I am back II

Status
Not open for further replies.
Yeah, so I am trying to boot into safemode with no luck. I have tapped the F8, but I get asked where I want to boot from (floppy, harddisk, etc), but I do not get safemode.

Don
 
Hello, Nanich.

Let's try an alternate method of booting into Safe Mode and running the OTL scan. If you successfully boot into Safe Mode, please run the OTL scan that you see in option 2 below.

Using the F5 Method as an option

  • Restart your computer.
  • Gently tap the F5 key repeatedly until the Windows XP Advanced Options menu appears.
Note: If Windows launches before you can choose Safe Mode, restart your computer and try again.​
  • Select the Safe Mode option using the up and down arrow keys.
  • Then, press the enter key on your keyboard to boot into Safe Mode.
safe-mode.png


Note: When tasks have been completed, reboot your computer to normal mode.​


If you are still having difficulty booting into Safe Mode, continue with the next option.

Option 2: Run OTL in Normal Mode using the revised script

Run OTL.exe
  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  • Then click the Run Fix button at the top.
Code: 
:OTL
DRV - (catchme) -- C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15539672730253678&UM=2&SSPV=TB_C3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC
O2 - BHO: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [aadababfecedct] "C:\Documents and Settings\All Users\Application Data\aadababfecedct.exe" File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [SearchProtect] C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
[2013/04/11 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[Reboot]
  • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
  • Post the new log in your next reply.
 
Okay, I got into safemode using f5, I did the scan/fix. I was surprised at how quick it was before it asked to reboot. The system rebooted. AFter the reboot, the logs did not come up. I did a scan of the computer to look for the saved verision of the files, but nothing came up. I also noticed that my "Firefox" program is gone as well.

Do you think I should try running the fix again?

Don
 
Hello, Nanich.

Glad you were able to get into Safe Mode and run OTL. Let's take a look at your concerns.

Cannot locate OTL logs after system reboot

OTL does not take long to scan (approx. 10 minutes depending on your system). If it was an instant scan and reboot, it is quite possible that the scan did not complete, and therefore, no logs were produced. However, OTL will save two logs (OTL.txt and Extras.txt) in the folder that OTL was started from. If OTL was saved in your Downloads folder, for example, check there for the logs.

If the logs are available please copy and paste them into your next reply. If they are not there, please rerun OTL. Because you are running a second scan, it will only produce one log, OTL.txt.

After reboot, Firefox disappeared

Can you please expand on this? Do you mean the Firefox icon has disappeared from your desktop and/or task bar? Is Firefox still installed on your system?

If only the icon has disappeared, try rebooting again. If it still does not appear, do the following:

  • Click Start > Click Window Key + R to access the Run dialog box.
  • In the open field, type C:\Program Files\Mozilla Firefox > Click OK.
  • Right click Firefox > Send to > Desktop.
Or, if you prefer to have the icon pinned to your taskbar instead of your desktop, drag the FF icon from your Start menu to your taskbar.
 
I will run the scan again.

For firefox. The shortcut on my desktop remained, but as the generic icon. When I clicked on the icon it looked for firefox using the flashlight. To me that suggests that the program is gone. I looked in Program Files and could not see it there.

Don
 
SUCCESS!!


========== OTL ==========
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found not found.
Registry value HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll not found.
File C:\Program Files\SearchProtect\bin\cltmng.exe not found.
File move failed. C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\aadababfecedct not found.
Registry value HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
File C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe not found.
Folder C:\Program Files\Mozilla Firefox\ not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Documents and Settings\Don\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Documents and Settings\Don\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Don\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Don\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 05222013_191857

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



---------------------

Again, I can only find the one log. The log I posted was not saved either. I copy and pasted it from the open window.

Don
 
Hello, Nanich.

Thank you for the OTL report. Glad you were able to run it.

Let me clarify a couple of items for you. When you run OTL the first time, it will produce two logs for you, as I had previously mentioned. These would be OTL.txt and Extras.txt. If you run OTL a second time, it will not produce the second report (Extras.txt), which is why only the first report opened. This is not something we need to worry about now.

You were able to send me the OTL.txt report, so let's not worry about saving the logs. If you are curious though, you can follow this path to see if the log is located there:

Click Start > Computer > Local Disk C: > OTL > Moved Files

It will appear as something like this: mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time you ran OTL.

Your OTL report shows several entries that need some attention. Please do the following:

Run OTL.exe
  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  • Then click the Run Fix button at the top.
Code: 
:OTL

:Reg
[HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{739df940-c5ee-4bab-9d7e-270894ae687a}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{739df940-c5ee-4bab-9d7e-270894ae687a}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtectAll"=-
HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run
"aadababfecedct"=- 
HKEY_USERS\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run
"SearchProtect"- 

:Files
ipconfig /flushdns /c
C:\Program Files\SearchProtect
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe 
C:\Program Files\Mozilla Firefox\ 
C:\WINDOWS\*.tmp 
C:\Documents and Settings\Don\*.tmp 
C:\WINDOWS\System32\*.tmp

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
  • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
  • Post the new log in your next reply.

Firefox

Let's do a clean reinstall of Firefox:

  • Download the latest version of Firefox from HERE > Click Save File.
  • After the download is complete, close all Firefox windows.
  • Before reinstalling Firefox, delete the Firefox uninstall folder, which is located in the following location by default:
Click Start > My Computer > Local Disk C: > Program Files > Mozilla Firefox > Uninstall

Note: To preserve your bookmarks, saved passwords, and other data, do not place a check mark in the box that says Remove my Firefox personal data and customizations.

  • Now reinstall Firefox:
  • Locate the saved file (Firefox Setup 21.0.exe), double-click the file to begin the Installation Wizard and follow the prompts.
  • Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.
 
Hello, Nanich.

Firefox is back, great news, good job. As far as the OTL scan is concerned, let's just run a fresh scan without attempting a fix. If you cannot run it in Normal Mode, then run it in Safe Mode.


  • From your desktop, double click on the
    OTL_Icon.gif
    icon.
Note: Vista and Windows 7 users right-click and select Run As Administrator. If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.​

  • Under Output, click Minimal Output to select it.
  • Click the Scan All Users checkbox. Leave the remaining selections to the default settings.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, the following log will open in Notepad: OTListIt.txt
  • This log should save automatically to the Desktop.
  • Please copy and paste the contents of OTListIt.txt in your next reply.
  • Click the red X in the upper right corner to exit OTL.
 
Here you go!

OTL logfile created on: 5/26/2013 6:05:07 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Don\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.61% Memory free
4.84 Gb Paging File | 3.85 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 16.47 Gb Free Space | 3.54% Space Free | Partition Type: NTFS

Computer Name: DONPETERSON | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Don\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
PRC - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\655c70628497117a1008510a401f84d3\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\261b2323f46266bf9039ebc350ef466a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\6fcb023855a4670d86e80ac4744b0efe\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\347f5b43b525120fe2f33d92d75337f2\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0eef0fa73253bcea73885b6912c5433\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\13041000\algo.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\68b0fc15aa862e54593dd85b59116998\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\32b515633fcbcc6dad09b9dd09f2fc2f\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65e520f98f7674d462d26671c1ce97a7\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\mpg2splt.ax ()
MOD - C:\Program Files\Vuze\plugins\azitunes\jacob-1.17-M2-x86.dll ()
MOD - C:\Program Files\Vuze\aereg.dll ()
MOD - C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\AVAST Software\Avast\Setup\setiface.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Azureus\plugins\azutp\win32\utp.dll ()
MOD - C:\WINDOWS\system32\qdvd.dll ()
MOD - C:\Documents and Settings\Don\Local Settings\temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\xvidcore.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\dxmasf.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\xvid.ax ()
MOD - C:\WINDOWS\system32\tsd32.dll ()


========== Services (SafeList) ==========

SRV - (SMART SNMP Agent Service) -- C:\Program Files\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (CltMngSvc) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (szkgfs) -- system32\drivers\szkgfs.sys File not found
DRV - (szkg5) -- system32\DRIVERS\szkg.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (is3srv) -- system32\drivers\is3srv.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (iDispService) -- C:\WINDOWS\system32\drivers\idisplayminiport.sys (SHAPE Services)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctNDIS) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (PCTFW-DNS) -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvselsus) -- C:\WINDOWS\system32\drivers\lvselsus.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation)
DRV - (SaiH0461) -- C:\WINDOWS\system32\drivers\SaiH0461.sys (Saitek)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (CX23880) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.)
DRV - (DSDrv4) -- C:\Program Files\DScaler\DSDrv4.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (smrtdrv) -- C:\WINDOWS\system32\drivers\smrtdrv.sys (SMART Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/12 13:55:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/01/25 00:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Extensions
[2013/05/25 20:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/25 20:04:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN14205695091674118&UM=2&sspv=TB_CC
CHR - Extension: avast! WebRep = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: GoPhoto.it = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\

O1 HOSTS File: ([2013/05/22 19:18:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F78B2EB-7177-4840-97C8-62D965C16EE8}: DhcpNameServer = 64.59.160.13 64.59.161.68
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/21 11:51:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/25 20:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/05/25 20:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/25 20:02:40 | 021,289,608 | ---- | C] (Mozilla) -- C:\Documents and Settings\Don\Desktop\Firefox Setup 21.0.exe
[2013/05/22 19:54:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Don\PrivacIE
[2013/05/22 19:49:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Don\IETldCache
[2013/05/22 19:38:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/05/22 19:34:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/05/22 19:30:58 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/05/22 19:30:31 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/05/13 01:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SearchProtect
[2013/05/12 00:17:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/05/07 21:30:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Don\Desktop\OTL.exe
[2013/05/05 11:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Desktop\Old Firefox Data
[2013/05/05 10:30:23 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswclear.exe
[2013/05/01 18:14:21 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Don\Desktop\TDSSKiller.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/26 18:07:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/26 18:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/26 13:16:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/26 05:06:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/25 20:04:39 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/25 20:04:39 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/05/25 20:02:40 | 021,289,608 | ---- | M] (Mozilla) -- C:\Documents and Settings\Don\Desktop\Firefox Setup 21.0.exe
[2013/05/25 17:18:53 | 000,502,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/25 17:18:53 | 000,088,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/25 17:10:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/25 17:09:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/05/25 17:09:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2013/05/25 08:27:15 | 000,013,770 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/23 03:01:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/22 23:26:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/22 19:49:08 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/22 19:18:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/05/15 03:28:06 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/14 14:07:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/14 14:07:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/13 22:04:24 | 000,000,211 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2013/05/07 21:30:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don\Desktop\OTL.exe
[2013/05/06 21:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/05 10:30:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswclear.exe
[2013/05/01 18:13:52 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\tdsskiller.zip
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/25 20:04:39 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/25 20:04:39 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/05/22 19:49:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/01 18:13:51 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\tdsskiller.zip
[2013/01/09 04:36:13 | 000,318,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/05 20:22:57 | 000,138,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/12/05 20:01:44 | 000,281,688 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/12/05 20:01:40 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/04/20 19:40:47 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2012/02/15 21:43:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/08/15 01:00:50 | 000,855,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-746137067-606747145-682003330-1004-0.dat
[2011/08/15 01:00:49 | 000,217,590 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/11 10:23:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/11 10:23:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/11 10:23:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/11 10:23:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/11 10:23:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/07 20:56:47 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 11:16:37 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Don\.Xauthority
[2009/09/01 23:30:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\LOG
[2009/02/13 07:49:36 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-settings
[2009/02/13 07:49:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-editor-session
[2009/02/13 07:49:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-user-dict
[2009/01/21 19:15:39 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\PnkBstrK.sys

========== ZeroAccess Check ==========

[2009/01/21 19:18:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 18:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 
Hello, Nanich.

Thank you for the OTL log. Please run the following fix. If you have problems running it in Normal Mode, please run it in Safe Mode.

Run OTL.exe
  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
Code: 
:OTL
PRC - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (CltMngSvc) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
[2013/05/13 01:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SearchProtect
CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC
O4 - HKU\.DEFAULT..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe File not found


:Services

:Reg

:Files
C:\Documents and Settings\LocalService\Application Data\SearchProtect

:Commands
[purity]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top, not run Scan.
  • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
  • Post the new log in your next reply.
 
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
 
I am back iii

my previous thread was locked. I was having troubles with the scan as it was constantly freezing. I now have a program called System Doctor 2014. I am not able to use any programs and I have typed thos message from my tablet. Any help would be great.

Don
 
I managed to log on throw safe mode

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Don at 21:24:22 on 2013-06-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2580 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [SD2014] c:\documents and settings\don\application data\9ahrf4fd\9ahRf4fD.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\don\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\don\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 64.59.160.13 64.59.161.68
TCP: Interfaces\{7F78B2EB-7177-4840-97C8-62D965C16EE8} : DHCPNameServer = 64.59.160.13 64.59.161.68
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\don\application data\mozilla\firefox\profiles\2qm8uqye.default-1367778406205\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-27 05:16; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-21 233136]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-12-21 58816]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-12 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-12 307928]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-12 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-12 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c62bfc4ddf28;Google Update Service (gupdate1c9c62bfc4ddf28);c:\program files\google\update\GoogleUpdate.exe [2009-4-25 133104]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-16 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-7 701512]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-12-21 88040]
S2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-12-21 818432]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-8 77624]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-10-8 20032]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-5-30 39424]
S3 iDispService;iDispService;c:\windows\system32\drivers\idisplayminiport.sys [2012-3-21 14248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-7 22856]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-12-21 32680]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-12-21 70664]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-12-21 115216]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2010-2-19 132232]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\classroom teacher\smartsnmpagent.exe --> c:\program files\smart technologies\classroom teacher\SMARTSNMPAgent.exe [?]
S3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [2004-4-22 2432]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-10-8 181432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\NOTEPAD.EXE=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-06-06 03:59:55 -------- d-----w- c:\documents and settings\don\application data\9ahRf4fD
2013-05-23 02:54:28 -------- d-sh--w- c:\documents and settings\don\PrivacIE
2013-05-23 02:49:05 -------- d-sh--w- c:\documents and settings\don\IETldCache
2013-05-23 02:38:23 -------- d-----w- c:\windows\ie8updates
2013-05-23 02:34:58 -------- dc-h--w- c:\windows\ie8
2013-05-23 02:30:58 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-05-23 02:30:35 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-05-23 02:30:32 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-05-23 02:30:31 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-05-23 02:30:31 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-05-14 20:31:10 6128760 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-05-14 20:31:10 6128760 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-05-14 05:04:24 6224 ------w- C:\Br20F.tmp
.
==================== Find3M ====================
.
2013-05-14 21:07:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 21:07:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-27 06:43:02 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-27 06:43:02 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 21:25:15.98 ===============
 

Attachments

Hello, Nanich.

We have reopened your thread, and I am reviewing your new DDS log now. I will get back to you as soon as possible.
 
Hello, Nanich.

A review of your concerns and your DDS log indicates that your system has become worse. We will do our optimum best to help you resolve your issues, and to restore your computer to its full functionailty; however, we strongly urge you to:

  • Use only the tools you are instructed to use in order to avoid additonal conflicts and set backs.
  • Avoid using the Internet in order to prevent downloading and installing additional malware. Keep your LAN cable unplugged, except when you need to post to this thread.
If we determine that we cannot clean your computer, we would recommend reformatting your hard drive and a clean install of Windows. We would then link you to a good Windows forum that can guide you through the process. This would guarantee a nice clean and error free system.

However, let's first attempt to clean your system. Please do the following:

1. Boot into Safe Mode

Using the F8 Method as an option:
  • Restart your computer.
  • Gently tap the F8 key repeatedly until the Windows XP Advanced Options menu appears.
Note: If Windows launches before you can choose Safe Mode, restart your computer and try again.​
  • Select the Safe Mode option using the up and down arrow keys.
  • Then, press the enter key on your keyboard to boot into Safe Mode.

safe-mode.png


Note: When tasks have been completed, reboot your computer to normal mode.​

If you experience problems booting into Safe Mode using the F8 key, please follow the above directions using the F5 key instead.

2. Scan your system with RKill

Note:
  • Print out these instructions as we may need to close every window that is open later in the fix.
  • It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer, and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

WARNING: Do not reboot your computer after running RKill as the malware programs will start again.

Please download and run one version of the following tool to help and allow other programs to run.

There are 5 different versions. If one will not run, select another.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. WiNlOgOn.exe
5. uSeRiNiT.exe

3. Scan your system with Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.

    MBAMCapture.jpg


  • When the scan is complete, click OK, then Show Results to view the results.

    mbam1.png


  • Then click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post (copy and paste) the results.
  • Note: If you receive a notice that some of the items could not be removed, that they have been added to the delete on reboot list, please reboot.


In your next reply, please describe how your computer is behaving at this time.

To avoid closing this topic, please advise me in advance if you need more time completing the given tasks.
 
I did the rkill scan. It seemed to work fine.

I am using the Malwarebytes Anti-Malware I did the scan. It found 8 objects. I clicked on Remove Selected and it asked to reboot. It did into normal mode. it is did not boot all the way. It goes to a light blue screen is only the pointer on. I have rebooted in safemode and redoing the scan. If I get a log, I will let you know.

Don
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.06.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Don :: DONPETERSON [administrator]

6/6/2013 8:00:39 PM
mbam-log-2013-06-06 (20-00-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273794
Time elapsed: 53 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Status
Not open for further replies.
Back
Top