things is posted below.

Thanks again.

DominicB




Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 05/05/2014
Scan Time: 15:46:34
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.05.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: Main

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338368
Time Elapsed: 11 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 7
PUP.Optional.Freemium.A, C:\Users\Main\AppData\Local\temp\ICReinstall_ConverterLite-1.6.4.exe, Quarantined, [5b705feec1ba71c5db4b160e61a0748c],
PUP.Optional.SearchProtect.A, C:\Users\Main\AppData\Local\temp\nsdE2D9.exe, Quarantined, [537886c77506aa8cc7ef9f877e83f30d],
PUP.Optional.SearchProtect.A, C:\Users\Main\AppData\Local\temp\nsh940A.exe, Quarantined, [5675c885a5d685b1f5c134f20bf6d729],
PUP.Optional.SearchProtect.A, C:\Users\Main\AppData\Local\temp\nsvE6E2.exe, Quarantined, [ebe01b328bf0152132848d99d52c13ed],
PUP.Optional.Conduit.A, C:\Users\Main\AppData\Local\temp\nsk7371\SpSetup.exe, Quarantined, [953663eac0bb270f7d2930eb61a0ba46],
PUP.Optional.Freemium.A, C:\Users\Dominic\Downloads\ConverterLite-1.6.4.exe, Quarantined, [03c8e06d176483b3a581889c8c75926e],
PUP.Optional.Softonic.A, C:\Users\Dominic\Downloads\SoftonicDownloader_for_samsung-kies.exe, Quarantined, [3992f558df9cb1854d1c1d0049b8a45c],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[voyagerfan99]

How can I get my Firefox back to behaving, opening only one tab and allow me to set my own home page?

Open up the Firefox options. On the general tab where it says Home Page, select everything there, remove it, adn type in what you want for your home page.

 

[dominicb]

Hi voyagerfan99

Open up the Firefox options. On the general tab where it says Home Page, select everything there, remove it, adn type in what you want for your home page.

When I do this, every time I hit the home button, it takes me back to my chosen home page (google.co.uk). Exactly as it should do.
But close Firefox and reopen and the situation reverts back to the "three tabs and not one of them my chosen homepage" scenario.

DominicB

 

[johnb35]

I'm only home for a moment but try this procedure and see if it helps.

https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

 

[dominicb]

Ha Ha!
Computer speed much improved and 3 tab Firefox issue sorted. Home page what I want it to be.
Thanks for your help and guidance.

DominicB