View Full Version : I am back II
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17128 BrowserJavaVersion: 1.6.0_26
Run by Don at 20:07:50 on 2013-04-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2165 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe
C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uURLSearchHooks: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [aadababfecedct] "c:\documents and settings\all users\application data\aadababfecedct.exe"
uRun: [SearchProtect] c:\documents and settings\don\application data\searchprotect\bin\cltmng.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
StartupFolder: c:\docume~1\don\startm~1\programs\startup\avgfre~1.lnk - c:\program files\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\don\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\don\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 64.59.160.13 64.59.161.68
TCP: Interfaces\{7F78B2EB-7177-4840-97C8-62D965C16EE8} : DHCPNameServer = 64.59.160.13 64.59.161.68
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\don\application data\mozilla\firefox\profiles\m6tf3mhu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN24014405641032166&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=
FF - component: c:\documents and settings\don\application data\mozilla\firefox\profiles\m6tf3mhu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\don\application data\mozilla\firefox\profiles\m6tf3mhu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-31 22:00; torntv2@torntv.com; c:\documents and settings\don\application data\mozilla\firefox\profiles\m6tf3mhu.default\extensions\torntv2@torntv.com.xpi
FF - ExtSQL: !HIDDEN! 2009-09-02 01:53; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-12 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-12 307928]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-21 233136]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-12 19544]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-3-6 93984]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-16 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-7 701512]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-12-21 818432]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-3-19 3289208]
R3 iDispService;iDispService;c:\windows\system32\drivers\idisplayminiport.sys [2012-3-21 14248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-7 22856]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-12-21 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-12-21 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-12-21 115216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-12 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c62bfc4ddf28;Google Update Service (gupdate1c9c62bfc4ddf28);c:\program files\google\update\GoogleUpdate.exe [2009-4-25 133104]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-12-21 88040]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-8 77624]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-10-8 20032]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-5-30 39424]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-12-21 32680]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2010-2-19 132232]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\classroom teacher\smartsnmpagent.exe --> c:\program files\smart technologies\classroom teacher\SMARTSNMPAgent.exe [?]
S3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [2004-4-22 2432]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-10-8 181432]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\NOTEPAD.EXE=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-20 05:49:27 -------- d-----w- c:\documents and settings\don\application data\AVG2013
2013-04-20 05:45:53 -------- d--h--w- C:\$AVG
2013-04-20 05:45:53 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2013-04-20 05:31:55 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-04-20 05:31:55 -------- d-----w- c:\documents and settings\don\local settings\application data\MFAData
2013-04-20 05:31:55 -------- d-----w- c:\documents and settings\don\local settings\application data\Avg2013
2013-04-20 05:31:55 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-04-15 03:04:51 -------- d-----w- c:\documents and settings\don\application data\LibreOffice
2013-04-15 03:04:19 -------- d-----w- c:\windows\System64
2013-04-15 03:02:57 -------- d-----w- c:\program files\LibreOffice 4.0
2013-04-15 02:46:14 -------- d-----w- c:\program files\Dropbox
2013-04-15 02:44:38 -------- d-----w- c:\documents and settings\don\application data\Dropbox
2013-04-06 23:18:00 -------- d-----w- c:\documents and settings\don\local settings\application data\Colossal Order
2013-04-01 05:02:30 -------- d-----w- c:\documents and settings\don\local settings\application data\WhiteSmoke_New
2013-04-01 05:02:28 -------- d-----w- c:\program files\WhiteSmoke_New
2013-04-01 05:02:15 -------- d-----w- c:\documents and settings\don\local settings\application data\CRE
2013-04-01 05:01:42 -------- d-----w- c:\program files\SearchProtect
2013-04-01 05:01:16 -------- d-----w- c:\documents and settings\don\application data\SearchProtect
2013-04-01 05:00:37 -------- d-----w- c:\program files\Gophoto.it
2013-04-01 05:00:19 -------- d-----w- c:\program files\TornTV.com
2013-03-27 06:43:02 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-27 06:43:02 421200 ----a-w- c:\windows\system32\msvcp100.dll
.
==================== Find3M ====================
.
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-12 21:07:09 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 21:07:09 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-24 19:03:34 832512 ----a-w- c:\windows\system32\wininet.dll
2013-02-24 19:03:34 1830912 ------w- c:\windows\system32\inetcpl.cpl
2013-02-24 19:03:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-02-24 19:03:33 17408 ----a-w- c:\windows\system32\corpol.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 20:08:51.21 ===============
aswMBR would not work. I get this message in a seprate box: avast! Antirootkit has encountered a problem and needs to close. We are sorry for the inconvenience. Then aswMBR closes.
Spybot: There are directions to use Spybot in post #2, but... I could not find the link for it.
Hello Nanich. :snwelcome:
My name is fbfbfb. I will gladly assist you with your concerns.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice. This may cause a delay, but I will do my best to keep it as short as possible.
I am checking over your DDS log now, and I will post back shortly with instructions.
While working to resolve the issues with your machine, please follow these guidelines:
Please be patient. Logs are lengthy and can take time to analyze.
Read and follow my directions carefully, in the sequence they are posted. If you are unsure about anything, please ask for clarification before continuing.
Use only those tools that you have been directed to use.
Do not install or uninstall any applications or run any other scans without being directed to do so.
Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
Stay with me until your machine has been deemed all clear.
Please reply within 3 days of each post to avoid closing this topic.
Hello, Nanich. Thank you for the DDS logs. You report that you had problems running aswMBR. Let's try running TDSSKiller instead.
Please run the following scans
1. TDSSKiller
Please download TDSSKiller from HERE (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder, right click on TDSSKiller.exe and select Run as Administrator to run the application.
When the window opens, click Change Parameters.
Under Additional options, put a check mark in the box next to Detect TDLFS File System. Click OK.
Click Start Scan.
As we are only looking for a log of what is on the machine right now, choose Skip for whatever is found.
Click Continue > Reboot now.Please copy and paste the contents of that file in your next reply.
2. Security Check
Please download Security Check by screen317 from HERE (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or HERE (http://screen317.changelog.fr/SecurityCheck.exe). Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt. This may take a few minutes.Please copy and paste the contents of that document into your next reply.
Thank you. One of your directions does not seem to work for me:
\
Once extracted, open the TDSSKiller folder, right click on TDSSKiller.exe and select Run as Administrator to run the application.
There is a Run as... option. When I select that there is no option to run as an administrator.
Thanks!
Don
Hello, Nanich.
Please work through the following tasks
Uninstall Multiple Anti-virus Programs
I see that you are currently running multiple anti-virus programs:
avast! Antivirus
AVG 2013 Running multiple antivirus programs can trigger system slow downs, crashes, and/or conflicts with each other causing them not to work properly. I am recommending that you choose and keep only one good antivirus program installed on your computer. To remove the other, please follow these steps:
Click Start and select Control Panel.
When the Control Panel window opens, click on Uninstall a program found under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Look through the list of programs for the one that you would like to uninstall, and then left-click on it once to highlight it.
Click on the Uninstall button.
When asked if you are sure you want to uninstall, click Yes.
The program will uninstall, and when completed you will be back at the list of programs installed on your computer.
When finished, close the Programs and Features screen.TDSSKiller
Let me revise those instructions for you:
Please download TDSSKiller from HERE (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Unzip the folder. (Right Click > Extract to your Desktop).
Doubleclick on TDSSKiller.exe to run the application.
When the window opens, click Change Parameters.
Under Additional options, put a check mark in the box next to Detect TDLFS File System. Click OK.
Click Start Scan.
As we are only looking for a log of what is on the machine right now, choose Skip for whatever is found.
Click Continue > Reboot now.
Click on Report.Please copy and paste the contents of that file in your next reply.
Note: It will also create a log in the C:\ directory.Please run the following scan
OTL by OLD TIMER
Please download OTL to your desktop from HERE (http://oldtimer.geekstogo.com/OTL.exe) or HERE (http://www.itxassociates.com/OT-Tools/OTL.exe)
Close all other applications and windows so that you have nothing open.
Double click on the http://oldtimer.geekstogo.com/OTL/OTL_Icon.gif icon on your desktop.
Note: Vista and Windows 7 users right-click and select Run As Administrator. If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button. Under Output, click Minimal Output to select it.
Click the Scan All Users checkbox. Leave the remaining selections to the default settings.
Do not use the computer while the scan is in progress.
When the scan is complete, two log files will open in Notepad: OTListIt.txt (will be maximized) and Extras.txt <- (will be minimized in the Task Bar).
Both logs are automatically saved to the Desktop.
Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply. If the Extras.txt log is too long, you may need to add a second reply to your thread.
Click the red X in the upper right corner to exit OTL.
SUMMARY: In your next reply, please post the following:
TDSSKiller report
Security Check report
OTL log
Thanks,
I am not have much luck. AVAST will not uninstall. I do see the entry. When I click on it and click remove, the computer works but the nothing happens.
I do not see an entry for AVG. I do see the folder in program files, but I do not in the "add or remove programs"
Because I could not do your first instructions, I have not go onto the next instructions.
Thanks!
Don
Accidental reply--please ignore.
Hello, Nanich.
Sometimes it is difficult to uninstall these anti-virus programs in the usual manner, in which case you can use specified removal tools supplied by each software manufacturer. Depending on which anti-virus you have chosen to remove, follow these steps:
1. Uninstall Avast using aswClear
Download aswclear.exe HERE (http://files.avast.com/iavs5x/aswclear.exe) and save it on your desktop.
Start Windows in Safe Mode.
Open the uninstall utility.
If you installed avast! in a different folder than the default, browse for it.
Click REMOVE.
Restart your computer.
2. Uninstall AVG using AVG Remover tool
Save all your work and close all documents. Your computer will be restarted during the procedure.
Download AVG Remover tool from HERE (http://download.avg.com/filedir/util/AVG_Remover_en.exe).
Run the downloaded tool and follow the instructions displayed on your screen.
Your computer will be restarted automatically.
After the restart, AVG Remover will finish the uninstallation.
I am using windows XP. How do you start in safemode? A website said to hold F8 down, but that only gave me different options on which device to use to boot. It did not offer safemode.
Don
Hello, Nanich.
Boot into Safe Mode using the F8 method:
Restart your computer.
Gently tap the F8 key repeatedly until the Windows XP Advanced Options menu appears.
Note: If Windows launches before you can choose Safe Mode, restart your computer and try again. Select the Safe Mode option using the up and down arrow keys.
Then, press the enter key on your keyboard to boot into Safe Mode.http://vubnet.vub.ac.be/images/stories/security/safe-mode.png
Note: When tasks have been completed, reboot your computer to normal mode.
I did that, but I do not get the safe mode start up options. The only options that I get are different location options for start up.
Don
Hello, Nanich.
For the moment, let's set aside removing the extra anti-virus program in Safe Mode; we will come back to that later.
Please run Security Check as previously instructed as well as the scan below:
Please download OTL to your desktop from HERE (http://oldtimer.geekstogo.com/OTL.exe) or HERE (http://www.itxassociates.com/OT-Tools/OTL.exe).
Close all other applications and windows so that you have nothing open.
Double click on the http://oldtimer.geekstogo.com/OTL/OTL_Icon.gif icon on your desktop.
Note: Vista and Windows 7 users right-click and select Run As Administrator. If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
Under Output, click Minimal Output to select it.
Click the Scan All Users checkbox. Leave the remaining selections to the default settings.
Do not use the computer while the scan is in progress.
When the scan is complete, two log files will open in Notepad: OTListIt.txt (will be maximized) and Extras.txt <- (will be minimized in the Task Bar).
Both logs are automatically saved to the Desktop.
Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply. If the Extras.txt log is too long, you may need to add a second reply to your thread.
Click the red X in the upper right corner to exit OTL.
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Free Antivirus
AVG 2013
PC Tools Firewall Plus 6.0
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
HijackThis 2.0.2
Java(TM) 6 Update 22
Java(TM) 6 Update 26
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````
OTL logfile created on: 5/7/2013 9:32:05 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Don\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 71.51% Memory free
4.84 Gb Paging File | 4.14 Gb Available in Paging File | 85.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 20.06 Gb Free Space | 4.31% Space Free | Partition Type: NTFS
Computer Name: DONPETERSON | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Don\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Don\My Documents\Downloads\SecurityCheck.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
PRC - C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
PRC - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Documents and Settings\Don\My Documents\Downloads\SecurityCheck.exe ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\68b0fc15aa862e54593dd85b59116998\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\32b515633fcbcc6dad09b9dd09f2fc2f\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65e520f98f7674d462d26671c1ce97a7\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Documents and Settings\Don\Local Settings\temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
========== Services (SafeList) ==========
SRV - (SMART SNMP Agent Service) -- C:\Program Files\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CltMngSvc) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (szkgfs) -- system32\drivers\szkgfs.sys File not found
DRV - (szkg5) -- system32\DRIVERS\szkg.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (is3srv) -- system32\drivers\is3srv.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (iDispService) -- C:\WINDOWS\system32\drivers\idisplayminiport.sys (SHAPE Services)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctNDIS) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (PCTFW-DNS) -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvselsus) -- C:\WINDOWS\system32\drivers\lvselsus.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation)
DRV - (SaiH0461) -- C:\WINDOWS\system32\drivers\SaiH0461.sys (Saitek)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (CX23880) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.)
DRV - (DSDrv4) -- C:\Program Files\DScaler\DSDrv4.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (smrtdrv) -- C:\WINDOWS\system32\drivers\smrtdrv.sys (SMART Technologies Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15539672730253678&UM=2&SSPV=TB_C3
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/12 13:55:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/11 23:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/11 23:00:44 | 000,000,000 | ---D | M]
[2009/01/25 00:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Extensions
[2013/04/11 23:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/24 18:21:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/24 18:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/04/24 18:21:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/11 23:00:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/12 09:34:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/29 21:56:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/19 09:59:04 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN14205695091674118&UM=2&sspv=TB_CC
CHR - Extension: avast! WebRep = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: GoPhoto.it = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\
O1 HOSTS File: ([2011/06/12 13:38:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [aadababfecedct] "C:\Documents and Settings\All Users\Application Data\aadababfecedct.exe" File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [SearchProtect] C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F78B2EB-7177-4840-97C8-62D965C16EE8}: DhcpNameServer = 64.59.160.13 64.59.161.68
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/21 11:51:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/05 11:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Desktop\Old Firefox Data
[2013/05/05 10:30:23 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswclear.exe
[2013/05/01 18:14:21 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Don\Desktop\TDSSKiller.exe
[2013/04/20 20:11:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswMBR.exe
[2013/04/20 20:07:22 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Don\Desktop\dds.scr
[2013/04/20 20:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/04/20 20:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/04/20 20:03:46 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Don\Desktop\erunt-setup.exe
[2013/04/19 22:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\AVG2013
[2013/04/19 22:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/04/19 22:31:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/04/19 22:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Local Settings\Application Data\MFAData
[2013/04/19 22:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/04/19 22:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Local Settings\Application Data\Avg2013
[2013/04/19 22:31:32 | 004,411,440 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Don\Desktop\avg_avct_stb_all_2013_2667_cm10.exe
[2013/04/14 20:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\LibreOffice
[2013/04/14 20:04:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LibreOffice 4.0
[2013/04/14 20:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System64
[2013/04/14 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 4.0
[2013/04/14 19:48:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Don\My Documents\Dropbox
[2013/04/14 19:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/04/14 19:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Start Menu\Programs\Dropbox
[2013/04/14 19:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\Dropbox
[2013/04/14 19:42:00 | 032,746,544 | ---- | C] (Dropbox, Inc.) -- C:\Documents and Settings\Don\Desktop\Dropbox 2.0.6.exe
[2013/04/11 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/07 21:30:47 | 000,502,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/07 21:30:47 | 000,088,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/07 21:21:53 | 000,013,770 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/07 21:21:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/07 21:21:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/05/07 21:21:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2013/05/07 20:01:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/07 19:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/06 23:01:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/05 10:30:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswclear.exe
[2013/05/01 23:26:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/01 18:13:52 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\tdsskiller.zip
[2013/04/27 14:04:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/04/20 22:03:20 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Don\.Xauthority
[2013/04/20 20:12:32 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswMBR.exe
[2013/04/20 20:07:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Don\Desktop\dds.scr
[2013/04/20 20:03:46 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Don\Desktop\erunt-setup.exe
[2013/04/19 22:31:28 | 004,411,440 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Don\Desktop\avg_avct_stb_all_2013_2667_cm10.exe
[2013/04/19 22:26:23 | 000,062,464 | ---- | M] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/19 22:22:37 | 115,054,456 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\avast_free_antivirus_setup.exe
[2013/04/15 20:01:59 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/14 19:59:41 | 193,572,864 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\LibreOffice_4.0.2_Win_x86.msi
[2013/04/14 19:48:06 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Dropbox.lnk
[2013/04/14 19:46:41 | 000,000,996 | ---- | M] () -- C:\Documents and Settings\Don\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/14 19:42:50 | 032,746,544 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Don\Desktop\Dropbox 2.0.6.exe
[2013/04/10 03:05:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/05/01 18:13:51 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\tdsskiller.zip
[2013/04/19 22:20:24 | 115,054,456 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\avast_free_antivirus_setup.exe
[2013/04/14 19:54:58 | 193,572,864 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\LibreOffice_4.0.2_Win_x86.msi
[2013/04/14 19:48:06 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\Dropbox.lnk
[2013/04/14 19:46:41 | 000,000,996 | ---- | C] () -- C:\Documents and Settings\Don\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/09 04:36:13 | 000,318,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/05 20:22:57 | 000,138,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/12/05 20:01:44 | 000,281,688 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/12/05 20:01:40 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/04/20 19:40:47 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2012/02/15 21:43:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/08/15 01:00:50 | 000,855,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-746137067-606747145-682003330-1004-0.dat
[2011/08/15 01:00:49 | 000,217,590 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/11 10:23:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/11 10:23:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/11 10:23:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/11 10:23:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/11 10:23:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/07 20:56:47 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 11:16:37 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Don\.Xauthority
[2009/09/01 23:30:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\LOG
[2009/02/13 07:49:36 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-settings
[2009/02/13 07:49:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-editor-session
[2009/02/13 07:49:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-user-dict
[2009/01/21 19:15:39 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\PnkBstrK.sys
========== ZeroAccess Check ==========
[2009/01/21 19:18:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 18:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
This is all I have. I do not see an extras.txt on the task bar or on my desktop.
Hello, Nanich.
Thank you for the Security Check and OTL reports. The extras.txt should be in the same location as OTL. If it is there, you can send it in your next reply. If it is not, let's not worry about it.
Please run the following scan
Run OTL.exe
Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
Then click the Run Fix button at the top.
:OTL
DRV - (catchme) -- C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15539672730253678&UM=2&SSPV=TB_C3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC
O2 - BHO: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [aadababfecedct] "C:\Documents and Settings\All Users\Application Data\aadababfecedct.exe" File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [SearchProtect] C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
[2013/04/11 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
[CLEARALLRESTOREPOINTS]
[Reboot]
Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
Post the new log in your next reply.
So I ran the scan. I think it stopped part way through. I left it overnight and said something like "killing processes" The task bar and desktop icons were missing when I woke up. I had to do a manual reset to get it running again.
Don
Yes I tried to run the scan again, and the same thing happened. I think it stops at the beginning.
Don
Hello, Nanich.
Let's run OTL again, this time in Safe Mode. Once you are in Safe Mode, run the OTL fix which I have included below--I have made an adjustment.
1. Boot into Safe Mode
Using the F8 Method as an option:
Restart your computer.
Gently tap the F8 key repeatedly until the Windows XP Advanced Options menu appears.
Note: If Windows launches before you can choose Safe Mode, restart your computer and try again. Select the Safe Mode option using the up and down arrow keys.
Then, press the enter key on your keyboard to boot into Safe Mode.
http://vubnet.vub.ac.be/images/stories/security/safe-mode.png
Note: When tasks have been completed, reboot your computer to normal mode.
2. Run OTL.exe
Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
Then click the Run Fix button at the top.
:OTL
DRV - (catchme) -- C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15539672730253678&UM=2&SSPV=TB_C3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC
O2 - BHO: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [aadababfecedct] "C:\Documents and Settings\All Users\Application Data\aadababfecedct.exe" File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [SearchProtect] C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
[2013/04/11 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
Post the new log in your next reply.
Hello, Nanich.
Have you been able to run the OTL scan in Safe Mode? Are you having any problems?
Hello, Nanich.
I have not heard back from you since May 12th. Do you still need help? If you are having problems running OTL, please let me know and we will work to resolve the issue.
Thanks. I have been away a bit.
I will follow your steps this weekend.
Don
Yeah, so I am trying to boot into safemode with no luck. I have tapped the F8, but I get asked where I want to boot from (floppy, harddisk, etc), but I do not get safemode.
Don
Hello, Nanich.
Let's try an alternate method of booting into Safe Mode and running the OTL scan. If you successfully boot into Safe Mode, please run the OTL scan that you see in option 2 below.
Using the F5 Method as an option
Restart your computer.
Gently tap the F5 key repeatedly until the Windows XP Advanced Options menu appears.
Note: If Windows launches before you can choose Safe Mode, restart your computer and try again. Select the Safe Mode option using the up and down arrow keys.
Then, press the enter key on your keyboard to boot into Safe Mode.
http://vubnet.vub.ac.be/images/stories/security/safe-mode.png
Note: When tasks have been completed, reboot your computer to normal mode.
If you are still having difficulty booting into Safe Mode, continue with the next option.
Option 2: Run OTL in Normal Mode using the revised script
Run OTL.exe
Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
Then click the Run Fix button at the top.
:OTL
DRV - (catchme) -- C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15539672730253678&UM=2&SSPV=TB_C3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC
O2 - BHO: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [aadababfecedct] "C:\Documents and Settings\All Users\Application Data\aadababfecedct.exe" File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [SearchProtect] C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
[2013/04/11 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[Reboot]
Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
Post the new log in your next reply.
Okay, I got into safemode using f5, I did the scan/fix. I was surprised at how quick it was before it asked to reboot. The system rebooted. AFter the reboot, the logs did not come up. I did a scan of the computer to look for the saved verision of the files, but nothing came up. I also noticed that my "Firefox" program is gone as well.
Do you think I should try running the fix again?
Don
Hello, Nanich.
Glad you were able to get into Safe Mode and run OTL. Let's take a look at your concerns.
Cannot locate OTL logs after system reboot
OTL does not take long to scan (approx. 10 minutes depending on your system). If it was an instant scan and reboot, it is quite possible that the scan did not complete, and therefore, no logs were produced. However, OTL will save two logs (OTL.txt and Extras.txt) in the folder that OTL was started from. If OTL was saved in your Downloads folder, for example, check there for the logs.
If the logs are available please copy and paste them into your next reply. If they are not there, please rerun OTL. Because you are running a second scan, it will only produce one log, OTL.txt.
After reboot, Firefox disappeared
Can you please expand on this? Do you mean the Firefox icon has disappeared from your desktop and/or task bar? Is Firefox still installed on your system?
If only the icon has disappeared, try rebooting again. If it still does not appear, do the following:
Click Start > Click Window Key + R to access the Run dialog box.
In the open field, type C:\Program Files\Mozilla Firefox > Click OK.
Right click Firefox > Send to > Desktop.
Or, if you prefer to have the icon pinned to your taskbar instead of your desktop, drag the FF icon from your Start menu to your taskbar.
I will run the scan again.
For firefox. The shortcut on my desktop remained, but as the generic icon. When I clicked on the icon it looked for firefox using the flashlight. To me that suggests that the program is gone. I looked in Program Files and could not see it there.
Don
SUCCESS!!
========== OTL ==========
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found not found.
Registry value HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll not found.
File C:\Program Files\SearchProtect\bin\cltmng.exe not found.
File move failed. C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\aadababfecedct not found.
Registry value HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
File C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe not found.
Folder C:\Program Files\Mozilla Firefox\ not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Documents and Settings\Don\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Documents and Settings\Don\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Don\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Don\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 05222013_191857
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
---------------------
Again, I can only find the one log. The log I posted was not saved either. I copy and pasted it from the open window.
Don
Hello, Nanich.
Thank you for the OTL report. Glad you were able to run it.
Let me clarify a couple of items for you. When you run OTL the first time, it will produce two logs for you, as I had previously mentioned. These would be OTL.txt and Extras.txt. If you run OTL a second time, it will not produce the second report (Extras.txt), which is why only the first report opened. This is not something we need to worry about now.
You were able to send me the OTL.txt report, so let's not worry about saving the logs. If you are curious though, you can follow this path to see if the log is located there:
Click Start > Computer > Local Disk C: > OTL > Moved Files
It will appear as something like this: mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time you ran OTL.
Your OTL report shows several entries that need some attention. Please do the following:
Run OTL.exe
Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
Then click the Run Fix button at the top.
:OTL
:Reg
[HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{739df940-c5ee-4bab-9d7e-270894ae687a}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{739df940-c5ee-4bab-9d7e-270894ae687a}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtectAll"=-
HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run
"aadababfecedct"=-
HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run
"SearchProtect"-
:Files
ipconfig /flushdns /c
C:\Program Files\SearchProtect
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe
C:\Program Files\Mozilla Firefox\
C:\WINDOWS\*.tmp
C:\Documents and Settings\Don\*.tmp
C:\WINDOWS\System32\*.tmp
:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
Post the new log in your next reply.
Firefox
Let's do a clean reinstall of Firefox:
Download the latest version of Firefox from HERE (http://www.mozilla.org) > Click Save File.
After the download is complete, close all Firefox windows.
Before reinstalling Firefox, delete the Firefox uninstall folder, which is located in the following location by default:
Click Start > My Computer > Local Disk C: > Program Files > Mozilla Firefox > Uninstall
Note: To preserve your bookmarks, saved passwords, and other data, do not place a check mark in the box that says Remove my Firefox personal data and customizations.
Now reinstall Firefox:
Locate the saved file (Firefox Setup 21.0.exe), double-click the file to begin the Installation Wizard and follow the prompts.
Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.
OKay I got firefox back. I tried to run the OTL fix you gave me, but it hung up even in safemode!
Don
Hello, Nanich.
Firefox is back, great news, good job. As far as the OTL scan is concerned, let's just run a fresh scan without attempting a fix. If you cannot run it in Normal Mode, then run it in Safe Mode.
From your desktop, double click on the http://oldtimer.geekstogo.com/OTL/OTL_Icon.gif icon.
Note: Vista and Windows 7 users right-click and select Run As Administrator. If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
Under Output, click Minimal Output to select it.
Click the Scan All Users checkbox. Leave the remaining selections to the default settings.
Do not use the computer while the scan is in progress.
When the scan is complete, the following log will open in Notepad: OTListIt.txt
This log should save automatically to the Desktop.
Please copy and paste the contents of OTListIt.txt in your next reply.
Click the red X in the upper right corner to exit OTL.
Here you go!
OTL logfile created on: 5/26/2013 6:05:07 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Don\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.61% Memory free
4.84 Gb Paging File | 3.85 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 16.47 Gb Free Space | 3.54% Space Free | Partition Type: NTFS
Computer Name: DONPETERSON | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Don\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
PRC - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\655c70628497117a1008510a401f84d3\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\261b2323f46266bf9039ebc350ef466a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\6fcb023855a4670d86e80ac4744b0efe\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\347f5b43b525120fe2f33d92d75337f2\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0eef0fa73253bcea73885b6912c5433\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\13041000\algo.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\68b0fc15aa862e54593dd85b59116998\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\32b515633fcbcc6dad09b9dd09f2fc2f\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65e520f98f7674d462d26671c1ce97a7\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\mpg2splt.ax ()
MOD - C:\Program Files\Vuze\plugins\azitunes\jacob-1.17-M2-x86.dll ()
MOD - C:\Program Files\Vuze\aereg.dll ()
MOD - C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\AVAST Software\Avast\Setup\setiface.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Azureus\plugins\azutp\win32\utp.dll ()
MOD - C:\WINDOWS\system32\qdvd.dll ()
MOD - C:\Documents and Settings\Don\Local Settings\temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\xvidcore.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\dxmasf.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\xvid.ax ()
MOD - C:\WINDOWS\system32\tsd32.dll ()
========== Services (SafeList) ==========
SRV - (SMART SNMP Agent Service) -- C:\Program Files\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (CltMngSvc) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (szkgfs) -- system32\drivers\szkgfs.sys File not found
DRV - (szkg5) -- system32\DRIVERS\szkg.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (is3srv) -- system32\drivers\is3srv.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (iDispService) -- C:\WINDOWS\system32\drivers\idisplayminiport.sys (SHAPE Services)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctNDIS) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (PCTFW-DNS) -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvselsus) -- C:\WINDOWS\system32\drivers\lvselsus.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation)
DRV - (SaiH0461) -- C:\WINDOWS\system32\drivers\SaiH0461.sys (Saitek)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (CX23880) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.)
DRV - (DSDrv4) -- C:\Program Files\DScaler\DSDrv4.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (smrtdrv) -- C:\WINDOWS\system32\drivers\smrtdrv.sys (SMART Technologies Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/12 13:55:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2009/01/25 00:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Extensions
[2013/05/25 20:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/25 20:04:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN14205695091674118&UM=2&sspv=TB_CC
CHR - Extension: avast! WebRep = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: GoPhoto.it = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\
O1 HOSTS File: ([2013/05/22 19:18:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F78B2EB-7177-4840-97C8-62D965C16EE8}: DhcpNameServer = 64.59.160.13 64.59.161.68
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/21 11:51:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/25 20:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/05/25 20:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/25 20:02:40 | 021,289,608 | ---- | C] (Mozilla) -- C:\Documents and Settings\Don\Desktop\Firefox Setup 21.0.exe
[2013/05/22 19:54:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Don\PrivacIE
[2013/05/22 19:49:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Don\IETldCache
[2013/05/22 19:38:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/05/22 19:34:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/05/22 19:30:58 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/05/22 19:30:31 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/05/13 01:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SearchProtect
[2013/05/12 00:17:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/05/07 21:30:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Don\Desktop\OTL.exe
[2013/05/05 11:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Desktop\Old Firefox Data
[2013/05/05 10:30:23 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswclear.exe
[2013/05/01 18:14:21 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Don\Desktop\TDSSKiller.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/26 18:07:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/26 18:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/26 13:16:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/26 05:06:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/25 20:04:39 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/25 20:04:39 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/05/25 20:02:40 | 021,289,608 | ---- | M] (Mozilla) -- C:\Documents and Settings\Don\Desktop\Firefox Setup 21.0.exe
[2013/05/25 17:18:53 | 000,502,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/25 17:18:53 | 000,088,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/25 17:10:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/25 17:09:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/05/25 17:09:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2013/05/25 08:27:15 | 000,013,770 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/23 03:01:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/22 23:26:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/22 19:49:08 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/22 19:18:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/05/15 03:28:06 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/14 14:07:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/14 14:07:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/13 22:04:24 | 000,000,211 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2013/05/07 21:30:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don\Desktop\OTL.exe
[2013/05/06 21:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/05 10:30:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswclear.exe
[2013/05/01 18:13:52 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\tdsskiller.zip
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/05/25 20:04:39 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/25 20:04:39 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/05/22 19:49:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/01 18:13:51 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\tdsskiller.zip
[2013/01/09 04:36:13 | 000,318,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/05 20:22:57 | 000,138,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/12/05 20:01:44 | 000,281,688 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/12/05 20:01:40 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/04/20 19:40:47 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2012/02/15 21:43:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/08/15 01:00:50 | 000,855,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-746137067-606747145-682003330-1004-0.dat
[2011/08/15 01:00:49 | 000,217,590 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/11 10:23:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/11 10:23:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/11 10:23:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/11 10:23:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/11 10:23:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/07 20:56:47 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 11:16:37 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Don\.Xauthority
[2009/09/01 23:30:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\LOG
[2009/02/13 07:49:36 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-settings
[2009/02/13 07:49:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-editor-session
[2009/02/13 07:49:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-user-dict
[2009/01/21 19:15:39 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\PnkBstrK.sys
========== ZeroAccess Check ==========
[2009/01/21 19:18:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 18:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Hello, Nanich.
Thank you for the OTL log. Please run the following fix. If you have problems running it in Normal Mode, please run it in Safe Mode.
Run OTL.exe
Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
PRC - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (CltMngSvc) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
[2013/05/13 01:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SearchProtect
CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC
O4 - HKU\.DEFAULT..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe File not found
:Services
:Reg
:Files
C:\Documents and Settings\LocalService\Application Data\SearchProtect
:Commands
[purity]
[start explorer]
[Reboot]
Then click the Run Fix button at the top, not run Scan.
Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
Post the new log in your next reply.
Hello, Nanich.
Were you able to run the last OTL script? Do you need help?
Due to inactivity, this thread will now be closed.
If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
my previous thread was locked. I was having troubles with the scan as it was constantly freezing. I now have a program called System Doctor 2014. I am not able to use any programs and I have typed thos message from my tablet. Any help would be great.
Don
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Don at 21:24:22 on 2013-06-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2580 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [SD2014] c:\documents and settings\don\application data\9ahrf4fd\9ahRf4fD.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\don\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\don\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 64.59.160.13 64.59.161.68
TCP: Interfaces\{7F78B2EB-7177-4840-97C8-62D965C16EE8} : DHCPNameServer = 64.59.160.13 64.59.161.68
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\don\application data\mozilla\firefox\profiles\2qm8uqye.default-1367778406205\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-27 05:16; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-21 233136]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-12-21 58816]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-12 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-12 307928]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-12 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-12 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c62bfc4ddf28;Google Update Service (gupdate1c9c62bfc4ddf28);c:\program files\google\update\GoogleUpdate.exe [2009-4-25 133104]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-16 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-7 701512]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-12-21 88040]
S2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-12-21 818432]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-8 77624]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-10-8 20032]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-5-30 39424]
S3 iDispService;iDispService;c:\windows\system32\drivers\idisplayminiport.sys [2012-3-21 14248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-7 22856]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-12-21 32680]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-12-21 70664]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-12-21 115216]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2010-2-19 132232]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\classroom teacher\smartsnmpagent.exe --> c:\program files\smart technologies\classroom teacher\SMARTSNMPAgent.exe [?]
S3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [2004-4-22 2432]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-10-8 181432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\NOTEPAD.EXE=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-06-06 03:59:55 -------- d-----w- c:\documents and settings\don\application data\9ahRf4fD
2013-05-23 02:54:28 -------- d-sh--w- c:\documents and settings\don\PrivacIE
2013-05-23 02:49:05 -------- d-sh--w- c:\documents and settings\don\IETldCache
2013-05-23 02:38:23 -------- d-----w- c:\windows\ie8updates
2013-05-23 02:34:58 -------- dc-h--w- c:\windows\ie8
2013-05-23 02:30:58 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-05-23 02:30:35 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-05-23 02:30:32 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-05-23 02:30:31 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-05-23 02:30:31 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-05-14 20:31:10 6128760 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-05-14 20:31:10 6128760 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-05-14 05:04:24 6224 ------w- C:\Br20F.tmp
.
==================== Find3M ====================
.
2013-05-14 21:07:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 21:07:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-27 06:43:02 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-27 06:43:02 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 21:25:15.98 ===============
Hi,
I reopened your thread and fbfbfb has been notified
Hello, Nanich.
We have reopened your thread, and I am reviewing your new DDS log now. I will get back to you as soon as possible.
Hello, Nanich.
A review of your concerns and your DDS log indicates that your system has become worse. We will do our optimum best to help you resolve your issues, and to restore your computer to its full functionailty; however, we strongly urge you to:
Use only the tools you are instructed to use in order to avoid additonal conflicts and set backs.
Avoid using the Internet in order to prevent downloading and installing additional malware. Keep your LAN cable unplugged, except when you need to post to this thread.
If we determine that we cannot clean your computer, we would recommend reformatting your hard drive and a clean install of Windows. We would then link you to a good Windows forum that can guide you through the process. This would guarantee a nice clean and error free system.
However, let's first attempt to clean your system. Please do the following:
1. Boot into Safe Mode
Using the F8 Method as an option:
Restart your computer.
Gently tap the F8 key repeatedly until the Windows XP Advanced Options menu appears.
Note: If Windows launches before you can choose Safe Mode, restart your computer and try again. Select the Safe Mode option using the up and down arrow keys.
Then, press the enter key on your keyboard to boot into Safe Mode.
http://vubnet.vub.ac.be/images/stories/security/safe-mode.png
Note: When tasks have been completed, reboot your computer to normal mode.
If you experience problems booting into Safe Mode using the F8 key, please follow the above directions using the F5 key instead.
2. Scan your system with RKill
Note:
Print out these instructions as we may need to close every window that is open later in the fix.
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer, and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
WARNING: Do not reboot your computer after running RKill as the malware programs will start again.
Please download and run one version of the following tool to help and allow other programs to run.
There are 5 different versions. If one will not run, select another.
1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
3. Scan your system with Malwarebytes Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.whatthetech.com/link/mbam.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
http://i35.photobucket.com/albums/d165/ndmmxiaomayi/mayi/mbam1.png
Then click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post (copy and paste) the results.
Note: If you receive a notice that some of the items could not be removed, that they have been added to the delete on reboot list, please reboot.
In your next reply, please describe how your computer is behaving at this time.
To avoid closing this topic, please advise me in advance if you need more time completing the given tasks.
I did the rkill scan. It seemed to work fine.
I am using the Malwarebytes Anti-Malware I did the scan. It found 8 objects. I clicked on Remove Selected and it asked to reboot. It did into normal mode. it is did not boot all the way. It goes to a light blue screen is only the pointer on. I have rebooted in safemode and redoing the scan. If I get a log, I will let you know.
Don
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.06.09
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Don :: DONPETERSON [administrator]
6/6/2013 8:00:39 PM
mbam-log-2013-06-06 (20-00-39).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273794
Time elapsed: 53 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Very good, Nanich; glad you were able to successfully run the scans. You forgot to tell me how your computer is behaving at this stage. Please include this information in your next reply.
Please run the following scans
1. ESET Online Scanner
Note: Disable any antivirus program and antispyware programs to avoid conflicts.
Run ESET Internet Explorer but, if using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
Please do not surf the internet while your security programs are disabled.
Let the scan run uninterrupted to avoid a stall.
Remember to enable your security programs when the scan has finished.
Run ESET Online Scanner from HERE (http://www.eset.eu/online-scanner).
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box YES, I accept the Terms of Use.
Click on the Start button next to it.
If prompted, allow the Add-On/Active X to install.
Under Computer scan settings:
Do not check Remove found threats
Check Scan Archives.
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology Click Start. ESET will download updates, install itself, and begin scanning your computer. Please be patient as this scan could take up to a few hours to complete.
Wait for the scan to finish. When the scan completes, click List of found threats.
Click Export and save the file to your desktop using a unique name, such as ESETScan.
Copy and paste the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
2. DDS
Please run DDS again and send me a fresh log.
3. Malwarebytes Log
I would like to examine the Malwarebytes log listing the 8 infections. Please open up MBAM and go to the Logs tab. Locate the log showing the infected files, copy and paste that report into your next reply.
Thanks. I am just starting the scan. It has been a few days and looks like it will not be finished for a few hours and until I wake up, so I thought I would like you know it will be tomorrow before I am finished.
Don
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\CltMngSvc.exe Win32/Conduit.SearchProtect.A application
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application
C:\Documents and Settings\Don\Application Data\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application
C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\10\b7799ca-50166c54 a variant of Win32/Kryptik.BCXO trojan
C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\39\14a58aa7-5df6506f a variant of Win32/Kryptik.BCXO trojan
C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\9\341af249-1e4c1d4b a variant of Win32/Kryptik.BCXO trojan
C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail\Junk e-mail\31B3463E-00003D38.eml HTML/Pharmacy.A trojan
C:\Documents and Settings\Don\Local Settings\temp\jar_cache1364093449645286197.tmp Java/Exploit.Agent.OML trojan
C:\Documents and Settings\Don\Local Settings\temp\jar_cache4386346603285378382.tmp Java/Exploit.Agent.OML trojan
C:\Documents and Settings\Don\Local Settings\temp\jar_cache5094616853861399607.tmp Java/Exploit.Agent.OML trojan
C:\Documents and Settings\Don\Local Settings\temp\SecondStepInstaller.exe multiple threats
C:\Program Files\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application
C:\Program Files\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application
C:\Program Files\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application
C:\Program Files\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application
C:\Program Files\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application
C:\RECYCLER\S-1-5-18\$bf8ab89017d7b48fe2e69a05db75957f\U\80000000.@ Win32/Sirefef.FA trojan
C:\RECYCLER\S-1-5-18\$bf8ab89017d7b48fe2e69a05db75957f\U\800000cb.@ a variant of Win32/Sirefef.FL trojan
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1113\A0177580.dll Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1113\A0177581.exe Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1113\A0177582.dll Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1113\A0177583.dll Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1113\A0177584.dll Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1113\A0177585.exe Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1145\A0189121.dll Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1145\A0189122.dll Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1145\A0189123.dll Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1145\A0189124.exe Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1145\A0189125.dll Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1145\A0189126.exe Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1145\A0189127.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1145\A0189128.exe a variant of Win32/Conduit.SearchProtect.B application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1145\A0189130.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1145\A0189131.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1145\A0189134.dll probably a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1170\A0198912.exe Win32/Adware.FakeAV.G application
C:\System Volume Information\_restore{63A83696-D3B1-49B2-B970-71CBE9E79BD0}\RP1170\A0201930.exe Win32/Adware.1ClickDownload.W application
C:\_OTL\MovedFiles\05212013_214810\C_Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B application
C:\_OTL\MovedFiles\05212013_214810\C_Program Files\Mozilla Firefox\components\sprotector.js Win32/Conduit.SearchProtect.A application
C:\_OTL\MovedFiles\05212013_214810\C_Program Files\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B application
C:\_OTL\MovedFiles\05272013_193927\C_Documents and Settings\LocalService\Application Data\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application
C:\_OTL\MovedFiles\05272013_193927\C_Documents and Settings\LocalService\Application Data\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application
C:\_OTL\MovedFiles\05272013_193927\C_Program Files\SearchProtect\bin\CltMngSvc.exe Win32/Conduit.SearchProtect.A application
C:\_OTL\MovedFiles\06122011_133813\C_Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\0\649e4dc0-1ce721d5 probably a variant of Java/TrojanDownloader.Agent.NCT trojan
C:\_OTL\MovedFiles\06122011_133813\C_Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\36\447ebda4-6f2e08b7 a variant of Java/Agent.BP trojan
C:\_OTL\MovedFiles\06122011_133813\C_Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\43\176ed76b-39617702 Java/Agent.AD trojan
C:\_OTL\MovedFiles\06122011_133813\C_Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\45\34b2d7ed-677d334e Java/TrojanDownloader.OpenConnection.CU trojan
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Don at 9:32:28 on 2013-06-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2228 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\don\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\don\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 64.59.160.13 64.59.161.68
TCP: Interfaces\{7F78B2EB-7177-4840-97C8-62D965C16EE8} : DHCPNameServer = 64.59.160.13 64.59.161.68
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\don\application data\mozilla\firefox\profiles\2qm8uqye.default-1367778406205\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-27 05:16; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-12 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-12 307928]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-21 233136]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-12 19544]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-12-21 818432]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
R3 iDispService;iDispService;c:\windows\system32\drivers\idisplayminiport.sys [2012-3-21 14248]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-12-21 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-12-21 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-12-21 115216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S0 trodo;trodo;c:\windows\system32\drivers\glsyqnmg.sys --> c:\windows\system32\drivers\glsyqnmg.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-12 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c62bfc4ddf28;Google Update Service (gupdate1c9c62bfc4ddf28);c:\program files\google\update\GoogleUpdate.exe [2009-4-25 133104]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-16 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-7 701512]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-12-21 88040]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-8 77624]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-10-8 20032]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-5-30 39424]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-7 22856]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-12-21 32680]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2010-2-19 132232]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\classroom teacher\smartsnmpagent.exe --> c:\program files\smart technologies\classroom teacher\SMARTSNMPAgent.exe [?]
S3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [2004-4-22 2432]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-10-8 181432]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\NOTEPAD.EXE=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-06-09 05:25:49 -------- d-----w- c:\program files\ESET
2013-06-06 03:59:55 -------- d-----w- c:\documents and settings\don\application data\9ahRf4fD
2013-05-23 02:54:28 -------- d-sh--w- c:\documents and settings\don\PrivacIE
2013-05-23 02:49:05 -------- d-sh--w- c:\documents and settings\don\IETldCache
2013-05-23 02:38:23 -------- d-----w- c:\windows\ie8updates
2013-05-23 02:34:58 -------- dc-h--w- c:\windows\ie8
2013-05-23 02:30:58 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-05-23 02:30:35 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-05-23 02:30:32 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-05-23 02:30:31 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-05-23 02:30:31 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-05-14 20:31:10 6128760 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-05-14 20:31:10 6128760 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-05-14 05:04:24 6224 ------w- C:\Br20F.tmp
.
==================== Find3M ====================
.
2013-05-14 21:07:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 21:07:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-27 06:43:02 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-27 06:43:02 421200 ----a-w- c:\windows\system32\msvcp100.dll
.
============= FINISH: 9:33:20.09 ===============
The computer is working better. It again boots into normal mode. When the computer starts or after I leave it a bit I have troubles with clicking on the mouse. It does not seem to register. I end up having to use Alt-Tab to active windows.
Thanks again
Don
Here is the other log you asked for:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.06.09
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Don :: DONPETERSON [administrator]
6/6/2013 7:24:57 PM
mbam-log-2013-06-06 (19-24-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273059
Time elapsed: 15 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SD2014 (Trojan.FakeAlert.ED) -> Data: C:\Documents and Settings\Don\Application Data\9ahRf4fD\9ahRf4fD.exe -> Quarantined and deleted successfully.
HKCU\Control Panel\don't load|wscui.cpl (Hijack.SecurityCenter) -> Data: No -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-18\$bf8ab89017d7b48fe2e69a05db75957f\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\Documents and Settings\Don\Application Data\9ahRf4fD\9ahRf4fD.exe (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-746137067-606747145-682003330-1004\$bf8ab89017d7b48fe2e69a05db75957f\n (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$bf8ab89017d7b48fe2e69a05db75957f\n (Trojan.0Access) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-746137067-606747145-682003330-1004\$RE63C507D (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don\Local Settings\temp\24.tmp (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don\Local Settings\temp\pcmdrfiifbumolxlpyl.bfg (Malware.Packer.95) -> Quarantined and deleted successfully.
C:\Documents and Settings\Don\Local Settings\temp\xjmbxmpugoftlgtiwtn.bfg (Malware.Packer.95) -> Quarantined and deleted successfully.
(end)
Hello, Nanich.
Good work, and thank you for the logs. There are several items we need to take care of. Please run the following fix:
Please download OTL to your desktop from HERE (http://oldtimer.geekstogo.com/OTL.exe) or HERE (http://www.itxassociates.com/OT-Tools/OTL.exe).
Close all other applications and windows so that you have nothing open.
Double click on the http://oldtimer.geekstogo.com/OTL/OTL_Icon.gif icon on your desktop.
Note: Vista and Windows 7 users right-click and select Run As Administrator. If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button. Under Output, click Minimal Output to select it.
Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
Then click the Run Fix button at the top.
:OTL
:Files
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\ChromeModule.dll
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\CltMngSvc.exe
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\FirefoxModule.dll
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\InternetExplorerModule.dll
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\SPHook32.dll
C:\Documents and Settings\Don\Application Data\SearchProtect\ffprotect\application.js
C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\10\b7799ca-50166c54
C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\39\14a58aa7-5df6506f C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\9\341af249-1e4c1d4b C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail\Junk e-mail\31B3463E-00003D38.eml
C:\Documents and Settings\Don\Local Settings\temp\jar_cache1364093449645286197.tmp
C:\Documents and Settings\Don\Local Settings\temp\jar_cache4386346603285378382.tmp
C:\Documents and Settings\Don\Local Settings\temp\jar_cache5094616853861399607.tmp
C:\Documents and Settings\Don\Local Settings\temp\SecondStepInstaller.exe
C:\Program Files\SearchProtect\bin\ChromeModule.dll
C:\Program Files\SearchProtect\bin\FirefoxModule.dll
C:\Program Files\SearchProtect\bin\InternetExplorerModule.dll
C:\Program Files\SearchProtect\bin\SPHook32.dll
C:\Program Files\SearchProtect\ffprotect\application.js
C:\RECYCLER\S-1-5-18\$bf8ab89017d7b48fe2e69a05db75957f\U\80000000.@
C:\RECYCLER\S-1-5-18\$bf8ab89017d7b48fe2e69a05db75957f\U\800000cb.@
:Commands
[purity]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]
Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
Post the new log in your next reply.
Mouse
If you have another computer, try your mouse there to see if the problem still exists.
Does the problem still exist if you are in Safe Mode?
Can you please give me specific details regarding this issue: is the problem with the left click? right click? both? always? sometimes? wireless mouse? etc.....
All processes killed
========== OTL ==========
========== FILES ==========
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\ChromeModule.dll moved successfully.
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\CltMngSvc.exe moved successfully.
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\FirefoxModule.dll moved successfully.
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\InternetExplorerModule.dll moved successfully.
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\SPHook32.dll moved successfully.
C:\Documents and Settings\Don\Application Data\SearchProtect\ffprotect\application.js moved successfully.
File\Folder C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\10\b7799ca-50166c54 not found.
File\Folder C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\39\14a58aa7-5df6506f C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\6.0\9\341af249-1e4c1d4b C:\Documents and Settings\Don\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail\Junk e-mail\31B3463E-00003D38.eml not found.
C:\Documents and Settings\Don\Local Settings\temp\jar_cache1364093449645286197.tmp moved successfully.
C:\Documents and Settings\Don\Local Settings\temp\jar_cache4386346603285378382.tmp moved successfully.
C:\Documents and Settings\Don\Local Settings\temp\jar_cache5094616853861399607.tmp moved successfully.
C:\Documents and Settings\Don\Local Settings\temp\SecondStepInstaller.exe moved successfully.
C:\Program Files\SearchProtect\bin\ChromeModule.dll moved successfully.
C:\Program Files\SearchProtect\bin\FirefoxModule.dll moved successfully.
C:\Program Files\SearchProtect\bin\InternetExplorerModule.dll moved successfully.
C:\Program Files\SearchProtect\bin\SPHook32.dll moved successfully.
C:\Program Files\SearchProtect\ffprotect\application.js moved successfully.
C:\RECYCLER\S-1-5-18\$bf8ab89017d7b48fe2e69a05db75957f\U\80000000.@ moved successfully.
C:\RECYCLER\S-1-5-18\$bf8ab89017d7b48fe2e69a05db75957f\U\800000cb.@ moved successfully.
========== COMMANDS ==========
Unable to start System Restore Service. Error code 10
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 14169828 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Don
->Temp folder emptied: 2639657755 bytes
->Temporary Internet Files folder emptied: 569432239 bytes
->Java cache emptied: 5567028 bytes
->FireFox cache emptied: 53135752 bytes
->Google Chrome cache emptied: 6383089 bytes
->Flash cache emptied: 17994552 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 13493637 bytes
->Flash cache emptied: 610 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 187017196 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 9465 bytes
%systemdrive% .tmp files removed: 6224 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 257020276 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 705655582 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1271481060 bytes
Total Files Cleaned = 5,475.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06122013_193159
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Mouse Stuff...
The clicking issue started when I first had problems. Once the system is running for a bit it is fine, but when I first log on or leave it for a few hours, it has troubles for a few seconds. I have to alt-tab to activate even the most front window and use tab and arrow keys to select things.
I use a wireless mouse.
Don
Hello, Nanich.
Thank you for the OTL log. Please work through the following tasks:
1. Create New System Restore Point
Click Start > Run > and copy and paste the following into the Run box:
%SystemRoot%\System 32\restore\rstrui.exe
Click OK.
Select Create Restore Point, then click Next.
Name your new restore point (something you will remember). Click Create.
When the screen confirms that the restore point has been created, click Close.
2. Delete Old Restore Points
Click Start > Run > and copy and paste the following into the Run box:
Cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click the More Options tab.
Click the Clean up… button in the System Restore box.
Click the Yes button.
When finished, click the Cancel button to exit.
3. OTL Scan
Please run OTL again and post a fresh log in your next reply.
Mouse Troubleshooting
Please read and work through the suggestions in the following Microsoft support documents HERE (http://support.microsoft.com/kb/321122) and HERE (http://support.microsoft.com/kb/322609).
If your issue has still not been resolved, please send me the name and model of your wireless mouse.
I am still here! I might be a couple of days!
Don
------------------------------------------
Edit: http://forums.spybot.info/showthread.php?68842-I-am-back-III
OK, thanks for letting me know.
Hello, Nanich.
Have you set and cleared your old restore points? Have you run the OTL scan yet?
Due to inactivity, this thread will now be closed.
If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.