Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Please Check This Hijack Log. Thanks!!!


(!)

goingcrazy123's Avatar
goingcrazy123 goingcrazy123 is offline
Member with 79 posts.
THREAD STARTER
 
Join Date: Dec 2013
14-Dec-2013, 03:59 PM #1
Exclamation Please Check This Hijack Log. Thanks!!!
Hello again! Here is my Hijack This Log.

I would be VERY grateful if you would analyze this and let me know what is wrong. It looks like there
are multiple versions of things running, and things installed that I do not use, like "Blekko" and "One Note."

Please help me/ Thank you very much!

Larry

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:25:26 PM, on 12/14/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
CHROME: 31.0.1650.63
FIREFOX: 12.0 (en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\JustCloud\BackupStack.exe
C:\Documents and Settings\SAM\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Wetelecom\LoadMdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\SAM\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe
C:\Documents and Settings\SAM\My Documents\My Data Sources\HIJACK THIS\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
R3 - URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.4\iobitappsToolbarIE.dll
R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\8.4\ytdToolbarIE.dll
O2 - BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.4\iobitappsToolbarIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Blekko Search Bar Helper Object - {BAE35237-8D73-44D0-905C-8A95EA1E7E69} - C:\Program Files\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll
O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\8.4\ytdToolbarIE.dll
O3 - Toolbar: Blekko Search Bar Toolbar - {EECF410C-006C-4A05-AD13-6741A0814DBF} - C:\Program Files\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll
O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\8.4\ytdToolbarIE.dll
O3 - Toolbar: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.4\iobitappsToolbarIE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [LoadMdm] C:\Program Files\Wetelecom\LoadMdm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Computer Backup (JustCloud) (BackupStack) - Just Develop It - C:\Program Files\JustCloud\BackupStack.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HideMyIpSRV - Hide My IP - C:\Documents and Settings\SAM\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Documents and Settings\SAM\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Documents and Settings\ SAM \My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7275 bytes
goingcrazy123's Avatar
goingcrazy123 goingcrazy123 is offline
Member with 79 posts.
THREAD STARTER
 
Join Date: Dec 2013
15-Dec-2013, 02:19 PM #2
Question Here is my DDS file and Attach file
Dear Tech Support Representative,


Hello again. I am posting here the two files, DDS and Attach. See below. I will post the GMER shortly. It has been a full 24 hours now, and I am still awaiting your help patiently. My problem is that my computer is working very slowly, taking a long time to load programs. The Google Chrome is causing a lot of problems. I see the hourglass constantly and wait a long time to open new web pages. I get the "Aw Snap!" message often. It looks like my internet connection is screwy, too. Almost twice as many bytes are received than are sent.


I would like your help to uninstall Google Chrome completely. Mozilla Firefox works fine, so I'll use that. Can you help me uninstall Chrome safely, i.e. so that nothing important is disabled or deleted? Thank you.



Yesterday I ran Malwarebytes and came up with 14 malware (PUP, Optional, OPEN CANDY, etc). I deleted them and ran the Malwarebytes again and it came up clean. However, I notice that the icon for my wireless modem on the bottom of my screen looks different now and has a red X over it. Did I delete something important?



Thank you very much for your help!


Larry







DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512
Run by Larry at 19:38:26 on 2013-12-15
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\JustCloud\BackupStack.exe
C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\JustCloud\JustCloud.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Wetelecom\LoadMdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
mSearchAssistant = ${SEARCH_URL_IE7}
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.4\iobitappsToolbarIE.dll
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\8.4\ytdToolbarIE.dll
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.4\iobitappsToolbarIE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Blekko Search Bar Helper Object: {BAE35237-8D73-44D0-905C-8A95EA1E7E69} - c:\program files\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\8.4\ytdToolbarIE.dll
TB: Blekko Search Bar Toolbar: {EECF410C-006C-4A05-AD13-6741A0814DBF} - c:\program files\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\8.4\ytdToolbarIE.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.4\iobitappsToolbarIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [LoadMdm] c:\program files\wetelecom\LoadMdm.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\HMIPCore.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 91.224.178.5 77.88.8.8
TCP: Interfaces\{7E534C27-275F-40F6-A235-5644656D47A8} : DHCPNameServer = 91.224.178.5 77.88.8.8
TCP: Interfaces\{A8ED60BD-364E-4BA8-9809-F7E168FE9B86} : NameServer = 91.224.178.98 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\Larry\application data\mozilla\firefox\profiles\d6ynzd6q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.ua/search?hl=en-UA&source=hp&biw=&bih=&q=set+firefox+as+default+browser&oq=set+firefox+as+d efault+browser&gs_l=firefox-hp.3..0l10.5767.13863.0.15073.30.17.0.13.13.2.394.3168.3j5j6j3.17.0....0... 1ac.1.24.firefox-hp..4.26.2099.RbF9dvdT86s|https://support.mozilla.org/en-US/kb...irefox-default
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - plugin: c:\documents and settings\Larry\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\Larry\my documents\my data sources\vlc video\vlc\npvlc.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-12-12 16:27; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2013-12-13 19:26; iobitapps@mybrowserbar.com; c:\program files\iobit apps toolbar\FF
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.spamfreesearch.autoRvrt - false
FF - user.js: extensions.spamfreesearch_i.hmpg - true
FF - user.js: extensions.spamfreesearch.hmpgUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=34762793000000000000000e35ae6694
FF - user.js: extensions.spamfreesearch.dfltSrch - true
FF - user.js: extensions.spamfreesearch.srchPrvdr - blekko
FF - user.js: extensions.spamfreesearch.keyWordUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=34762793000000000000000e35ae6694&q=
FF - user.js: extensions.spamfreesearch_i.dnsErr - true
FF - user.js: extensions.spamfreesearch_i.newTab - true
FF - user.js: extensions.spamfreesearch.newTabUrl - chrome://spamfreesearch/content/new browser tab.html?source=5f97ddbe&tbp=tab&u=34762793000000000000000e35ae6694
FF - user.js: extensions.spamfreesearch.tlbrSrchUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=34762793000000000000000e35ae6694&q=
FF - user.js: extensions.spamfreesearch.id - 34762793000000000000000e35ae6694
FF - user.js: extensions.spamfreesearch.appId - {1005247F-A178-490A-8DC3-6BAF09EA427B}
FF - user.js: extensions.spamfreesearch.instlDay - 15758
FF - user.js: extensions.spamfreesearch.vrsn - 1.8.3.9
FF - user.js: extensions.spamfreesearch.vrsni - 1.8.3.9
FF - user.js: extensions.spamfreesearch_i.vrsnTs - 1.8.3.923:45:45
FF - user.js: extensions.spamfreesearch.prtnrId - blekko
FF - user.js: extensions.spamfreesearch.prdct - spamfreesearch
FF - user.js: extensions.spamfreesearch.aflt - orgnl
FF - user.js: extensions.spamfreesearch_i.smplGrp - none
FF - user.js: extensions.spamfreesearch.tlbrId - base
FF - user.js: extensions.spamfreesearch.instlRef - 5f97ddbe
FF - user.js: extensions.spamfreesearch.dfltLng -
FF - user.js: extensions.spamfreesearch.excTlbr - false
FF - user.js: extensions.spamfreesearch.admin - false
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cpudrv;cpudrv
R? MBAMService;MBAMService
R? wmdusbser;Wetelecom USB Device for Legacy Serial Communication
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Application Updater;Application Updater
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;avast! VM Monitor
S? avast! Antivirus;avast! Antivirus
S? BackupStack;Computer Backup (JustCloud)
S? HideMyIpSRV;HideMyIpSRV
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? SmartDefragDriver;SmartDefragDriver
.
=============== Created Last 30 ================
.
2013-12-13 17:25:54 -------- d-----w- c:\program files\IObit Apps Toolbar
2013-12-12 14:30:07 -------- d-----w- c:\documents and settings\Larry\application data\AVAST Software
2013-12-12 14:27:53 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-12 14:27:52 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-12 14:27:51 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-12 14:27:50 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-12 14:27:38 43152 ----a-w- c:\windows\avastSS.scr
2013-12-12 14:26:16 -------- d-----w- c:\program files\AVAST Software
2013-12-12 14:17:51 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-12-12 11:23:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-11 17:26:13 -------- d-----w- c:\program files\YTD Toolbar
.
==================== Find3M ====================
.
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-12 14:54:29 668672 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 14:54:28 81920 ------w- c:\windows\system32\ieencode.dll
2013-10-12 14:54:28 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-10-12 11:54:35 369664 ------w- c:\windows\system32\html.iec
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 19:50:51.10 ===============




ATTACH file:





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2011 12:53:32 PM
System Uptime: 12/15/2013 4:50:47 PM (3 hours ago)
.
Motherboard: TOSHIBA | | EAL20
Processor: Intel(R) Pentium(R) M processor 1.60GHz | BAN | 1598/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 18.004 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\CMP0101\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\CMP0101\2&DABA3FF&0
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\65404E1A23F53
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\65404E1A23F53
Service: NIC1394
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_00011179&REV_03\3&61AAA01&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_00011179&REV_03\3&61AAA01&0&FE
Service:
.
==== Installed Programs ======================
.
µTorrent
A-PDF Split 2.4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
Adolix Split and Merge PDF v1.7
avast! Free Antivirus
BCL easyConverter Desktop 3 (Word Version)
Blekko Search Bar
CCleaner
EasyCleaner
Google Chrome
Hide My IP 5.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet/Wireless Software
IObit Apps Toolbar v8.4
JustCloud
Ken Ward's Makeup 0.901
Linguata Hungarian 2.4
Linguata Ukrainian 2.3
Malwarebytes Anti-Malware version 1.75.0.1300
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MindMaster
mIWA
mLogView
mMHouse
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
PDF24 Creator 5.4.0
Platform
REALTEK GbE & FE Ethernet PCI NIC Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2792100)
Security Update for Windows XP (KB2797052)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2809289)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2817183)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2829530)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2838727)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2846071)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2862772)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2870699)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2879017)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2888505)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923789)
Skype™ 5.5
Smart Defrag 2
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
VIA Platform Device Manager
VLC media player 2.0.5
WebFldrs XP
Wetelecom
Windows Genuine Advantage Notifications (KB905474)
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
YTD Toolbar v8.4
YTD Video Downloader 4.1
.
==== End Of File ===========================
goingcrazy123's Avatar
goingcrazy123 goingcrazy123 is offline
Member with 79 posts.
THREAD STARTER
 
Join Date: Dec 2013
15-Dec-2013, 06:15 PM #3
Exclamation GMER file
Here is the GMER file:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-16 00:08:56
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD4A 55.89GB
Running: wi07yquv.exe; Driver: C:\DOCUME~1\Larry\LOCALS~1\Temp\axrdrfow.sys


---- System - GMER 2.1 ----

SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xEE2FDB10]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xEE2FE5EE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xEE34243E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xEE30A5E0]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xEE30A62C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xEE30A7C6]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xEE341DF2]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xEE30A54E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xEE30A670]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xEE30A596]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xEE2FEB24]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xEE30A780]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xEE2FF3DC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xEE2FDB76]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xEE342B04]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xEE342DBA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xEE302B58]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xEE34296F]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xEE3427DA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xEE2FD75E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xEE2FDBDC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xEE302F4E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xEE2FFE6C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xEE30A60A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xEE30A64E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xEE30A7EA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xEE34214E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xEE30A574]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xEE302452]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xEE30A6FE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xEE30A5BE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xEE30283A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xEE30A7A4]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xEE3B30CC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xEE342655]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xEE2FFD38]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xEE3424A7]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xEE2FF88E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xEE3C0F22]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xEE341438]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xEE2FDC42]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xEE2FDCA8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xEE2FF256]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xEE2FD7F8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xEE2FD9CE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xEE342C0B]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xEE2FD95C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xEE2FF5A6]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xEE2FF708]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xEE2FDA56]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xEE2FF094]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xEE2FF236]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xEE2FDD0E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xEE2FE64A]

INT 0x62 ? 85F98CB8
INT 0x73 ? 85CD8F00
INT 0x74 ? 85CD8F00
INT 0x82 ? 85F98CB8
INT 0x84 ? 85CD8F00
INT 0xA4 ? 85CD8F00

---- Kernel code sections - GMER 2.1 ----

.text ntoskrnl.exe!_abnormal_termination + 220 804E27F4 4 Bytes [EA, A7, 30, EE]
.text ntoskrnl.exe!_abnormal_termination + 34D 804E2921 3 Bytes [0F, 3C, EE]
.text ntoskrnl.exe!_abnormal_termination + 398 804E296C 12 Bytes [42, DC, 2F, EE, A8, DC, 2F, ...] {INC EDX; FSUBR QWORD [EDI]; OUT DX, AL; TEST AL, 0xdc; DAS ; OUT DX, AL; PUSH ESI; DAS ; OUT DX, AL}
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A14 12 Bytes [A6, F5, 2F, EE, 08, F7, 2F, ...] {CMPSB ; CMC ; DAS ; OUT DX, AL; OR BH, DH; DAS ; OUT DX, AL; PUSH ESI; FISUBR DWORD [EDI]; OUT DX, AL}
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BC20 4 Bytes CALL EE300519 \??\C:\WINDOWS\system32\drivers\aswSnx.sys
? wvckn.sys The system cannot find the file specified. !
.text sptd.sys F75CD000 32 Bytes [E0, 16, 6F, 80, 5E, 67, 6F, ...]
.text sptd.sys F75CD024 424 Bytes [7D, 6E, 50, 80, 44, B8, 54, ...]
.text sptd.sys F75CD1D4 4 Bytes [F3, A5, 6A, 4D] {REP MOVSD ; PUSH 0x4d}
.text sptd.sys F75CD1DC 1 Byte [02]
.text sptd.sys F75CD1E0 1 Byte [21]
.text ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF76779E3]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\DOCUME~1\JOHANN~1\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Application Updater\ApplicationUpdater.exe[188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[188] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\JustCloud\BackupStack.exe[268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\JustCloud\BackupStack.exe[268] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe[428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\Larry\My Documents\Downloads\wi07yquv.exe[564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Larry\My Documents\Downloads\wi07yquv.exe[564] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[720] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1468] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1796] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1916] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[3036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[3036] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[3068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[3068] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3076] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3164] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3232] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3304] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3432] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Wetelecom\LoadMdm.exe[3484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Wetelecom\LoadMdm.exe[3484] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3632] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3736] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe[3784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe[3784] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs 85F971E8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys

Device \Driver\usbuhci \Device\USBPDO-0 85E4E1E8
Device \Driver\usbuhci \Device\USBPDO-1 85E4E1E8
Device \Driver\usbuhci \Device\USBPDO-2 85E4E1E8
Device \Driver\usbehci \Device\USBPDO-3 85D171E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys

Device \Driver\Cdrom \Device\CdRom0 85E2E1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F751BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F751BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F751BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F751BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 855671E8
Device \Driver\NetBT \Device\NetbiosSmb 855671E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A8ED60BD-364E-4BA8-9809-F7E168FE9B86} 855671E8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{B89DC8AB-932D-4464-8E64-BEAD0EB3B2B9} 855671E8
Device \Driver\usbuhci \Device\USBFDO-0 85E4E1E8
Device \Driver\usbuhci \Device\USBFDO-1 85E4E1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 855621E8
Device \Driver\usbuhci \Device\USBFDO-2 85E4E1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 855621E8
Device \Driver\usbehci \Device\USBFDO-3 85D171E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7E534C27-275F-40F6-A235-5644656D47A8} 855671E8
Device \FileSystem\Cdfs \Cdfs 85553430

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 165238
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,285 posts.
 
Join Date: Mar 2001
Location: Bradford, England
16-Dec-2013, 05:32 PM #4
Hiya and welcome to Tech Support Guy

Lets have a look and see what we have on there

Firstly, OneNote is part of Microsoft's software, so don't worry about that entry. However, I do see some other things, so lets get started.


---------

Quote:
I would like your help to uninstall Google Chrome completely. Mozilla Firefox works fine, so I'll use that. Can you help me uninstall Chrome safely, i.e. so that nothing important is disabled or deleted? Thank you.
Uninstalling Google Chrome is easy, and we can backup any favourites etc. If you wish to back them up, just select the Export Bookmarks from Chrome section here:

https://support.google.com/chrome/answer/96816?hl=en-GB

Then, go to Start | Control Panel | AddRemove Programs.

Look for Google Chrome, and click on it to highlight it. Then, click on Uninstall at the top, and it will uninstall it

---

Quote:
Yesterday I ran Malwarebytes and came up with 14 malware (PUP, Optional, OPEN CANDY, etc). I deleted them and ran the Malwarebytes again and it came up clean. However, I notice that the icon for my wireless modem on the bottom of my screen looks different now and has a red X over it. Did I delete something important?
MBAM rarely deletes anything that would cause problems, but if you have the log it produced, we can see what it did remove.

---

P2P Warning!
  • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    µTorrent

    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Please read these short reports on the dangers of peer-2-peer programs and file sharing.

    I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.

----------------------------
Now that's out of the way, lets carry on



First, go back to AddRemove programs and uninstall these:

Blekko Search Bar
IObit Apps Toolbar v8.4



Then, run the following tools. As you have a slow connection, download them all (only one will need updating online) and then run them in the order I post them

---

Download Security Check from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----


Download and scan with SUPERAntiSpyware Free Edition for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click Scan your computer.
  • On the left, select all fixed drives.
  • Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • [i][color=green]Click View Scan Logs.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

----

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

---

Go here, then click the large blue "Download Now @ Bleeping Computer" link to download and save AdwCleaner.exe to your desktop.

Note: It looks like a gray bug with 6 black legs.

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Click the Scan button, then click "OK".

Allow the scan process to finish.

If it appears to freeze, be patient for a few minutes.

When it's finished, click on the Report button.

Return here to your thread, then copy-and-paste the ENTIRE log here

----

Please include the MBAM log, SUPERAntiSpyware Scan Log, checkup.txt, JRT.txt and adwCleaner[R1].txt in your next reply

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
goingcrazy123's Avatar
goingcrazy123 goingcrazy123 is offline
Member with 79 posts.
THREAD STARTER
 
Join Date: Dec 2013
17-Dec-2013, 01:42 PM #5
Angry New Malware Log. I have "Trojan.Monder"
Hi Eddie.

Thanks for getting back to me. I am just getting started. (I have to cross the border into Germany tomorrow, so I might not be able to continue all this until I get back in 1-2 days). I haven't done your things yet - I will now - but I just ran another MalwareBytes scan, and it looks like I have a Trojan, plus the same PUP things. Please take a look at the log below.

I will do your other scans and post the logs now.

Thanks again for your help.

Larry

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Larry [administrator]

12/17/2013 5:07:30 PM
MBAM-log-2013-12-17 Tues.txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 108024
Time elapsed: 2 hour(s), 24 minute(s), 7 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MTS Connect (Trojan.Monder) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Documents and Settings\Larry\Local Settings\Temp\utt12.tmp (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\Larry\My Documents\Downloads\SoftonicDownloader_for_xp-tools.exe (PUP.Optional.Softonic.A) -> No action taken.
C:\Documents and Settings\Larry\My Documents\Gabor's Downloads\DTLite4413-0173.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\Larry\My Documents\LOG\MONEY MANAGEMENT\ETFS\[Health][Raw_Food][Education]_David_Wolfe-The_Sunfood_Diet_Succe_secure.exe (PUP.Optional.Topmedia) -> No action taken.
C:\Documents and Settings\Larry\My Documents\My Data Sources\Driver Cleaner\SoftonicDownloader_for_xp-tools.exe (PUP.Optional.Softonic.A) -> No action taken.
C:\Program Files\Wetelecom\DrvInst2.dll (Trojan.Monder) -> No action taken.
C:\Program Files\Wetelecom\uninst.exe (Trojan.Monder) -> No action taken.

(end)
goingcrazy123's Avatar
goingcrazy123 goingcrazy123 is offline
Member with 79 posts.
THREAD STARTER
 
Join Date: Dec 2013
17-Dec-2013, 05:44 PM #6
Question Cannot find "security check"
Hi Eddie.

So far I have uninstalled Blekko tool bar, Iobit tool bar, uTorrent, and Google Chrome and ran CC cleaner to clear the cache and registry.

Unfortunately, when I went to do the first scan you recommended - "Security Check" - I was unable to, because
the web page simply does not come up. I keep getting the message "page will not load". Can you give me another internet location where I can find the software and download it?

Should I move on to the second scan you recommend, or do I need to do the "Security Check" scan first??

Please inform. Thanks for your help.

Larry
goingcrazy123's Avatar
goingcrazy123 goingcrazy123 is offline
Member with 79 posts.
THREAD STARTER
 
Join Date: Dec 2013
17-Dec-2013, 06:06 PM #7
"connection to the server was reset"
The connection was reset




Every time I try to go to the website where "security check" is by screen317, I get this message:


The connection to the server was reset while the page was loading.




The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.


Can you tell me how to fix this? This has only started happening after uninstalling Google Chrome. Thanks!

Larry
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,285 posts.
 
Join Date: Mar 2001
Location: Bradford, England
18-Dec-2013, 03:18 AM #8
Sorry, was working a bit late last night.

I've just tried, and it works. Just clicking on the link should start the download. However, try the other things for now, we can always do that part later on.

With regards to MalwareBytes, if you re-run it but let the program remove the entries it found, that may help.

I'm not sure, but you may have a rogue program on there. So, if you still have problems with any of the above, can you try this:

Download RogueKiller to your desktop
  1. Quit all running programs
  2. For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  3. Wait until the Pre-scan has finished.
  4. Click on Scan
  5. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
  6. Click on Report and copy/paste the contents here.
goingcrazy123's Avatar
goingcrazy123 goingcrazy123 is offline
Member with 79 posts.
THREAD STARTER
 
Join Date: Dec 2013
18-Dec-2013, 09:49 AM #9
Question Here's the JRT Log....
Hi Eddie.

Okay, here is the JRT log. I updated my Mozilla browser, so maybe I can open Security Check now. This is a slow process, because my computer is still dragging its feet. Bear with me! Thanks.

Some Other Questions For You

1. As you've probably noticed, I have a lot of MS Security Updates and "Hotfixes." Do I REALLY need to clutter up my hard drive with all these things?? Do I have to download these things every time they become available?

2. I never use programs like Games, Outlook Express, Windows Media Player, etc. Can you tell me how to delete/uninstall them?

3. What is "CAPICOM"? I notice it is installed on my computer.

4. What is "Vinyl Deck"? I notice it is installed on my computer.

5. In general, I just want to get rid of anything I do not need or use. Is it safe to delete files in the Program Files folder on my C drive after I have already uninstalled the programs? I notice that a lot of installation and exe files remain behind even after I have uninstalled the original programs.

6. Do you see any redundant programs on my hard drive, like for example, two versions of Adobe, one older and one newer? If so, please let me know.

Thank you for your help. See the JRT Log below.

Larry

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Larry on Wed 12/18/2013 at 15:13:25.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] application updater
Successfully deleted: [Service] application updater
Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchset tings



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1214440339-1592454029-839522115-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
Successfully deleted: [Folder] "C:\Documents and Settings\Larry\Application Data\search settings"
Successfully deleted: [Folder] "C:\Documents and Settings\Larry\Application Data\ytd"
Successfully deleted: [Folder] "C:\Documents and Settings\Larry\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\application updater"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\ytd toolbar"
Failed to delete: [Folder] "C:\Program Files\Common Files\spigot"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\d6ynzd6q.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\d6ynzd6q.default\searchplugins\spamfreesearch .xml
Successfully deleted: [Folder] C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\d6ynzd6q.default\conduitcommon
Successfully deleted the following from C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\d6ynzd6q.default\prefs.js

user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2786678.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT2786678&octid=CT2786678&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay =1&UM=UM_ID");
user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIG INAL_CTID");
user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_L UT");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT2786678", "b5I8zzzMgsg0XG/fawLlFw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT2786678", "9uXRY86McHhmOreOHsv6MA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT2786678", "I1tfz7EBg4DmNytL9x55lQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT2786678", "ZI41WLbm1fFgx4gn0bs99Q==");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Larry\\Application Data\\Mozilla\\Firefox\\Profiles\\d6ynzd6q.default\\conduitCom
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.20.0.4");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMode=standard ", "483x533");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 16 2012 14:18:02 GMT+0300 (FLE Daylight Time)");
user_pref("CommunityToolbar.globalUserId", "fdd0173e-3c17-4b0b-8110-7b08bf94a8c7");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 21 2013 14:08:20 GMT+0200 (FLE Standard Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Nov 03 2013 10:44:10 GMT+0200 (FLE Standard Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Nov 21 2013 14:08:20 GMT+0200 (FLE Standard Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "5cba3b68-b884-4b3f-af9f-0288aff3e43d");
user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=34762793000000000000000e35ae6694");
user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=34762793000000000000000e35ae6694");
user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=34762793000000000000000e35ae6694&q=");
user_pref("extensions.spamfreesearch.prtnrId", "blekko");
user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=34762793000000000000000e35ae6694&q=");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/18/2013 at 15:27:47.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
goingcrazy123's Avatar
goingcrazy123 goingcrazy123 is offline
Member with 79 posts.
THREAD STARTER
 
Join Date: Dec 2013
18-Dec-2013, 10:34 AM #10
Cool Here's the Adware Cleaner Log......
Hi Eddie.

Here's the Adware Cleaner Log. I will send the others next. Thank you.

Larry

# AdwCleaner v3.015 - Report created 18/12/2013 at 16:14:49
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Larry - LARRY-PC
# Running from : C:\Documents and Settings\Larry\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Larry\Desktop\JustCloud.lnk
File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Folder Found C:\Program Files\Common Files\Spigot
Folder Found C:\Program Files\GreenTree Applications

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\582d9dfb63be542
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Uniblue\DriverScanner
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\d6ynzd6q.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3179 octets] - [18/12/2013 16:14:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3239 octets] ##########
goingcrazy123's Avatar
goingcrazy123 goingcrazy123 is offline
Member with 79 posts.
THREAD STARTER
 
Join Date: Dec 2013
18-Dec-2013, 02:21 PM #11
Here's the new Adware Log
Here's the new Adware Log after cleaning. See below.

My computer is still operating hellishly slowly. I needed to make an urgent phone call today via Skype to Germany by the close of business and did not make it, simply because the Skype application loaded too slowly.

QUESTION:

I pay for a broadband DSL service (not Wi-Fi or dial-up). Is it possible that during certain early evening hours, internet use in my immediate vicinity is heavy, and that explains for the slower connection? Or doesn't it matter how many people are using my provider's services? Is there some sort of logical connection?

Can you suggest another location for Security Check? I have been unable to access the web site that you gave me (via Firefox), so I still have not been able to run that check.

I will check for rogues upon my return from Germany. Here is the new Adware:

Thank you for your help!

Larry

# AdwCleaner v3.015 - Report created 18/12/2013 at 19:51:56
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Larry - LARRY-PC
# Running from : C:\Documents and Settings\Larry\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Documents and Settings\Larry\Start Menu\Programs\Startup\JustCloud.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\d6ynzd6q.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3319 octets] - [18/12/2013 16:14:49]
AdwCleaner[R1].txt - [1075 octets] - [18/12/2013 18:55:43]
AdwCleaner[S0].txt - [3397 octets] - [18/12/2013 16:36:49]
AdwCleaner[S1].txt - [1000 octets] - [18/12/2013 19:51:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1060 octets] ##########
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,285 posts.
 
Join Date: Mar 2001
Location: Bradford, England
18-Dec-2013, 05:24 PM #12
Okay, first lets look at the other questions

Quote:
1. As you've probably noticed, I have a lot of MS Security Updates and "Hotfixes." Do I REALLY need to clutter up my hard drive with all these things?? Do I have to download these things every time they become available?
With the amount of infections caused by exploits of software etc, and the fact that these are security updates and will protect you from all sorts, I highly advise to keep them installed.

Quote:
2. I never use programs like Games, Outlook Express, Windows Media Player, etc. Can you tell me how to delete/uninstall them?
Well, Outlook Express I suppose can go, but then sometimes Microsoft doesn't like it when things like these get uninstalled. In fact, not sure if you will be able to. With regards to Windows Media Player, I would also keep this, as it has codecs etc that you may need in the future.

Quote:
3. What is "CAPICOM"? I notice it is installed on my computer.
This is needed by your computer, and without it, you may run into some problems. It includes functionality for authentication using digital signatures, for enveloping messages, and for encrypting and decrypting data.

Quote:
4. What is "Vinyl Deck"? I notice it is installed on my computer.
I've no idea, I'll look at that in a bit more detail in a bit.

Quote:
5. In general, I just want to get rid of anything I do not need or use. Is it safe to delete files in the Program Files folder on my C drive after I have already uninstalled the programs? I notice that a lot of installation and exe files remain behind even after I have uninstalled the original programs.
Sometimes yes, but again it depends on what programs. Again, we can look at that in a bit more depth, once we've removed any malware you have first

Quote:
6. Do you see any redundant programs on my hard drive, like for example, two versions of Adobe, one older and one newer? If so, please let me know.
Not a problem, again we'll be doing that as we go along, as that is one of the reasons for the Security Check

Now, as Security Check doesn't work at the moment, we can use other programs so ignore that for now

Also, just looked through your logs, and it looks like there is a mixture of all sorts on there. I'm going to post another program for you to run, it may take a while, maybe do it offline so it can be a bit quicker. It doesn't remove anything but produces two logs which I can look at and then we can remove a large bulk of stuff

It is possible for ISP's to have a cap on certain times of the day, or when loads of people are on it may start to get slower.

-----------

So, looking a bit deeper, can you uninstall these because they're not needed or are outdated or are dangerous to use.
If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later

YTD Toolbar v8.4
YTD Video Downloader 4.1
Smart Defrag 2




Then, after doing the above, can you run this program for me:

Download OTL to your Desktop


(Vista or Win 7 => right click and Run As Administrator)
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Select
    All Users
    LOP Check
    Purity Check
  • Under the Standard Registry box change it to All
  • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

    Code:
    DRIVES
    netsvcs
    activex
    msconfig
    drivers32
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    safebootminimal
    safebootnetwork
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %windir%\Installer\*.*
    %windir%\system32\tasks\*.*
    %windir%\system32\tasks\*.* /64
    %systemroot%\Fonts\*.exe
    %systemroot%\*. /mp /s
    /md5start
    pnrpnsp.dll
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    consrv.dll
    explorer.exe
    winlogon.exe
    regedit.exe
    Userinit.exe
    svchost.exe
    services.exe
    user32.dll
    atapi.sys
    csrss.exe
    PRINTISOLATIONHOST.EXE
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    %systemroot%\system32\drivers\*.sys /lockedfiles
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\* \s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    A black box will appear, this is part of the custom scan, so don't be alarmed
    IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic



eddie
goingcrazy123's Avatar
goingcrazy123 goingcrazy123 is offline
Member with 79 posts.
THREAD STARTER
 
Join Date: Dec 2013
19-Dec-2013, 12:57 PM #13
Cool I have Windows XP
Hi Eddie.

I'm back successfully from Germany. Thanks for patiently answering my questions. I'm doing the
Rogue Cleaner now, and then I'll do OTL. By the way, I have Windows XP. Will OTL run on that?

Smart Defrag is dangerous?! Ohmygawd. I specifically downloaded it as a way to solve the slow
computer. So is Disk Defragmenter just as good?

Larry
goingcrazy123's Avatar
goingcrazy123 goingcrazy123 is offline
Member with 79 posts.
THREAD STARTER
 
Join Date: Dec 2013
19-Dec-2013, 10:00 PM #14
Cool Rogue Killer Scan
Here's the Rogue Killer scan. I still have those PUP nasties:

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Larry [Admin rights]
Mode : Scan -- Date : 12/20/2013 00:31:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{A8ED60BD-364E-4BA8-9809-F7E168FE9B86} : NameServer (91.224.178.98 8.8.8.8 [(Unknown Country?) (XX) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{A8ED60BD-364E-4BA8-9809-F7E168FE9B86} : NameServer (91.224.178.98 8.8.8.8 [(Unknown Country?) (XX) - UNITED STATES (US)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) IC25N060ATMR04-0 +++++
--- User ---
[MBR] 4a93cad9ae61038bac51c785e5eb86ab
[BSP] bb66ff2940b9e6c2bc19e7fb77fd72e1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12202013_003147.txt >>
goingcrazy123's Avatar
goingcrazy123 goingcrazy123 is offline
Member with 79 posts.
THREAD STARTER
 
Join Date: Dec 2013
19-Dec-2013, 10:02 PM #15
?? Delete?
What should I do with these PUPs? Delete?
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑