Yeah, so I am trying to boot into safemode with no luck. I have tapped the F8, but I get asked where I want to boot from (floppy, harddisk, etc), but I do not get safemode.
Don
Yeah, so I am trying to boot into safemode with no luck. I have tapped the F8, but I get asked where I want to boot from (floppy, harddisk, etc), but I do not get safemode.
Don
I am back II
Hello, Nanich.
Let's try an alternate method of booting into Safe Mode and running the OTL scan. If you successfully boot into Safe Mode, please run the OTL scan that you see in option 2 below.
Using the F5 Method as an option
- Restart your computer.
- Gently tap the F5 key repeatedly until the Windows XP Advanced Options menu appears.
Note: If Windows launches before you can choose Safe Mode, restart your computer and try again.
- Select the Safe Mode option using the up and down arrow keys.
- Then, press the enter key on your keyboard to boot into Safe Mode.
Note: When tasks have been completed, reboot your computer to normal mode.
If you are still having difficulty booting into Safe Mode, continue with the next option.
Option 2: Run OTL in Normal Mode using the revised script
Run OTL.exe
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
- Then click the Run Fix button at the top.
Code::OTL DRV - (catchme) -- C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15539672730253678&UM=2&SSPV=TB_C3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC O2 - BHO: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found. O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit) O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [aadababfecedct] "C:\Documents and Settings\All Users\Application Data\aadababfecedct.exe" File not found O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [SearchProtect] C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit) [2013/04/11 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] :Reg :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [Reboot]
- Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
- Post the new log in your next reply.
Okay, I got into safemode using f5, I did the scan/fix. I was surprised at how quick it was before it asked to reboot. The system rebooted. AFter the reboot, the logs did not come up. I did a scan of the computer to look for the saved verision of the files, but nothing came up. I also noticed that my "Firefox" program is gone as well.
Do you think I should try running the fix again?
Don
I am back II
Hello, Nanich.
Glad you were able to get into Safe Mode and run OTL. Let's take a look at your concerns.
Cannot locate OTL logs after system reboot
OTL does not take long to scan (approx. 10 minutes depending on your system). If it was an instant scan and reboot, it is quite possible that the scan did not complete, and therefore, no logs were produced. However, OTL will save two logs (OTL.txt and Extras.txt) in the folder that OTL was started from. If OTL was saved in your Downloads folder, for example, check there for the logs.
If the logs are available please copy and paste them into your next reply. If they are not there, please rerun OTL. Because you are running a second scan, it will only produce one log, OTL.txt.
After reboot, Firefox disappeared
Can you please expand on this? Do you mean the Firefox icon has disappeared from your desktop and/or task bar? Is Firefox still installed on your system?
If only the icon has disappeared, try rebooting again. If it still does not appear, do the following:
- Click Start > Click Window Key + R to access the Run dialog box.
- In the open field, type C:\Program Files\Mozilla Firefox > Click OK.
- Right click Firefox > Send to > Desktop.
Or, if you prefer to have the icon pinned to your taskbar instead of your desktop, drag the FF icon from your Start menu to your taskbar.
I will run the scan again.
For firefox. The shortcut on my desktop remained, but as the generic icon. When I clicked on the icon it looked for firefox using the flashlight. To me that suggests that the program is gone. I looked in Program Files and could not see it there.
Don
SUCCESS!!
========== OTL ==========
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found not found.
Registry value HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll not found.
File C:\Program Files\SearchProtect\bin\cltmng.exe not found.
File move failed. C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\aadababfecedct not found.
Registry value HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
File C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe not found.
Folder C:\Program Files\Mozilla Firefox\ not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Documents and Settings\Don\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Documents and Settings\Don\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Don\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Don\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 05222013_191857
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
---------------------
Again, I can only find the one log. The log I posted was not saved either. I copy and pasted it from the open window.
Don
I am back II
Hello, Nanich.
Thank you for the OTL report. Glad you were able to run it.
Let me clarify a couple of items for you. When you run OTL the first time, it will produce two logs for you, as I had previously mentioned. These would be OTL.txt and Extras.txt. If you run OTL a second time, it will not produce the second report (Extras.txt), which is why only the first report opened. This is not something we need to worry about now.
You were able to send me the OTL.txt report, so let's not worry about saving the logs. If you are curious though, you can follow this path to see if the log is located there:
Click Start > Computer > Local Disk C: > OTL > Moved Files
It will appear as something like this: mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time you ran OTL.
Your OTL report shows several entries that need some attention. Please do the following:
Run OTL.exe
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
- Then click the Run Fix button at the top.
Code::OTL :Reg [HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks] "{739df940-c5ee-4bab-9d7e-270894ae687a}"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] [- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] [-HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] [-HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a] [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] "{739df940-c5ee-4bab-9d7e-270894ae687a}"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SearchProtectAll"=- HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run "aadababfecedct"=- HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run "SearchProtect"- :Files ipconfig /flushdns /c C:\Program Files\SearchProtect C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe C:\Program Files\Mozilla Firefox\ C:\WINDOWS\*.tmp C:\Documents and Settings\Don\*.tmp C:\WINDOWS\System32\*.tmp :Commands [purity] [emptytemp] [resethosts] [Reboot]
- Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
- Post the new log in your next reply.
Firefox
Let's do a clean reinstall of Firefox:
- Download the latest version of Firefox from HERE > Click Save File.
- After the download is complete, close all Firefox windows.
- Before reinstalling Firefox, delete the Firefox uninstall folder, which is located in the following location by default:
Click Start > My Computer > Local Disk C: > Program Files > Mozilla Firefox > Uninstall
Note: To preserve your bookmarks, saved passwords, and other data, do not place a check mark in the box that says Remove my Firefox personal data and customizations.
- Now reinstall Firefox:
- Locate the saved file (Firefox Setup 21.0.exe), double-click the file to begin the Installation Wizard and follow the prompts.
- Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.
OKay I got firefox back. I tried to run the OTL fix you gave me, but it hung up even in safemode!
Don
I am back II
Hello, Nanich.
Firefox is back, great news, good job. As far as the OTL scan is concerned, let's just run a fresh scan without attempting a fix. If you cannot run it in Normal Mode, then run it in Safe Mode.
- From your desktop, double click on the
icon.
Note: Vista and Windows 7 users right-click and select Run As Administrator. If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
- Under Output, click Minimal Output to select it.
- Click the Scan All Users checkbox. Leave the remaining selections to the default settings.
- Do not use the computer while the scan is in progress.
- When the scan is complete, the following log will open in Notepad: OTListIt.txt
- This log should save automatically to the Desktop.
- Please copy and paste the contents of OTListIt.txt in your next reply.
- Click the red X in the upper right corner to exit OTL.
Here you go!
OTL logfile created on: 5/26/2013 6:05:07 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Don\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.61% Memory free
4.84 Gb Paging File | 3.85 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 16.47 Gb Free Space | 3.54% Space Free | Partition Type: NTFS
Computer Name: DONPETERSON | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Don\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
PRC - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\655c70628497117a1008510a401f84d3\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\261b2323f46266bf9039ebc350ef466a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\6fcb023855a4670d86e80ac4744b0efe\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\347f5b43b525120fe2f33d92d75337f2\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0eef0fa73253bcea73885b6912c5433\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\13041000\algo.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\68b0fc15aa862e54593dd85b59116998\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\32b515633fcbcc6dad09b9dd09f2fc2f\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65e520f98f7674d462d26671c1ce97a7\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\mpg2splt.ax ()
MOD - C:\Program Files\Vuze\plugins\azitunes\jacob-1.17-M2-x86.dll ()
MOD - C:\Program Files\Vuze\aereg.dll ()
MOD - C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\AVAST Software\Avast\Setup\setiface.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Azureus\plugins\azutp\win32\utp.dll ()
MOD - C:\WINDOWS\system32\qdvd.dll ()
MOD - C:\Documents and Settings\Don\Local Settings\temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\xvidcore.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\dxmasf.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\xvid.ax ()
MOD - C:\WINDOWS\system32\tsd32.dll ()
========== Services (SafeList) ==========
SRV - (SMART SNMP Agent Service) -- C:\Program Files\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (CltMngSvc) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (szkgfs) -- system32\drivers\szkgfs.sys File not found
DRV - (szkg5) -- system32\DRIVERS\szkg.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (is3srv) -- system32\drivers\is3srv.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (iDispService) -- C:\WINDOWS\system32\drivers\idisplayminiport.sys (SHAPE Services)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctNDIS) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (PCTFW-DNS) -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvselsus) -- C:\WINDOWS\system32\drivers\lvselsus.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation)
DRV - (SaiH0461) -- C:\WINDOWS\system32\drivers\SaiH0461.sys (Saitek)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (CX23880) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.)
DRV - (DSDrv4) -- C:\Program Files\DScaler\DSDrv4.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (smrtdrv) -- C:\WINDOWS\system32\drivers\smrtdrv.sys (SMART Technologies Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/12 13:55:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2009/01/25 00:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Extensions
[2013/05/25 20:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/25 20:04:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC
CHR - Extension: avast! WebRep = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: GoPhoto.it = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\
O1 HOSTS File: ([2013/05/22 19:18:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F78B2EB-7177-4840-97C8-62D965C16EE8}: DhcpNameServer = 64.59.160.13 64.59.161.68
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/21 11:51:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/25 20:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/05/25 20:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/25 20:02:40 | 021,289,608 | ---- | C] (Mozilla) -- C:\Documents and Settings\Don\Desktop\Firefox Setup 21.0.exe
[2013/05/22 19:54:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Don\PrivacIE
[2013/05/22 19:49:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Don\IETldCache
[2013/05/22 19:38:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/05/22 19:34:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/05/22 19:30:58 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/05/22 19:30:31 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/05/13 01:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SearchProtect
[2013/05/12 00:17:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/05/07 21:30:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Don\Desktop\OTL.exe
[2013/05/05 11:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Desktop\Old Firefox Data
[2013/05/05 10:30:23 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswclear.exe
[2013/05/01 18:14:21 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Don\Desktop\TDSSKiller.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/26 18:07:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/26 18:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/26 13:16:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/26 05:06:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/25 20:04:39 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/25 20:04:39 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/05/25 20:02:40 | 021,289,608 | ---- | M] (Mozilla) -- C:\Documents and Settings\Don\Desktop\Firefox Setup 21.0.exe
[2013/05/25 17:18:53 | 000,502,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/25 17:18:53 | 000,088,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/25 17:10:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/25 17:09:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/05/25 17:09:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2013/05/25 08:27:15 | 000,013,770 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/23 03:01:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/22 23:26:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/22 19:49:08 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/22 19:18:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/05/15 03:28:06 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/14 14:07:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/14 14:07:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/13 22:04:24 | 000,000,211 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2013/05/07 21:30:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don\Desktop\OTL.exe
[2013/05/06 21:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/05 10:30:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswclear.exe
[2013/05/01 18:13:52 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\tdsskiller.zip
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/05/25 20:04:39 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/25 20:04:39 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/05/22 19:49:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/01 18:13:51 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\tdsskiller.zip
[2013/01/09 04:36:13 | 000,318,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/05 20:22:57 | 000,138,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/12/05 20:01:44 | 000,281,688 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/12/05 20:01:40 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/04/20 19:40:47 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2012/02/15 21:43:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/08/15 01:00:50 | 000,855,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-746137067-606747145-682003330-1004-0.dat
[2011/08/15 01:00:49 | 000,217,590 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/11 10:23:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/11 10:23:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/11 10:23:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/11 10:23:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/11 10:23:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/07 20:56:47 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 11:16:37 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Don\.Xauthority
[2009/09/01 23:30:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\LOG
[2009/02/13 07:49:36 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-settings
[2009/02/13 07:49:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-editor-session
[2009/02/13 07:49:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-user-dict
[2009/01/21 19:15:39 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\PnkBstrK.sys
========== ZeroAccess Check ==========
[2009/01/21 19:18:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 18:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Posting Permissions
