Page 1 of 6 12345 ... LastLast
Results 1 to 10 of 51

Thread: I am back II

  1. #1
    Member
    Join Date
    Nov 2009
    Posts
    39

    Default I am back II

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.17128 BrowserJavaVersion: 1.6.0_26
    Run by Don at 20:07:50 on 2013-04-20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2165 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: PC Tools Firewall Plus *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe
    C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\SearchProtect\bin\CltMngSvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uURLSearchHooks: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    uRun: [aadababfecedct] "c:\documents and settings\all users\application data\aadababfecedct.exe"
    uRun: [SearchProtect] c:\documents and settings\don\application data\searchprotect\bin\cltmng.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
    mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
    mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    StartupFolder: c:\docume~1\don\startm~1\programs\startup\avgfre~1.lnk - c:\program files\avg\avg8\avgtray.exe
    StartupFolder: c:\docume~1\don\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\don\application data\dropbox\bin\Dropbox.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: NameServer = 64.59.160.13 64.59.161.68
    TCP: Interfaces\{7F78B2EB-7177-4840-97C8-62D965C16EE8} : DHCPNameServer = 64.59.160.13 64.59.161.68
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\don\application data\mozilla\firefox\profiles\m6tf3mhu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN24014405641032166&UM=2&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=
    FF - component: c:\documents and settings\don\application data\mozilla\firefox\profiles\m6tf3mhu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\don\application data\mozilla\firefox\profiles\m6tf3mhu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
    FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
    FF - ExtSQL: 2013-03-31 22:00; torntv2@torntv.com; c:\documents and settings\don\application data\mozilla\firefox\profiles\m6tf3mhu.default\extensions\torntv2@torntv.com.xpi
    FF - ExtSQL: !HIDDEN! 2009-09-02 01:53; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
    ============= SERVICES / DRIVERS ===============
    .
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-12 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-12 307928]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-21 233136]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-12 19544]
    R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-3-6 93984]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-16 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-7 701512]
    R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-12-21 818432]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-3-19 3289208]
    R3 iDispService;iDispService;c:\windows\system32\drivers\idisplayminiport.sys [2012-3-21 14248]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-7 22856]
    R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-12-21 70664]
    R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-12-21 58816]
    R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-12-21 115216]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
    S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
    S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-12 42184]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9c62bfc4ddf28;Google Update Service (gupdate1c9c62bfc4ddf28);c:\program files\google\update\GoogleUpdate.exe [2009-4-25 133104]
    S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-12-21 88040]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-8 77624]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-10-8 20032]
    S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-5-30 39424]
    S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-12-21 32680]
    S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2010-2-19 132232]
    S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\classroom teacher\smartsnmpagent.exe --> c:\program files\smart technologies\classroom teacher\SMARTSNMPAgent.exe [?]
    S3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [2004-4-22 2432]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-10-8 181432]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\NOTEPAD.EXE=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-04-20 05:49:27 -------- d-----w- c:\documents and settings\don\application data\AVG2013
    2013-04-20 05:45:53 -------- d--h--w- C:\$AVG
    2013-04-20 05:45:53 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
    2013-04-20 05:31:55 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2013-04-20 05:31:55 -------- d-----w- c:\documents and settings\don\local settings\application data\MFAData
    2013-04-20 05:31:55 -------- d-----w- c:\documents and settings\don\local settings\application data\Avg2013
    2013-04-20 05:31:55 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2013-04-15 03:04:51 -------- d-----w- c:\documents and settings\don\application data\LibreOffice
    2013-04-15 03:04:19 -------- d-----w- c:\windows\System64
    2013-04-15 03:02:57 -------- d-----w- c:\program files\LibreOffice 4.0
    2013-04-15 02:46:14 -------- d-----w- c:\program files\Dropbox
    2013-04-15 02:44:38 -------- d-----w- c:\documents and settings\don\application data\Dropbox
    2013-04-06 23:18:00 -------- d-----w- c:\documents and settings\don\local settings\application data\Colossal Order
    2013-04-01 05:02:30 -------- d-----w- c:\documents and settings\don\local settings\application data\WhiteSmoke_New
    2013-04-01 05:02:28 -------- d-----w- c:\program files\WhiteSmoke_New
    2013-04-01 05:02:15 -------- d-----w- c:\documents and settings\don\local settings\application data\CRE
    2013-04-01 05:01:42 -------- d-----w- c:\program files\SearchProtect
    2013-04-01 05:01:16 -------- d-----w- c:\documents and settings\don\application data\SearchProtect
    2013-04-01 05:00:37 -------- d-----w- c:\program files\Gophoto.it
    2013-04-01 05:00:19 -------- d-----w- c:\program files\TornTV.com
    2013-03-27 06:43:02 773968 ----a-w- c:\windows\system32\msvcr100.dll
    2013-03-27 06:43:02 421200 ----a-w- c:\windows\system32\msvcp100.dll
    .
    ==================== Find3M ====================
    .
    2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-12 21:07:09 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-12 21:07:09 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
    2013-03-07 01:32:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe
    2013-03-07 00:50:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
    2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2013-02-24 19:03:34 832512 ----a-w- c:\windows\system32\wininet.dll
    2013-02-24 19:03:34 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2013-02-24 19:03:33 78336 ----a-w- c:\windows\system32\ieencode.dll
    2013-02-24 19:03:33 17408 ----a-w- c:\windows\system32\corpol.dll
    2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
    .
    ============= FINISH: 20:08:51.21 ===============



    aswMBR would not work. I get this message in a seprate box: avast! Antirootkit has encountered a problem and needs to close. We are sorry for the inconvenience. Then aswMBR closes.

    Spybot: There are directions to use Spybot in post #2, but... I could not find the link for it.

  2. #2
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default I am back II

    Hello Nanich.

    My name is fbfbfb. I will gladly assist you with your concerns.

    Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice. This may cause a delay, but I will do my best to keep it as short as possible.

    I am checking over your DDS log now, and I will post back shortly with instructions.

    While working to resolve the issues with your machine, please follow these guidelines:
    • Please be patient. Logs are lengthy and can take time to analyze.
    • Read and follow my directions carefully, in the sequence they are posted.
    • If you are unsure about anything, please ask for clarification before continuing.
    • Use only those tools that you have been directed to use.
    • Do not install or uninstall any applications or run any other scans without being directed to do so.
    • Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
    • Stay with me until your machine has been deemed all clear.
    • Please reply within 3 days of each post to avoid closing this topic.

  3. #3
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default I am back II

    Hello, Nanich. Thank you for the DDS logs. You report that you had problems running aswMBR. Let's try running TDSSKiller instead.

    Please run the following scans

    1. TDSSKiller
    • Please download TDSSKiller from HERE and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder, right click on TDSSKiller.exe and select Run as Administrator to run the application.
    • When the window opens, click Change Parameters.
    • Under Additional options, put a check mark in the box next to Detect TDLFS File System. Click OK.
    • Click Start Scan.
    • As we are only looking for a log of what is on the machine right now, choose Skip for whatever is found.
    • Click Continue > Reboot now.
    Please copy and paste the contents of that file in your next reply.

    2. Security Check

    Please download Security Check by screen317 from HERE or HERE.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt. This may take a few minutes.
    Please copy and paste the contents of that document into your next reply.

  4. #4
    Member
    Join Date
    Nov 2009
    Posts
    39

    Default

    Thank you. One of your directions does not seem to work for me:
    \
    Once extracted, open the TDSSKiller folder, right click on TDSSKiller.exe and select Run as Administrator to run the application.

    There is a Run as... option. When I select that there is no option to run as an administrator.

    Thanks!

    Don

  5. #5
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default I am back II

    Hello, Nanich.

    Please work through the following tasks

    Uninstall Multiple Anti-virus Programs

    I see that you are currently running multiple anti-virus programs:
    • avast! Antivirus
    • AVG 2013
    Running multiple antivirus programs can trigger system slow downs, crashes, and/or conflicts with each other causing them not to work properly. I am recommending that you choose and keep only one good antivirus program installed on your computer. To remove the other, please follow these steps:
    • Click Start and select Control Panel.
    • When the Control Panel window opens, click on Uninstall a program found under the Programs category.
    • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
    • Look through the list of programs for the one that you would like to uninstall, and then left-click on it once to highlight it.
    • Click on the Uninstall button.
    • When asked if you are sure you want to uninstall, click Yes.
    • The program will uninstall, and when completed you will be back at the list of programs installed on your computer.
    • When finished, close the Programs and Features screen.
    TDSSKiller

    Let me revise those instructions for you:

    • Please download TDSSKiller from HERE and save it to your Desktop.
    • Unzip the folder. (Right Click > Extract to your Desktop).
    • Doubleclick on TDSSKiller.exe to run the application.
    • When the window opens, click Change Parameters.
    • Under Additional options, put a check mark in the box next to Detect TDLFS File System. Click OK.
    • Click Start Scan.
    • As we are only looking for a log of what is on the machine right now, choose Skip for whatever is found.
    • Click Continue > Reboot now.
    • Click on Report.
    Please copy and paste the contents of that file in your next reply.
    Note: It will also create a log in the C:\ directory.
    Please run the following scan

    OTL by OLD TIMER
    • Please download OTL to your desktop from HERE or HERE
    • Close all other applications and windows so that you have nothing open.
    • Double click on the icon on your desktop.
    Note: Vista and Windows 7 users right-click and select Run As Administrator. If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
    • Under Output, click Minimal Output to select it.
    • Click the Scan All Users checkbox. Leave the remaining selections to the default settings.
    • Do not use the computer while the scan is in progress.
    • When the scan is complete, two log files will open in Notepad: OTListIt.txt (will be maximized) and Extras.txt <- (will be minimized in the Task Bar).
    • Both logs are automatically saved to the Desktop.
    • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply. If the Extras.txt log is too long, you may need to add a second reply to your thread.
    • Click the red X in the upper right corner to exit OTL.


    SUMMARY: In your next reply, please post the following:
    • TDSSKiller report
    • Security Check report
    • OTL log

  6. #6
    Member
    Join Date
    Nov 2009
    Posts
    39

    Default

    Thanks,

    I am not have much luck. AVAST will not uninstall. I do see the entry. When I click on it and click remove, the computer works but the nothing happens.

    I do not see an entry for AVG. I do see the folder in program files, but I do not in the "add or remove programs"

    Because I could not do your first instructions, I have not go onto the next instructions.

    Thanks!

    Don

  7. #7
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default I am back II

    Accidental reply--please ignore.
    Last edited by fbfbfb; 2013-05-04 at 22:40.

  8. #8
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default I am back II

    Hello, Nanich.

    Sometimes it is difficult to uninstall these anti-virus programs in the usual manner, in which case you can use specified removal tools supplied by each software manufacturer. Depending on which anti-virus you have chosen to remove, follow these steps:

    1. Uninstall Avast using aswClear
    • Download aswclear.exe HERE and save it on your desktop.
    • Start Windows in Safe Mode.
    • Open the uninstall utility.
    • If you installed avast! in a different folder than the default, browse for it.
    • Click REMOVE.
    • Restart your computer.


    2. Uninstall AVG using AVG Remover tool
    • Save all your work and close all documents. Your computer will be restarted during the procedure.
    • Download AVG Remover tool from HERE.
    • Run the downloaded tool and follow the instructions displayed on your screen.
    • Your computer will be restarted automatically.
    • After the restart, AVG Remover will finish the uninstallation.

  9. #9
    Member
    Join Date
    Nov 2009
    Posts
    39

    Default

    I am using windows XP. How do you start in safemode? A website said to hold F8 down, but that only gave me different options on which device to use to boot. It did not offer safemode.

    Don

  10. #10
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default I am back II

    Hello, Nanich.

    Boot into Safe Mode using the F8 method:
    • Restart your computer.
    • Gently tap the F8 key repeatedly until the Windows XP Advanced Options menu appears.
    Note: If Windows launches before you can choose Safe Mode, restart your computer and try again.
    • Select the Safe Mode option using the up and down arrow keys.
    • Then, press the enter key on your keyboard to boot into Safe Mode.
    Note: When tasks have been completed, reboot your computer to normal mode.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •