I am back II

Status
Not open for further replies.
N

Nanich

New member
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17128 BrowserJavaVersion: 1.6.0_26
Run by Don at 20:07:50 on 2013-04-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2165 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe
C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uURLSearchHooks: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [aadababfecedct] "c:\documents and settings\all users\application data\aadababfecedct.exe"
uRun: [SearchProtect] c:\documents and settings\don\application data\searchprotect\bin\cltmng.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
StartupFolder: c:\docume~1\don\startm~1\programs\startup\avgfre~1.lnk - c:\program files\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\don\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\don\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 64.59.160.13 64.59.161.68
TCP: Interfaces\{7F78B2EB-7177-4840-97C8-62D965C16EE8} : DHCPNameServer = 64.59.160.13 64.59.161.68
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\don\application data\mozilla\firefox\profiles\m6tf3mhu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN24014405641032166&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q=
FF - component: c:\documents and settings\don\application data\mozilla\firefox\profiles\m6tf3mhu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\don\application data\mozilla\firefox\profiles\m6tf3mhu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-31 22:00; torntv2@torntv.com; c:\documents and settings\don\application data\mozilla\firefox\profiles\m6tf3mhu.default\extensions\torntv2@torntv.com.xpi
FF - ExtSQL: !HIDDEN! 2009-09-02 01:53; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-12 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-12 307928]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-21 233136]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-12 19544]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-3-6 93984]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-16 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-7 701512]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-12-21 818432]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-3-19 3289208]
R3 iDispService;iDispService;c:\windows\system32\drivers\idisplayminiport.sys [2012-3-21 14248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-7 22856]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-12-21 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-12-21 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-12-21 115216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-12 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c62bfc4ddf28;Google Update Service (gupdate1c9c62bfc4ddf28);c:\program files\google\update\GoogleUpdate.exe [2009-4-25 133104]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-12-21 88040]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-8 77624]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-10-8 20032]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-5-30 39424]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-12-21 32680]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2010-2-19 132232]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\classroom teacher\smartsnmpagent.exe --> c:\program files\smart technologies\classroom teacher\SMARTSNMPAgent.exe [?]
S3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [2004-4-22 2432]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-10-8 181432]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\NOTEPAD.EXE=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-20 05:49:27 -------- d-----w- c:\documents and settings\don\application data\AVG2013
2013-04-20 05:45:53 -------- d--h--w- C:\$AVG
2013-04-20 05:45:53 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2013-04-20 05:31:55 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-04-20 05:31:55 -------- d-----w- c:\documents and settings\don\local settings\application data\MFAData
2013-04-20 05:31:55 -------- d-----w- c:\documents and settings\don\local settings\application data\Avg2013
2013-04-20 05:31:55 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-04-15 03:04:51 -------- d-----w- c:\documents and settings\don\application data\LibreOffice
2013-04-15 03:04:19 -------- d-----w- c:\windows\System64
2013-04-15 03:02:57 -------- d-----w- c:\program files\LibreOffice 4.0
2013-04-15 02:46:14 -------- d-----w- c:\program files\Dropbox
2013-04-15 02:44:38 -------- d-----w- c:\documents and settings\don\application data\Dropbox
2013-04-06 23:18:00 -------- d-----w- c:\documents and settings\don\local settings\application data\Colossal Order
2013-04-01 05:02:30 -------- d-----w- c:\documents and settings\don\local settings\application data\WhiteSmoke_New
2013-04-01 05:02:28 -------- d-----w- c:\program files\WhiteSmoke_New
2013-04-01 05:02:15 -------- d-----w- c:\documents and settings\don\local settings\application data\CRE
2013-04-01 05:01:42 -------- d-----w- c:\program files\SearchProtect
2013-04-01 05:01:16 -------- d-----w- c:\documents and settings\don\application data\SearchProtect
2013-04-01 05:00:37 -------- d-----w- c:\program files\Gophoto.it
2013-04-01 05:00:19 -------- d-----w- c:\program files\TornTV.com
2013-03-27 06:43:02 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-27 06:43:02 421200 ----a-w- c:\windows\system32\msvcp100.dll
.
==================== Find3M ====================
.
2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-12 21:07:09 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 21:07:09 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-24 19:03:34 832512 ----a-w- c:\windows\system32\wininet.dll
2013-02-24 19:03:34 1830912 ------w- c:\windows\system32\inetcpl.cpl
2013-02-24 19:03:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-02-24 19:03:33 17408 ----a-w- c:\windows\system32\corpol.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 20:08:51.21 ===============



aswMBR would not work. I get this message in a seprate box: avast! Antirootkit has encountered a problem and needs to close. We are sorry for the inconvenience. Then aswMBR closes.

Spybot: There are directions to use Spybot in post #2, but... I could not find the link for it.
 
Hello Nanich. :snwelcome:

My name is fbfbfb. I will gladly assist you with your concerns.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice. This may cause a delay, but I will do my best to keep it as short as possible.

I am checking over your DDS log now, and I will post back shortly with instructions.

While working to resolve the issues with your machine, please follow these guidelines:
  • Please be patient. Logs are lengthy and can take time to analyze.
  • Read and follow my directions carefully, in the sequence they are posted.
  • If you are unsure about anything, please ask for clarification before continuing.
  • Use only those tools that you have been directed to use.
  • Do not install or uninstall any applications or run any other scans without being directed to do so.
  • Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
  • Stay with me until your machine has been deemed all clear.
  • Please reply within 3 days of each post to avoid closing this topic.
 
Hello, Nanich. Thank you for the DDS logs. You report that you had problems running aswMBR. Let's try running TDSSKiller instead.

Please run the following scans

1. TDSSKiller
  • Please download TDSSKiller from HERE and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder, right click on TDSSKiller.exe and select Run as Administrator to run the application.
  • When the window opens, click Change Parameters.
  • Under Additional options, put a check mark in the box next to Detect TDLFS File System. Click OK.
  • Click Start Scan.
  • As we are only looking for a log of what is on the machine right now, choose Skip for whatever is found.
  • Click Continue > Reboot now.
Please copy and paste the contents of that file in your next reply.

2. Security Check

Please download Security Check by screen317 from HERE or HERE.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt. This may take a few minutes.
Please copy and paste the contents of that document into your next reply.
 
Thank you. One of your directions does not seem to work for me:
\
Once extracted, open the TDSSKiller folder, right click on TDSSKiller.exe and select Run as Administrator to run the application.

There is a Run as... option. When I select that there is no option to run as an administrator.

Thanks!

Don
 
Hello, Nanich.

Please work through the following tasks

Uninstall Multiple Anti-virus Programs

I see that you are currently running multiple anti-virus programs:
  • avast! Antivirus
    [*]AVG 2013
Running multiple antivirus programs can trigger system slow downs, crashes, and/or conflicts with each other causing them not to work properly. I am recommending that you choose and keep only one good antivirus program installed on your computer. To remove the other, please follow these steps:
  • Click Start and select Control Panel.
  • When the Control Panel window opens, click on Uninstall a program found under the Programs category.
  • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
  • Look through the list of programs for the one that you would like to uninstall, and then left-click on it once to highlight it.
  • Click on the Uninstall button.
  • When asked if you are sure you want to uninstall, click Yes.
  • The program will uninstall, and when completed you will be back at the list of programs installed on your computer.
  • When finished, close the Programs and Features screen.
TDSSKiller

Let me revise those instructions for you:

  • Please download TDSSKiller from HERE and save it to your Desktop.
  • Unzip the folder. (Right Click > Extract to your Desktop).
  • Doubleclick on TDSSKiller.exe to run the application.
  • When the window opens, click Change Parameters.
  • Under Additional options, put a check mark in the box next to Detect TDLFS File System. Click OK.
  • Click Start Scan.
  • As we are only looking for a log of what is on the machine right now, choose Skip for whatever is found.
  • Click Continue > Reboot now.
  • Click on Report.
Please copy and paste the contents of that file in your next reply.
Note: It will also create a log in the C:\ directory.​
Please run the following scan

OTL by OLD TIMER
  • Please download OTL to your desktop from HERE or HERE
  • Close all other applications and windows so that you have nothing open.
  • Double click on the
    OTL_Icon.gif
    icon on your desktop.
Note: Vista and Windows 7 users right-click and select Run As Administrator. If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.​
  • Under Output, click Minimal Output to select it.
  • Click the Scan All Users checkbox. Leave the remaining selections to the default settings.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad: OTListIt.txt (will be maximized) and Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply. If the Extras.txt log is too long, you may need to add a second reply to your thread.
  • Click the red X in the upper right corner to exit OTL.

SUMMARY: In your next reply, please post the following:
  • TDSSKiller report
  • Security Check report
  • OTL log
 
Thanks,

I am not have much luck. AVAST will not uninstall. I do see the entry. When I click on it and click remove, the computer works but the nothing happens.

I do not see an entry for AVG. I do see the folder in program files, but I do not in the "add or remove programs"

Because I could not do your first instructions, I have not go onto the next instructions.

Thanks!

Don
 
Hello, Nanich.

Sometimes it is difficult to uninstall these anti-virus programs in the usual manner, in which case you can use specified removal tools supplied by each software manufacturer. Depending on which anti-virus you have chosen to remove, follow these steps:

1. Uninstall Avast using aswClear
  • Download aswclear.exe HERE and save it on your desktop.
  • Start Windows in Safe Mode.
  • Open the uninstall utility.
  • If you installed avast! in a different folder than the default, browse for it.
  • Click REMOVE.
  • Restart your computer.

2. Uninstall AVG using AVG Remover tool
  • Save all your work and close all documents. Your computer will be restarted during the procedure.
  • Download AVG Remover tool from HERE.
  • Run the downloaded tool and follow the instructions displayed on your screen.
  • Your computer will be restarted automatically.
  • After the restart, AVG Remover will finish the uninstallation.
 
I am using windows XP. How do you start in safemode? A website said to hold F8 down, but that only gave me different options on which device to use to boot. It did not offer safemode.

Don
 
Hello, Nanich.

Boot into Safe Mode using the F8 method:
  • Restart your computer.
  • Gently tap the F8 key repeatedly until the Windows XP Advanced Options menu appears.
Note: If Windows launches before you can choose Safe Mode, restart your computer and try again.​
  • Select the Safe Mode option using the up and down arrow keys.
  • Then, press the enter key on your keyboard to boot into Safe Mode.
safe-mode.png
Note: When tasks have been completed, reboot your computer to normal mode.​
 
I did that, but I do not get the safe mode start up options. The only options that I get are different location options for start up.

Don
 
Hello, Nanich.

For the moment, let's set aside removing the extra anti-virus program in Safe Mode; we will come back to that later.

Please run Security Check as previously instructed as well as the scan below:


Please download OTL to your desktop from HERE or HERE.

  • Close all other applications and windows so that you have nothing open.
  • Double click on the
    OTL_Icon.gif
    icon on your desktop.
Note: Vista and Windows 7 users right-click and select Run As Administrator. If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.​

  • Under Output, click Minimal Output to select it.
  • Click the Scan All Users checkbox. Leave the remaining selections to the default settings.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad: OTListIt.txt (will be maximized) and Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply. If the Extras.txt log is too long, you may need to add a second reply to your thread.
  • Click the red X in the upper right corner to exit OTL.
 
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Free Antivirus
AVG 2013
PC Tools Firewall Plus 6.0
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
HijackThis 2.0.2
Java(TM) 6 Update 22
Java(TM) 6 Update 26
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````


OTL logfile created on: 5/7/2013 9:32:05 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Don\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 71.51% Memory free
4.84 Gb Paging File | 4.14 Gb Available in Paging File | 85.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 20.06 Gb Free Space | 4.31% Space Free | Partition Type: NTFS

Computer Name: DONPETERSON | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Don\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Don\My Documents\Downloads\SecurityCheck.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
PRC - C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
PRC - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Don\My Documents\Downloads\SecurityCheck.exe ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\68b0fc15aa862e54593dd85b59116998\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\32b515633fcbcc6dad09b9dd09f2fc2f\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65e520f98f7674d462d26671c1ce97a7\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Documents and Settings\Don\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Documents and Settings\Don\Local Settings\temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Services (SafeList) ==========

SRV - (SMART SNMP Agent Service) -- C:\Program Files\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CltMngSvc) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (szkgfs) -- system32\drivers\szkgfs.sys File not found
DRV - (szkg5) -- system32\DRIVERS\szkg.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (is3srv) -- system32\drivers\is3srv.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (iDispService) -- C:\WINDOWS\system32\drivers\idisplayminiport.sys (SHAPE Services)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ssudmdm) -- C:\WINDOWS\system32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\WINDOWS\system32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctNDIS) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (PCTFW-DNS) -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (lvselsus) -- C:\WINDOWS\system32\drivers\lvselsus.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation)
DRV - (SaiH0461) -- C:\WINDOWS\system32\drivers\SaiH0461.sys (Saitek)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (CX23880) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.)
DRV - (DSDrv4) -- C:\Program Files\DScaler\DSDrv4.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (smrtdrv) -- C:\WINDOWS\system32\drivers\smrtdrv.sys (SMART Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15539672730253678&UM=2&SSPV=TB_C3
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/12 13:55:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/11 23:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/11 23:00:44 | 000,000,000 | ---D | M]

[2009/01/25 00:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Extensions
[2013/04/11 23:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/24 18:21:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/24 18:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/04/24 18:21:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/11 23:00:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/12 09:34:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/29 21:56:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/19 09:59:04 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN14205695091674118&UM=2&sspv=TB_CC
CHR - Extension: avast! WebRep = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: GoPhoto.it = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\

O1 HOSTS File: ([2011/06/12 13:38:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [aadababfecedct] "C:\Documents and Settings\All Users\Application Data\aadababfecedct.exe" File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [SearchProtect] C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-606747145-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F78B2EB-7177-4840-97C8-62D965C16EE8}: DhcpNameServer = 64.59.160.13 64.59.161.68
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/21 11:51:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/05 11:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Desktop\Old Firefox Data
[2013/05/05 10:30:23 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswclear.exe
[2013/05/01 18:14:21 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Don\Desktop\TDSSKiller.exe
[2013/04/20 20:11:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswMBR.exe
[2013/04/20 20:07:22 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Don\Desktop\dds.scr
[2013/04/20 20:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/04/20 20:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/04/20 20:03:46 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Don\Desktop\erunt-setup.exe
[2013/04/19 22:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\AVG2013
[2013/04/19 22:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/04/19 22:31:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/04/19 22:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Local Settings\Application Data\MFAData
[2013/04/19 22:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/04/19 22:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Local Settings\Application Data\Avg2013
[2013/04/19 22:31:32 | 004,411,440 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Don\Desktop\avg_avct_stb_all_2013_2667_cm10.exe
[2013/04/14 20:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\LibreOffice
[2013/04/14 20:04:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LibreOffice 4.0
[2013/04/14 20:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System64
[2013/04/14 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 4.0
[2013/04/14 19:48:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Don\My Documents\Dropbox
[2013/04/14 19:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/04/14 19:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Start Menu\Programs\Dropbox
[2013/04/14 19:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\Dropbox
[2013/04/14 19:42:00 | 032,746,544 | ---- | C] (Dropbox, Inc.) -- C:\Documents and Settings\Don\Desktop\Dropbox 2.0.6.exe
[2013/04/11 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/07 21:30:47 | 000,502,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/07 21:30:47 | 000,088,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/07 21:21:53 | 000,013,770 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/07 21:21:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/07 21:21:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/05/07 21:21:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2013/05/07 20:01:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/07 19:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/06 23:01:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/05 10:30:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswclear.exe
[2013/05/01 23:26:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/01 18:13:52 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\tdsskiller.zip
[2013/04/27 14:04:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/04/20 22:03:20 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Don\.Xauthority
[2013/04/20 20:12:32 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Don\Desktop\aswMBR.exe
[2013/04/20 20:07:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Don\Desktop\dds.scr
[2013/04/20 20:03:46 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Don\Desktop\erunt-setup.exe
[2013/04/19 22:31:28 | 004,411,440 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Don\Desktop\avg_avct_stb_all_2013_2667_cm10.exe
[2013/04/19 22:26:23 | 000,062,464 | ---- | M] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/19 22:22:37 | 115,054,456 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\avast_free_antivirus_setup.exe
[2013/04/15 20:01:59 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/14 19:59:41 | 193,572,864 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\LibreOffice_4.0.2_Win_x86.msi
[2013/04/14 19:48:06 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Dropbox.lnk
[2013/04/14 19:46:41 | 000,000,996 | ---- | M] () -- C:\Documents and Settings\Don\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/14 19:42:50 | 032,746,544 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Don\Desktop\Dropbox 2.0.6.exe
[2013/04/10 03:05:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/01 18:13:51 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\tdsskiller.zip
[2013/04/19 22:20:24 | 115,054,456 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\avast_free_antivirus_setup.exe
[2013/04/14 19:54:58 | 193,572,864 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\LibreOffice_4.0.2_Win_x86.msi
[2013/04/14 19:48:06 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\Don\Desktop\Dropbox.lnk
[2013/04/14 19:46:41 | 000,000,996 | ---- | C] () -- C:\Documents and Settings\Don\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/09 04:36:13 | 000,318,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/05 20:22:57 | 000,138,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/12/05 20:01:44 | 000,281,688 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/12/05 20:01:40 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/04/20 19:40:47 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2012/02/15 21:43:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/08/15 01:00:50 | 000,855,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-746137067-606747145-682003330-1004-0.dat
[2011/08/15 01:00:49 | 000,217,590 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/11 10:23:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/11 10:23:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/11 10:23:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/11 10:23:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/11 10:23:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/07 20:56:47 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 11:16:37 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Don\.Xauthority
[2009/09/01 23:30:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\LOG
[2009/02/13 07:49:36 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-settings
[2009/02/13 07:49:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-editor-session
[2009/02/13 07:49:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Don\.strange-eons-user-dict
[2009/01/21 19:15:39 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Don\Application Data\PnkBstrK.sys

========== ZeroAccess Check ==========

[2009/01/21 19:18:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 18:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


This is all I have. I do not see an extras.txt on the task bar or on my desktop.
 
Hello, Nanich.

Thank you for the Security Check and OTL reports. The extras.txt should be in the same location as OTL. If it is there, you can send it in your next reply. If it is not, let's not worry about it.

Please run the following scan

Run OTL.exe
  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  • Then click the Run Fix button at the top.
Code: 
:OTL
DRV - (catchme) -- C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15539672730253678&UM=2&SSPV=TB_C3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC
O2 - BHO: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [aadababfecedct] "C:\Documents and Settings\All Users\Application Data\aadababfecedct.exe" File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [SearchProtect] C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
[2013/04/11 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[CLEARALLRESTOREPOINTS]
[Reboot]
  • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
  • Post the new log in your next reply.
 
So I ran the scan. I think it stopped part way through. I left it overnight and said something like "killing processes" The task bar and desktop icons were missing when I woke up. I had to do a manual reset to get it running again.

Don
 
Hello, Nanich.

Let's run OTL again, this time in Safe Mode. Once you are in Safe Mode, run the OTL fix which I have included below--I have made an adjustment.

1. Boot into Safe Mode

Using the F8 Method as an option:
  • Restart your computer.
  • Gently tap the F8 key repeatedly until the Windows XP Advanced Options menu appears.
Note: If Windows launches before you can choose Safe Mode, restart your computer and try again.​
  • Select the Safe Mode option using the up and down arrow keys.
  • Then, press the enter key on your keyboard to boot into Safe Mode.
safe-mode.png


Note: When tasks have been completed, reboot your computer to normal mode.​

2. Run OTL.exe
  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  • Then click the Run Fix button at the top.
Code: 
:OTL
DRV - (catchme) -- C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys File not found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-746137067-606747145-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15539672730253678&UM=2&SSPV=TB_C3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
CHR - homepage: http://search.conduit.com/?ctid=CT32...M=2&sspv=TB_CC
O2 - BHO: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found.
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\AVG Free Tray Icon.lnk = File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [aadababfecedct] "C:\Documents and Settings\All Users\Application Data\aadababfecedct.exe" File not found
O4 - HKU\S-1-5-21-746137067-606747145-682003330-1004..\Run: [SearchProtect] C:\Documents and Settings\Don\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
[2013/04/11 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Don\*.tmp files -> C:\Documents and Settings\Don\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
  • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
  • Post the new log in your next reply.
 
Hello, Nanich.

I have not heard back from you since May 12th. Do you still need help? If you are having problems running OTL, please let me know and we will work to resolve the issue.
 
Status
Not open for further replies.
Back
Top