Page 2 of 6 FirstFirst 123456 LastLast
Results 11 to 20 of 51

Thread: I am back II

  1. 2013-05-07, 06:06 #11
    Nanich
    Nanich is offline
    Member
    Join Date
    Nov 2009
    Posts
    39

    Default

    I did that, but I do not get the safe mode start up options. The only options that I get are different location options for start up.

    Don
  2. 2013-05-07, 14:30 #12
    fbfbfb
    fbfbfb is offline
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default I am back II

    Hello, Nanich.

    For the moment, let's set aside removing the extra anti-virus program in Safe Mode; we will come back to that later.

    Please run Security Check as previously instructed as well as the scan below:


    Please download OTL to your desktop from HERE or HERE.

    • Close all other applications and windows so that you have nothing open.
    • Double click on the icon on your desktop.

    Note: Vista and Windows 7 users right-click and select Run As Administrator. If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.

    • Under Output, click Minimal Output to select it.
    • Click the Scan All Users checkbox. Leave the remaining selections to the default settings.
    • Do not use the computer while the scan is in progress.
    • When the scan is complete, two log files will open in Notepad: OTListIt.txt (will be maximized) and Extras.txt <- (will be minimized in the Task Bar).
    • Both logs are automatically saved to the Desktop.
    • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply. If the Extras.txt log is too long, you may need to add a second reply to your thread.
    • Click the red X in the upper right corner to exit OTL.
  3. 2013-05-08, 07:20 #13
    Nanich
    Nanich is offline
    Member
    Join Date
    Nov 2009
    Posts
    39

    Default

    Windows XP Service Pack 3 x86
    Internet Explorer 7 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    avast! Free Antivirus
    AVG 2013
    PC Tools Firewall Plus 6.0
    `````````Anti-malware/Other Utilities Check:`````````
    Out of date HijackThis installed!
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.75.0.1300
    HijackThis 2.0.2
    Java(TM) 6 Update 22
    Java(TM) 6 Update 26
    Java version out of Date!
    Adobe Flash Player 11.6.602.180
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (20.0.1)
    Google Chrome 26.0.1410.43
    Google Chrome 26.0.1410.64
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast avastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 10%
    ````````````````````End of Log``````````````````````


    OTL logfile created on: 5/7/2013 9:32:05 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Don\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 71.51% Memory free
    4.84 Gb Paging File | 4.14 Gb Available in Paging File | 85.64% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.75 Gb Total Space | 20.06 Gb Free Space | 4.31% Space Free | Partition Type: NTFS

    Computer Name: DONPETERSON | User Name: Don | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Don\My Documents\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Documents and Settings\Don\My Documents\Downloads\SecurityCheck.exe ()
    PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
    PRC - C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
    PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
    PRC - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
    PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Documents and Settings\Don\My Documents\Downloads\SecurityCheck.exe ()
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Documents and Settings\Don\Application Data\Dropbox\bin\libcef.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\68b0fc15aa862e54593dd85b59116998\System.Management.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\32b515633fcbcc6dad09b9dd09f2fc2f\System.Runtime.Remoting.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65e520f98f7674d462d26671c1ce97a7\PresentationFramework.Luna.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
    MOD - C:\Documents and Settings\Don\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
    MOD - C:\Documents and Settings\Don\Local Settings\temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
    MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()


    ========== Services (SafeList) ==========

    SRV - (SMART SNMP Agent Service) -- C:\Program Files\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe File not found
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (CltMngSvc) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
    SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (szkgfs) -- system32\drivers\szkgfs.sys File not found
    DRV - (szkg5) -- system32\DRIVERS\szkg.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (is3srv) -- system32\drivers\is3srv.sys File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found
    DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (iDispService) -- C:\WINDOWS\system32\drivers\idisplayminiport.sys (SHAPE Services)
    DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
    DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
    DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek)
    DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek)
    DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
    DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
    DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
    DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
    DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
    DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
    DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
    DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
    DRV - (pctNDIS) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
    DRV - (PCTFW-DNS) -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys (PC Tools)
    DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
    DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
    DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
    DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
    DRV - (lvselsus) -- C:\WINDOWS\system32\drivers\lvselsus.sys (Logitech Inc.)
    DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
    DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
    DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
    DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
    DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation)
    DRV - (SaiH0461) -- C:\WINDOWS\system32\drivers\SaiH0461.sys (Saitek)
    DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (CX23880) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.)
    DRV - (DSDrv4) -- C:\Program Files\DScaler\DSDrv4.sys ()
    DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
    DRV - (smrtdrv) -- C:\WINDOWS\system32\drivers\smrtdrv.sys (SMART Technologies Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

    IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
    IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15539672730253678&UM=2&SSPV=TB_C3
    IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/12 13:55:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/11 23:00:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/11 23:00:44 | 000,000,000 | ---D | M]

    [2009/01/25 00:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Extensions
    [2013/04/11 23:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/04/24 18:21:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/04/24 18:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/04/24 18:21:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/04/11 23:00:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/06/12 09:34:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/08/29 21:56:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/02/19 09:59:04 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google ()
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC
    CHR - Extension: avast! WebRep = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
    CHR - Extension: GoPhoto.it = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\

    O1 HOSTS File: ([2011/06/12 13:38:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
    O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
    O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
    O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [aadababfecedct] "C:\Documents and Settings\All Users\Application Data\aadababfecedct.exe" File not found
    O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [SearchProtect] C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
    O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
    O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F78B2EB-7177-4840-97C8-62D965C16EE8}: DhcpNameServer = 64.59.160.13 64.59.161.68
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/01/21 11:51:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/05/05 11:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Desktop\Old Firefox Data
    [2013/05/05 10:30:23 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswclear.exe
    [2013/05/01 18:14:21 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Don\Desktop\TDSSKiller.exe
    [2013/04/20 20:11:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswMBR.exe
    [2013/04/20 20:07:22 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Don\Desktop\dds.scr
    [2013/04/20 20:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/04/20 20:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2013/04/20 20:03:46 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Don\Desktop\erunt-setup.exe
    [2013/04/19 22:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\AVG2013
    [2013/04/19 22:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
    [2013/04/19 22:31:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2013/04/19 22:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Local Settings\Application Data\MFAData
    [2013/04/19 22:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2013/04/19 22:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Local Settings\Application Data\Avg2013
    [2013/04/19 22:31:32 | 004,411,440 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Don\Desktop\avg_avct_stb_all_2013_2667_cm10.exe
    [2013/04/14 20:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\LibreOffice
    [2013/04/14 20:04:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LibreOffice 4.0
    [2013/04/14 20:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System64
    [2013/04/14 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 4.0
    [2013/04/14 19:48:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Don\My Documents\Dropbox
    [2013/04/14 19:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
    [2013/04/14 19:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Start Menu\Programs\Dropbox
    [2013/04/14 19:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\Dropbox
    [2013/04/14 19:42:00 | 032,746,544 | ---- | C] (Dropbox, Inc.) -- C:\Documents and Settings\Don\Desktop\Dropbox 2.0.6.exe
    [2013/04/11 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
    [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/05/07 21:30:47 | 000,502,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/05/07 21:30:47 | 000,088,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/05/07 21:21:53 | 000,013,770 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/05/07 21:21:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/05/07 21:21:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2013/05/07 21:21:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2013/05/07 20:01:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/05/07 19:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/05/06 23:01:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/05/05 10:30:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswclear.exe
    [2013/05/01 23:26:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/05/01 18:13:52 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\tdsskiller.zip
    [2013/04/27 14:04:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/04/20 22:03:20 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Don\.Xauthority
    [2013/04/20 20:12:32 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswMBR.exe
    [2013/04/20 20:07:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Don\Desktop\dds.scr
    [2013/04/20 20:03:46 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Don\Desktop\erunt-setup.exe
    [2013/04/19 22:31:28 | 004,411,440 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Don\Desktop\avg_avct_stb_all_2013_2667_cm10.exe
    [2013/04/19 22:26:23 | 000,062,464 | ---- | M] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/04/19 22:22:37 | 115,054,456 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\avast_free_antivirus_setup.exe
    [2013/04/15 20:01:59 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/04/14 19:59:41 | 193,572,864 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\LibreOffice_4.0.2_Win_x86.msi
    [2013/04/14 19:48:06 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Dropbox.lnk
    [2013/04/14 19:46:41 | 000,000,996 | ---- | M] () -- C:\Documents and Settings\Don\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/04/14 19:42:50 | 032,746,544 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Don\Desktop\Dropbox 2.0.6.exe
    [2013/04/10 03:05:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
    [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/05/01 18:13:51 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\tdsskiller.zip
    [2013/04/19 22:20:24 | 115,054,456 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\avast_free_antivirus_setup.exe
    [2013/04/14 19:54:58 | 193,572,864 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\LibreOffice_4.0.2_Win_x86.msi
    [2013/04/14 19:48:06 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\Dropbox.lnk
    [2013/04/14 19:46:41 | 000,000,996 | ---- | C] () -- C:\Documents and Settings\Don\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/01/09 04:36:13 | 000,318,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/12/05 20:22:57 | 000,138,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2012/12/05 20:01:44 | 000,281,688 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2012/12/05 20:01:40 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2012/04/20 19:40:47 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2012/02/15 21:43:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
    [2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
    [2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
    [2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
    [2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
    [2011/08/15 01:00:50 | 000,855,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-746137067-606747145-682003330-1004-0.dat
    [2011/08/15 01:00:49 | 000,217,590 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/06/11 10:23:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/06/11 10:23:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/06/11 10:23:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/06/11 10:23:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/06/11 10:23:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/03/07 20:56:47 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/15 11:16:37 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Don\.Xauthority
    [2009/09/01 23:30:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\LOG
    [2009/02/13 07:49:36 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-settings
    [2009/02/13 07:49:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-editor-session
    [2009/02/13 07:49:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-user-dict
    [2009/01/21 19:15:39 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\PnkBstrK.sys

    ========== ZeroAccess Check ==========

    [2009/01/21 19:18:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 18:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >


    This is all I have. I do not see an extras.txt on the task bar or on my desktop.
  4. 2013-05-10, 12:06 #14
    fbfbfb
    fbfbfb is offline
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default I am back II

    Hello, Nanich.

    Thank you for the Security Check and OTL reports. The extras.txt should be in the same location as OTL. If it is there, you can send it in your next reply. If it is not, let's not worry about it.

    Please run the following scan

    Run OTL.exe
    • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
    • Then click the Run Fix button at the top.

    Code:
    :OTL
DRV - (catchme) -- C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15539672730253678&UM=2&SSPV=TB_C3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC
O2 - BHO: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [aadababfecedct] "C:\Documents and Settings\All Users\Application Data\aadababfecedct.exe" File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [SearchProtect] C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
[2013/04/11 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
    • Post the new log in your next reply.
  5. 2013-05-11, 17:05 #15
    Nanich
    Nanich is offline
    Member
    Join Date
    Nov 2009
    Posts
    39

    Default

    So I ran the scan. I think it stopped part way through. I left it overnight and said something like "killing processes" The task bar and desktop icons were missing when I woke up. I had to do a manual reset to get it running again.

    Don
  6. 2013-05-12, 01:55 #16
    Nanich
    Nanich is offline
    Member
    Join Date
    Nov 2009
    Posts
    39

    Default

    Yes I tried to run the scan again, and the same thing happened. I think it stops at the beginning.

    Don
  7. 2013-05-12, 03:49 #17
    fbfbfb
    fbfbfb is offline
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default I am back II

    Hello, Nanich.

    Let's run OTL again, this time in Safe Mode. Once you are in Safe Mode, run the OTL fix which I have included below--I have made an adjustment.

    1. Boot into Safe Mode

    Using the F8 Method as an option:
    • Restart your computer.
    • Gently tap the F8 key repeatedly until the Windows XP Advanced Options menu appears.
    Note: If Windows launches before you can choose Safe Mode, restart your computer and try again.
    • Select the Safe Mode option using the up and down arrow keys.
    • Then, press the enter key on your keyboard to boot into Safe Mode.



    Note: When tasks have been completed, reboot your computer to normal mode.

    2. Run OTL.exe
    • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
    • Then click the Run Fix button at the top.

    Code:
    :OTL
DRV - (catchme) -- C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15539672730253678&UM=2&SSPV=TB_C3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC
O2 - BHO: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [aadababfecedct] "C:\Documents and Settings\All Users\Application Data\aadababfecedct.exe" File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [SearchProtect] C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
[2013/04/11 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
    • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
    • Post the new log in your next reply.
  8. 2013-05-14, 17:57 #18
    fbfbfb
    fbfbfb is offline
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default I am back II

    Hello, Nanich.

    Have you been able to run the OTL scan in Safe Mode? Are you having any problems?
  9. 2013-05-17, 14:44 #19
    fbfbfb
    fbfbfb is offline
    Visiting Fellow
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    142

    Default I am back II

    Hello, Nanich.

    I have not heard back from you since May 12th. Do you still need help? If you are having problems running OTL, please let me know and we will work to resolve the issue.
  10. 2013-05-18, 19:51 #20
    Nanich
    Nanich is offline
    Member
    Join Date
    Nov 2009
    Posts
    39

    Default

    Thanks. I have been away a bit.

    I will follow your steps this weekend.

    Don
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules