1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please Check This Hijack Log. Thanks!!!

Discussion in 'Virus & Other Malware Removal' started by goingcrazy123, Dec 14, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. goingcrazy123

    goingcrazy123 Thread Starter

    Joined:
    Dec 14, 2013
    Messages:
    79
    Hello again! Here is my Hijack This Log.

    I would be VERY grateful if you would analyze this and let me know what is wrong. It looks like there
    are multiple versions of things running, and things installed that I do not use, like "Blekko" and "One Note."

    Please help me/ Thank you very much!

    Larry

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 9:25:26 PM, on 12/14/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    CHROME: 31.0.1650.63
    FIREFOX: 12.0 (en-US)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\JustCloud\BackupStack.exe
    C:\Documents and Settings\SAM\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\Wetelecom\LoadMdm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Documents and Settings\SAM\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe
    C:\Documents and Settings\SAM\My Documents\My Data Sources\HIJACK THIS\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
    R3 - URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.4\iobitappsToolbarIE.dll
    R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\8.4\ytdToolbarIE.dll
    O2 - BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.4\iobitappsToolbarIE.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Blekko Search Bar Helper Object - {BAE35237-8D73-44D0-905C-8A95EA1E7E69} - C:\Program Files\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll
    O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\8.4\ytdToolbarIE.dll
    O3 - Toolbar: Blekko Search Bar Toolbar - {EECF410C-006C-4A05-AD13-6741A0814DBF} - C:\Program Files\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll
    O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\8.4\ytdToolbarIE.dll
    O3 - Toolbar: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.4\iobitappsToolbarIE.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
    O4 - HKLM\..\Run: [LoadMdm] C:\Program Files\Wetelecom\LoadMdm.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Computer Backup (JustCloud) (BackupStack) - Just Develop It - C:\Program Files\JustCloud\BackupStack.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: HideMyIpSRV - Hide My IP - C:\Documents and Settings\SAM\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Documents and Settings\SAM\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Documents and Settings\ SAM \My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 7275 bytes
     
  2. goingcrazy123

    goingcrazy123 Thread Starter

    Joined:
    Dec 14, 2013
    Messages:
    79
    Dear Tech Support Representative,


    Hello again. I am posting here the two files, DDS and Attach. See below. I will post the GMER shortly. It has been a full 24 hours now, and I am still awaiting your help patiently. My problem is that my computer is working very slowly, taking a long time to load programs. The Google Chrome is causing a lot of problems. I see the hourglass constantly and wait a long time to open new web pages. I get the "Aw Snap!" message often. It looks like my internet connection is screwy, too. Almost twice as many bytes are received than are sent.


    I would like your help to uninstall Google Chrome completely. Mozilla Firefox works fine, so I'll use that. Can you help me uninstall Chrome safely, i.e. so that nothing important is disabled or deleted? Thank you.



    Yesterday I ran Malwarebytes and came up with 14 malware (PUP, Optional, OPEN CANDY, etc). I deleted them and ran the Malwarebytes again and it came up clean. However, I notice that the icon for my wireless modem on the bottom of my screen looks different now and has a red X over it. Did I delete something important?



    Thank you very much for your help!


    Larry







    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 6.0.2900.5512
    Run by Larry at 19:38:26 on 2013-12-15
    .
    ============== Running Processes ================
    .
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\JustCloud\BackupStack.exe
    C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\JustCloud\JustCloud.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\Wetelecom\LoadMdm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    mSearchAssistant = ${SEARCH_URL_IE7}
    uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.4\iobitappsToolbarIE.dll
    uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\8.4\ytdToolbarIE.dll
    BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.4\iobitappsToolbarIE.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Blekko Search Bar Helper Object: {BAE35237-8D73-44D0-905C-8A95EA1E7E69} - c:\program files\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll
    BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\8.4\ytdToolbarIE.dll
    TB: Blekko Search Bar Toolbar: {EECF410C-006C-4A05-AD13-6741A0814DBF} - c:\program files\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll
    TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\8.4\ytdToolbarIE.dll
    TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.4\iobitappsToolbarIE.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
    mRun: [LoadMdm] c:\program files\wetelecom\LoadMdm.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\windows\system32\HMIPCore.dll
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    TCP: NameServer = 91.224.178.5 77.88.8.8
    TCP: Interfaces\{7E534C27-275F-40F6-A235-5644656D47A8} : DHCPNameServer = 91.224.178.5 77.88.8.8
    TCP: Interfaces\{A8ED60BD-364E-4BA8-9809-F7E168FE9B86} : NameServer = 91.224.178.98 8.8.8.8
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\Larry\application data\mozilla\firefox\profiles\d6ynzd6q.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.ua/search?hl=en-UA&source=hp&biw=&bih=&q=set+firefox+as+default+browser&oq=set+firefox+as+default+browser&gs_l=firefox-hp.3..0l10.5767.13863.0.15073.30.17.0.13.13.2.394.3168.3j5j6j3.17.0....0...1ac.1.24.firefox-hp..4.26.2099.RbF9dvdT86s|https://support.mozilla.org/en-US/kb/how-make-web-links-open-firefox-default
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
    FF - plugin: c:\documents and settings\Larry\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\Larry\my documents\my data sources\vlc video\vlc\npvlc.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2013-12-12 16:27; [email protected]; c:\program files\avast software\avast\webrep\FF
    FF - ExtSQL: 2013-12-13 19:26; [email protected]; c:\program files\iobit apps toolbar\FF
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.spamfreesearch.autoRvrt - false
    FF - user.js: extensions.spamfreesearch_i.hmpg - true
    FF - user.js: extensions.spamfreesearch.hmpgUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=34762793000000000000000e35ae6694
    FF - user.js: extensions.spamfreesearch.dfltSrch - true
    FF - user.js: extensions.spamfreesearch.srchPrvdr - blekko
    FF - user.js: extensions.spamfreesearch.keyWordUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=34762793000000000000000e35ae6694&q=
    FF - user.js: extensions.spamfreesearch_i.dnsErr - true
    FF - user.js: extensions.spamfreesearch_i.newTab - true
    FF - user.js: extensions.spamfreesearch.newTabUrl - chrome://spamfreesearch/content/new browser tab.html?source=5f97ddbe&tbp=tab&u=34762793000000000000000e35ae6694
    FF - user.js: extensions.spamfreesearch.tlbrSrchUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=34762793000000000000000e35ae6694&q=
    FF - user.js: extensions.spamfreesearch.id - 34762793000000000000000e35ae6694
    FF - user.js: extensions.spamfreesearch.appId - {1005247F-A178-490A-8DC3-6BAF09EA427B}
    FF - user.js: extensions.spamfreesearch.instlDay - 15758
    FF - user.js: extensions.spamfreesearch.vrsn - 1.8.3.9
    FF - user.js: extensions.spamfreesearch.vrsni - 1.8.3.9
    FF - user.js: extensions.spamfreesearch_i.vrsnTs - 1.8.3.923:45:45
    FF - user.js: extensions.spamfreesearch.prtnrId - blekko
    FF - user.js: extensions.spamfreesearch.prdct - spamfreesearch
    FF - user.js: extensions.spamfreesearch.aflt - orgnl
    FF - user.js: extensions.spamfreesearch_i.smplGrp - none
    FF - user.js: extensions.spamfreesearch.tlbrId - base
    FF - user.js: extensions.spamfreesearch.instlRef - 5f97ddbe
    FF - user.js: extensions.spamfreesearch.dfltLng -
    FF - user.js: extensions.spamfreesearch.excTlbr - false
    FF - user.js: extensions.spamfreesearch.admin - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? cpudrv;cpudrv
    R? MBAMService;MBAMService
    R? wmdusbser;Wetelecom USB Device for Legacy Serial Communication
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    S? Application Updater;Application Updater
    S? aswFsBlk;aswFsBlk
    S? aswMonFlt;aswMonFlt
    S? aswRvrt;avast! Revert
    S? aswSnx;aswSnx
    S? aswSP;aswSP
    S? aswVmm;avast! VM Monitor
    S? avast! Antivirus;avast! Antivirus
    S? BackupStack;Computer Backup (JustCloud)
    S? HideMyIpSRV;HideMyIpSRV
    S? MBAMProtector;MBAMProtector
    S? MBAMScheduler;MBAMScheduler
    S? SmartDefragDriver;SmartDefragDriver
    .
    =============== Created Last 30 ================
    .
    2013-12-13 17:25:54 -------- d-----w- c:\program files\IObit Apps Toolbar
    2013-12-12 14:30:07 -------- d-----w- c:\documents and settings\Larry\application data\AVAST Software
    2013-12-12 14:27:53 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-12-12 14:27:52 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-12-12 14:27:51 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-12-12 14:27:50 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-12-12 14:27:38 43152 ----a-w- c:\windows\avastSS.scr
    2013-12-12 14:26:16 -------- d-----w- c:\program files\AVAST Software
    2013-12-12 14:17:51 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2013-12-12 11:23:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-12-11 17:26:13 -------- d-----w- c:\program files\YTD Toolbar
    .
    ==================== Find3M ====================
    .
    2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
    2013-10-12 14:54:29 668672 ----a-w- c:\windows\system32\wininet.dll
    2013-10-12 14:54:28 81920 ------w- c:\windows\system32\ieencode.dll
    2013-10-12 14:54:28 61952 ----a-w- c:\windows\system32\tdc.ocx
    2013-10-12 11:54:35 369664 ------w- c:\windows\system32\html.iec
    2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
    2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
    2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
    .
    ============= FINISH: 19:50:51.10 ===============




    ATTACH file:





    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/27/2011 12:53:32 PM
    System Uptime: 12/15/2013 4:50:47 PM (3 hours ago)
    .
    Motherboard: TOSHIBA | | EAL20
    Processor: Intel(R) Pentium(R) M processor 1.60GHz | BAN | 1598/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 18.004 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\CMP0101\2&DABA3FF&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\CMP0101\2&DABA3FF&0
    Service:
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\65404E1A23F53
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\65404E1A23F53
    Service: NIC1394
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Modem
    Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_00011179&REV_03\3&61AAA01&0&FE
    Manufacturer:
    Name: PCI Modem
    PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_00011179&REV_03\3&61AAA01&0&FE
    Service:
    .
    ==== Installed Programs ======================
    .
    µTorrent
    A-PDF Split 2.4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.8)
    Adobe Shockwave Player 11.6
    Adolix Split and Merge PDF v1.7
    avast! Free Antivirus
    BCL easyConverter Desktop 3 (Word Version)
    Blekko Search Bar
    CCleaner
    EasyCleaner
    Google Chrome
    Hide My IP 5.4
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PROSet/Wireless Software
    IObit Apps Toolbar v8.4
    JustCloud
    Ken Ward's Makeup 0.901
    Linguata Hungarian 2.4
    Linguata Ukrainian 2.3
    Malwarebytes Anti-Malware version 1.75.0.1300
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MindMaster
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    mPfMgr
    mPfWiz
    mProSafe
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    mZConfig
    PDF24 Creator 5.4.0
    Platform
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
    Security Update for Windows Media Player (KB2803821-v2)
    Security Update for Windows Media Player (KB2803821)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647516)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2675157)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2699988)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2722913)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2744842)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2761465)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2792100)
    Security Update for Windows XP (KB2797052)
    Security Update for Windows XP (KB2799329)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2809289)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2817183)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Security Update for Windows XP (KB2829530)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2838727)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2846071)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850851)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862152)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2862772)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2868626)
    Security Update for Windows XP (KB2870699)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876315)
    Security Update for Windows XP (KB2876331)
    Security Update for Windows XP (KB2879017)
    Security Update for Windows XP (KB2883150)
    Security Update for Windows XP (KB2888505)
    Security Update for Windows XP (KB2900986)
    Security Update for Windows XP (KB923789)
    Skype™ 5.5
    Smart Defrag 2
    System Requirements Lab for Intel
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2863058)
    VIA Platform Device Manager
    VLC media player 2.0.5
    WebFldrs XP
    Wetelecom
    Windows Genuine Advantage Notifications (KB905474)
    Windows XP Service Pack 3
    WinRAR 4.01 (32-bit)
    YTD Toolbar v8.4
    YTD Video Downloader 4.1
    .
    ==== End Of File ===========================
     
  3. goingcrazy123

    goingcrazy123 Thread Starter

    Joined:
    Dec 14, 2013
    Messages:
    79
    Here is the GMER file:

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-12-16 00:08:56
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD4A 55.89GB
    Running: wi07yquv.exe; Driver: C:\DOCUME~1\Larry\LOCALS~1\Temp\axrdrfow.sys


    ---- System - GMER 2.1 ----

    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xEE2FDB10]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xEE2FE5EE]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xEE34243E]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xEE30A5E0]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xEE30A62C]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xEE30A7C6]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xEE341DF2]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xEE30A54E]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xEE30A670]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xEE30A596]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xEE2FEB24]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xEE30A780]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xEE2FF3DC]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xEE2FDB76]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xEE342B04]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xEE342DBA]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xEE302B58]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xEE34296F]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xEE3427DA]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xEE2FD75E]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xEE2FDBDC]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xEE302F4E]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xEE2FFE6C]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xEE30A60A]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xEE30A64E]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xEE30A7EA]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xEE34214E]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xEE30A574]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xEE302452]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xEE30A6FE]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xEE30A5BE]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xEE30283A]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xEE30A7A4]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xEE3B30CC]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xEE342655]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xEE2FFD38]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xEE3424A7]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xEE2FF88E]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xEE3C0F22]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xEE341438]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xEE2FDC42]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xEE2FDCA8]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xEE2FF256]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xEE2FD7F8]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xEE2FD9CE]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xEE342C0B]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xEE2FD95C]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xEE2FF5A6]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xEE2FF708]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xEE2FDA56]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xEE2FF094]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xEE2FF236]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xEE2FDD0E]
    SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xEE2FE64A]

    INT 0x62 ? 85F98CB8
    INT 0x73 ? 85CD8F00
    INT 0x74 ? 85CD8F00
    INT 0x82 ? 85F98CB8
    INT 0x84 ? 85CD8F00
    INT 0xA4 ? 85CD8F00

    ---- Kernel code sections - GMER 2.1 ----

    .text ntoskrnl.exe!_abnormal_termination + 220 804E27F4 4 Bytes [EA, A7, 30, EE]
    .text ntoskrnl.exe!_abnormal_termination + 34D 804E2921 3 Bytes [0F, 3C, EE]
    .text ntoskrnl.exe!_abnormal_termination + 398 804E296C 12 Bytes [42, DC, 2F, EE, A8, DC, 2F, ...] {INC EDX; FSUBR QWORD [EDI]; OUT DX, AL; TEST AL, 0xdc; DAS ; OUT DX, AL; PUSH ESI; DAS ; OUT DX, AL}
    .text ntoskrnl.exe!_abnormal_termination + 440 804E2A14 12 Bytes [A6, F5, 2F, EE, 08, F7, 2F, ...] {CMPSB ; CMC ; DAS ; OUT DX, AL; OR BH, DH; DAS ; OUT DX, AL; PUSH ESI; FISUBR DWORD [EDI]; OUT DX, AL}
    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BC20 4 Bytes CALL EE300519 \??\C:\WINDOWS\system32\drivers\aswSnx.sys
    ? wvckn.sys The system cannot find the file specified. !
    .text sptd.sys F75CD000 32 Bytes [E0, 16, 6F, 80, 5E, 67, 6F, ...]
    .text sptd.sys F75CD024 424 Bytes [7D, 6E, 50, 80, 44, B8, 54, ...]
    .text sptd.sys F75CD1D4 4 Bytes [F3, A5, 6A, 4D] {REP MOVSD ; PUSH 0x4d}
    .text sptd.sys F75CD1DC 1 Byte [02]
    .text sptd.sys F75CD1E0 1 Byte [21]
    .text ...
    .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF76779E3]
    ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
    ? C:\DOCUME~1\JOHANN~1\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Application Updater\ApplicationUpdater.exe[188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Application Updater\ApplicationUpdater.exe[188] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\JustCloud\BackupStack.exe[268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\JustCloud\BackupStack.exe[268] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe[428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Documents and Settings\Larry\My Documents\Downloads\wi07yquv.exe[564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Larry\My Documents\Downloads\wi07yquv.exe[564] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\smss.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[720] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1468] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[1796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[1796] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1916] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\hkcmd.exe[3036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\hkcmd.exe[3036] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\igfxpers.exe[3068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\igfxpers.exe[3068] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[3076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[3076] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3164] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3232] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3304] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3432] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Wetelecom\LoadMdm.exe[3484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Wetelecom\LoadMdm.exe[3484] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[3632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[3632] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3736] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe[3784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe[3784] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]

    ---- Devices - GMER 2.1 ----

    Device \FileSystem\Ntfs \Ntfs 85F971E8

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys

    Device \Driver\usbuhci \Device\USBPDO-0 85E4E1E8
    Device \Driver\usbuhci \Device\USBPDO-1 85E4E1E8
    Device \Driver\usbuhci \Device\USBPDO-2 85E4E1E8
    Device \Driver\usbehci \Device\USBPDO-3 85D171E8

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys

    Device \Driver\Cdrom \Device\CdRom0 85E2E1E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F751BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [F751BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F751BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F751BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\NetBT \Device\NetBt_Wins_Export 855671E8
    Device \Driver\NetBT \Device\NetbiosSmb 855671E8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{A8ED60BD-364E-4BA8-9809-F7E168FE9B86} 855671E8

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys

    Device \Driver\NetBT \Device\NetBT_Tcpip_{B89DC8AB-932D-4464-8E64-BEAD0EB3B2B9} 855671E8
    Device \Driver\usbuhci \Device\USBFDO-0 85E4E1E8
    Device \Driver\usbuhci \Device\USBFDO-1 85E4E1E8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 855621E8
    Device \Driver\usbuhci \Device\USBFDO-2 85E4E1E8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 855621E8
    Device \Driver\usbehci \Device\USBFDO-3 85D171E8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{7E534C27-275F-40F6-A235-5644656D47A8} 855671E8
    Device \FileSystem\Cdfs \Cdfs 85553430

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 165238
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Hiya and welcome to Tech Support Guy :)

    Lets have a look and see what we have on there ;)

    Firstly, OneNote is part of Microsoft's software, so don't worry about that entry. However, I do see some other things, so lets get started.


    ---------

    Uninstalling Google Chrome is easy, and we can backup any favourites etc. If you wish to back them up, just select the Export Bookmarks from Chrome section here:

    https://support.google.com/chrome/answer/96816?hl=en-GB

    Then, go to Start | Control Panel | AddRemove Programs.

    Look for Google Chrome, and click on it to highlight it. Then, click on Uninstall at the top, and it will uninstall it :)

    ---

    MBAM rarely deletes anything that would cause problems, but if you have the log it produced, we can see what it did remove.

    ---

    P2P Warning!

    • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

      µTorrent

      Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
      Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

      I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

      Please read these short reports on the dangers of peer-2-peer programs and file sharing.

      I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

      If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.

    ----------------------------
    Now that's out of the way, lets carry on :)



    First, go back to AddRemove programs and uninstall these:

    Blekko Search Bar
    IObit Apps Toolbar v8.4



    Then, run the following tools. As you have a slow connection, download them all (only one will need updating online) and then run them in the order I post them :)

    ---

    Download Security Check from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    ----


    Download and scan with SUPERAntiSpyware Free Edition for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Home" button to leave the control center screen.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click Scan your computer.
    • On the left, select all fixed drives.
    • Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click View Scan Logs.
        [*]Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
        [*]If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
        [*]Please copy and paste the Scan Log results in your next reply.
      [*]Click Close to exit the program.


    ----

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    ---

    Go here, then click the large blue "Download Now @ Bleeping Computer" link to download and save AdwCleaner.exe to your desktop.

    Note: It looks like a gray bug with 6 black legs.

    Close all open windows first, then double-click AdwCleaner.exe to load its main window.

    Click the Scan button, then click "OK".

    Allow the scan process to finish.

    If it appears to freeze, be patient for a few minutes.

    When it's finished, click on the Report button.

    Return here to your thread, then copy-and-paste the ENTIRE log here

    ----

    Please include the MBAM log, SUPERAntiSpyware Scan Log, checkup.txt, JRT.txt and adwCleaner[R1].txt in your next reply

    eddie
     
  5. goingcrazy123

    goingcrazy123 Thread Starter

    Joined:
    Dec 14, 2013
    Messages:
    79
    [FONT=&quot]Hi Eddie.

    Thanks for getting back to me. I am just getting started. (I have to cross the border into Germany tomorrow, so I might not be able to continue all this until I get back in 1-2 days). I haven't done your things yet - I will now - but I just ran another MalwareBytes scan, and it looks like I have a Trojan, plus the same PUP things. Please take a look at the log below.

    I will do your other scans and post the logs now.

    Thanks again for your help.

    Larry

    [/FONT] Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.12.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Larry [administrator]

    12/17/2013 5:07:30 PM
    MBAM-log-2013-12-17 Tues.txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 108024
    Time elapsed: 2 hour(s), 24 minute(s), 7 second(s) [aborted]

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MTS Connect (Trojan.Monder) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 7
    C:\Documents and Settings\Larry\Local Settings\Temp\utt12.tmp (PUP.Optional.OpenCandy) -> No action taken.
    C:\Documents and Settings\Larry\My Documents\Downloads\SoftonicDownloader_for_xp-tools.exe (PUP.Optional.Softonic.A) -> No action taken.
    C:\Documents and Settings\Larry\My Documents\Gabor's Downloads\DTLite4413-0173.exe (PUP.Optional.OpenCandy) -> No action taken.
    C:\Documents and Settings\Larry\My Documents\LOG\MONEY MANAGEMENT\ETFS\[Health][Raw_Food][Education]_David_Wolfe-The_Sunfood_Diet_Succe_secure.exe (PUP.Optional.Topmedia) -> No action taken.
    C:\Documents and Settings\Larry\My Documents\My Data Sources\Driver Cleaner\SoftonicDownloader_for_xp-tools.exe (PUP.Optional.Softonic.A) -> No action taken.
    C:\Program Files\Wetelecom\DrvInst2.dll (Trojan.Monder) -> No action taken.
    C:\Program Files\Wetelecom\uninst.exe (Trojan.Monder) -> No action taken.

    (end)
     
  6. goingcrazy123

    goingcrazy123 Thread Starter

    Joined:
    Dec 14, 2013
    Messages:
    79
    Hi Eddie.

    So far I have uninstalled Blekko tool bar, Iobit tool bar, uTorrent, and Google Chrome and ran CC cleaner to clear the cache and registry.

    Unfortunately, when I went to do the first scan you recommended - "Security Check" - I was unable to, because
    the web page simply does not come up. I keep getting the message "page will not load". Can you give me another internet location where I can find the software and download it?

    Should I move on to the second scan you recommend, or do I need to do the "Security Check" scan first??

    Please inform. Thanks for your help.

    Larry
     
  7. goingcrazy123

    goingcrazy123 Thread Starter

    Joined:
    Dec 14, 2013
    Messages:
    79
    The connection was reset




    Every time I try to go to the website where "security check" is by screen317, I get this message:


    The connection to the server was reset while the page was loading.




    The site could be temporarily unavailable or too busy. Try again in a few
    moments.
    If you are unable to load any pages, check your computer's network
    connection.
    If your computer or network is protected by a firewall or proxy, make sure
    that Firefox is permitted to access the Web.


    Can you tell me how to fix this? This has only started happening after uninstalling Google Chrome. Thanks!

    Larry
     
  8. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Sorry, was working a bit late last night.

    I've just tried, and it works. Just clicking on the link should start the download. However, try the other things for now, we can always do that part later on.

    With regards to MalwareBytes, if you re-run it but let the program remove the entries it found, that may help.

    I'm not sure, but you may have a rogue program on there. So, if you still have problems with any of the above, can you try this:

    Download RogueKiller to your desktop

    1. Quit all running programs
    2. For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    3. Wait until the Pre-scan has finished.
    4. Click on Scan
    5. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    6. Click on Report and copy/paste the contents here.
     
  9. goingcrazy123

    goingcrazy123 Thread Starter

    Joined:
    Dec 14, 2013
    Messages:
    79
    Hi Eddie.

    Okay, here is the JRT log. I updated my Mozilla browser, so maybe I can open Security Check now. This is a slow process, because my computer is still dragging its feet. Bear with me! Thanks.

    Some Other Questions For You

    1. As you've probably noticed, I have a lot of MS Security Updates and "Hotfixes." Do I REALLY need to clutter up my hard drive with all these things?? Do I have to download these things every time they become available?

    2. I never use programs like Games, Outlook Express, Windows Media Player, etc. Can you tell me how to delete/uninstall them?

    3. What is "CAPICOM"? I notice it is installed on my computer.

    4. What is "Vinyl Deck"? I notice it is installed on my computer.

    5. In general, I just want to get rid of anything I do not need or use. Is it safe to delete files in the Program Files folder on my C drive after I have already uninstalled the programs? I notice that a lot of installation and exe files remain behind even after I have uninstalled the original programs.

    6. Do you see any redundant programs on my hard drive, like for example, two versions of Adobe, one older and one newer? If so, please let me know.

    Thank you for your help. See the JRT Log below.

    Larry

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Microsoft Windows XP x86
    Ran by Larry on Wed 12/18/2013 at 15:13:25.15
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] application updater
    Successfully deleted: [Service] application updater
    Successfully stopped: [Service] backupstack
    Successfully deleted: [Service] backupstack



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1214440339-1592454029-839522115-1003\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
    Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
    Successfully deleted: [Folder] "C:\Documents and Settings\Larry\Application Data\search settings"
    Successfully deleted: [Folder] "C:\Documents and Settings\Larry\Application Data\ytd"
    Successfully deleted: [Folder] "C:\Documents and Settings\Larry\Local Settings\Application Data\conduit"
    Successfully deleted: [Folder] "C:\Program Files\application updater"
    Successfully deleted: [Folder] "C:\Program Files\conduit"
    Successfully deleted: [Folder] "C:\Program Files\ytd toolbar"
    Failed to delete: [Folder] "C:\Program Files\Common Files\spigot"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"



    ~~~ FireFox

    Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
    Successfully deleted: [File] C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\d6ynzd6q.default\user.js
    Successfully deleted: [File] C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\d6ynzd6q.default\searchplugins\spamfreesearch.xml
    Successfully deleted: [Folder] C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\d6ynzd6q.default\conduitcommon
    Successfully deleted the following from C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\d6ynzd6q.default\prefs.js

    user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
    user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
    user_pref("CT2786678.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT2786678&octid=CT2786678&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
    user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
    user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
    user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
    user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
    user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
    user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT2786678", "b5I8zzzMgsg0XG/fawLlFw==");
    user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
    user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT2786678", "9uXRY86McHhmOreOHsv6MA==");
    user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
    user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT2786678", "I1tfz7EBg4DmNytL9x55lQ==");
    user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
    user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT2786678", "ZI41WLbm1fFgx4gn0bs99Q==");
    user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Larry\\Application Data\\Mozilla\\Firefox\\Profiles\\d6ynzd6q.default\\conduitCom
    user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.20.0.4");
    user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMode=standard ", "483x533");
    user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
    user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
    user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
    user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
    user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 16 2012 14:18:02 GMT+0300 (FLE Daylight Time)");
    user_pref("CommunityToolbar.globalUserId", "fdd0173e-3c17-4b0b-8110-7b08bf94a8c7");
    user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 21 2013 14:08:20 GMT+0200 (FLE Standard Time)");
    user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
    user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Nov 03 2013 10:44:10 GMT+0200 (FLE Standard Time)");
    user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    user_pref("CommunityToolbar.notifications.locale", "");
    user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
    user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Nov 21 2013 14:08:20 GMT+0200 (FLE Standard Time)");
    user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
    user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    user_pref("CommunityToolbar.notifications.userId", "5cba3b68-b884-4b3f-af9f-0288aff3e43d");
    user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
    user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
    user_pref("extensions.BabylonToolbar_i.newTab", true);
    user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=34762793000000000000000e35ae6694");
    user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=34762793000000000000000e35ae6694");
    user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=34762793000000000000000e35ae6694&q=");
    user_pref("extensions.spamfreesearch.prtnrId", "blekko");
    user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
    user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=34762793000000000000000e35ae6694&q=");





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 12/18/2013 at 15:27:47.17
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. goingcrazy123

    goingcrazy123 Thread Starter

    Joined:
    Dec 14, 2013
    Messages:
    79
    Hi Eddie.

    Here's the Adware Cleaner Log. I will send the others next. Thank you.

    Larry

    # AdwCleaner v3.015 - Report created 18/12/2013 at 16:14:49
    # Updated 10/12/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Larry - LARRY-PC
    # Running from : C:\Documents and Settings\Larry\My Documents\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Documents and Settings\Larry\Desktop\JustCloud.lnk
    File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
    Folder Found C:\Program Files\Common Files\Spigot
    Folder Found C:\Program Files\GreenTree Applications

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\582d9dfb63be542
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Found : HKCU\Software\Search Settings
    Key Found : HKCU\Software\WEDLMNGR
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
    Key Found : HKLM\Software\Search Settings
    Key Found : HKLM\Software\Uniblue
    Key Found : HKLM\Software\Uniblue\DriverScanner
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v6.0.2900.5512


    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\d6ynzd6q.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [3179 octets] - [18/12/2013 16:14:49]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3239 octets] ##########
     
  11. goingcrazy123

    goingcrazy123 Thread Starter

    Joined:
    Dec 14, 2013
    Messages:
    79
    Here's the new Adware Log after cleaning. See below.

    My computer is still operating hellishly slowly. I needed to make an urgent phone call today via Skype to Germany by the close of business and did not make it, simply because the Skype application loaded too slowly.

    QUESTION:

    I pay for a broadband DSL service (not Wi-Fi or dial-up). Is it possible that during certain early evening hours, internet use in my immediate vicinity is heavy, and that explains for the slower connection? Or doesn't it matter how many people are using my provider's services? Is there some sort of logical connection?

    Can you suggest another location for Security Check? I have been unable to access the web site that you gave me (via Firefox), so I still have not been able to run that check.

    I will check for rogues upon my return from Germany. Here is the new Adware:

    Thank you for your help!

    Larry

    # AdwCleaner v3.015 - Report created 18/12/2013 at 19:51:56
    # Updated 10/12/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Larry - LARRY-PC
    # Running from : C:\Documents and Settings\Larry\My Documents\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Deleted : C:\Documents and Settings\Larry\Start Menu\Programs\Startup\JustCloud.lnk

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v6.0.2900.5512


    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\d6ynzd6q.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [3319 octets] - [18/12/2013 16:14:49]
    AdwCleaner[R1].txt - [1075 octets] - [18/12/2013 18:55:43]
    AdwCleaner[S0].txt - [3397 octets] - [18/12/2013 16:36:49]
    AdwCleaner[S1].txt - [1000 octets] - [18/12/2013 19:51:56]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1060 octets] ##########
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Okay, first lets look at the other questions :)

    With the amount of infections caused by exploits of software etc, and the fact that these are security updates and will protect you from all sorts, I highly advise to keep them installed.

    Well, Outlook Express I suppose can go, but then sometimes Microsoft doesn't like it when things like these get uninstalled. In fact, not sure if you will be able to. With regards to Windows Media Player, I would also keep this, as it has codecs etc that you may need in the future.

    This is needed by your computer, and without it, you may run into some problems. It includes functionality for authentication using digital signatures, for enveloping messages, and for encrypting and decrypting data.

    I've no idea, I'll look at that in a bit more detail in a bit.

    Sometimes yes, but again it depends on what programs. Again, we can look at that in a bit more depth, once we've removed any malware you have first ;)

    Not a problem, again we'll be doing that as we go along, as that is one of the reasons for the Security Check :)

    Now, as Security Check doesn't work at the moment, we can use other programs so ignore that for now ;)

    Also, just looked through your logs, and it looks like there is a mixture of all sorts on there. I'm going to post another program for you to run, it may take a while, maybe do it offline so it can be a bit quicker. It doesn't remove anything but produces two logs which I can look at and then we can remove a large bulk of stuff :)

    It is possible for ISP's to have a cap on certain times of the day, or when loads of people are on it may start to get slower.

    -----------

    So, looking a bit deeper, can you uninstall these because they're not needed or are outdated or are dangerous to use.
    If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later :)

    YTD Toolbar v8.4
    YTD Video Downloader 4.1
    Smart Defrag 2




    Then, after doing the above, can you run this program for me:

    Download OTL to your Desktop


    (Vista or Win 7 => right click and Run As Administrator)

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Standard Output.
    • Select
      All Users
      LOP Check
      Purity Check
    • Under the Standard Registry box change it to All
    • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

      Code:
      DRIVES
      netsvcs
      activex
      msconfig
      drivers32
      %systemroot%\assembly\GAC_32\*.ini
      %systemroot%\assembly\GAC_64\*.ini
      %ALLUSERSPROFILE%\Application Data\*.exe
      %APPDATA%\*.
      safebootminimal
      safebootnetwork
      %SYSTEMDRIVE%\*.*
      %PROGRAMFILES%\*.exe
      %LOCALAPPDATA%\*.exe
      %windir%\Installer\*.*
      %windir%\system32\tasks\*.*
      %windir%\system32\tasks\*.* /64
      %systemroot%\Fonts\*.exe
      %systemroot%\*. /mp /s
      /md5start
      pnrpnsp.dll
      nwprovau.dll
      nlaapi.dll
      napinsp.dll
      mswsock.dll
      winrnr.dll
      wshelper.dll
      consrv.dll
      explorer.exe
      winlogon.exe
      regedit.exe
      Userinit.exe
      svchost.exe
      services.exe
      user32.dll
      atapi.sys
      csrss.exe
      PRINTISOLATIONHOST.EXE
      /md5stop
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemdrive%\$Recycle.Bin|@;true;true;true /fp
      %systemroot%\system32\drivers\*.sys /lockedfiles
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\* \s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      A black box will appear, this is part of the custom scan, so don't be alarmed ;)
      IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic



    eddie
     
  13. goingcrazy123

    goingcrazy123 Thread Starter

    Joined:
    Dec 14, 2013
    Messages:
    79
    Hi Eddie.

    I'm back successfully from Germany. Thanks for patiently answering my questions. I'm doing the
    Rogue Cleaner now, and then I'll do OTL. By the way, I have Windows XP. Will OTL run on that?

    Smart Defrag is dangerous?! Ohmygawd. I specifically downloaded it as a way to solve the slow
    computer. So is Disk Defragmenter just as good?

    Larry
     
  14. goingcrazy123

    goingcrazy123 Thread Starter

    Joined:
    Dec 14, 2013
    Messages:
    79
    Here's the Rogue Killer scan. I still have those PUP nasties:

    RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Larry [Admin rights]
    Mode : Scan -- Date : 12/20/2013 00:31:47
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [DNS][PUM] HKLM\[...]\CCSet\[...]\{A8ED60BD-364E-4BA8-9809-F7E168FE9B86} : NameServer (91.224.178.98 8.8.8.8 [(Unknown Country?) (XX) - UNITED STATES (US)]) -> FOUND
    [DNS][PUM] HKLM\[...]\CS001\[...]\{A8ED60BD-364E-4BA8-9809-F7E168FE9B86} : NameServer (91.224.178.98 8.8.8.8 [(Unknown Country?) (XX) - UNITED STATES (US)]) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) IC25N060ATMR04-0 +++++
    --- User ---
    [MBR] 4a93cad9ae61038bac51c785e5eb86ab
    [BSP] bb66ff2940b9e6c2bc19e7fb77fd72e1 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_12202013_003147.txt >>
     
  15. goingcrazy123

    goingcrazy123 Thread Starter

    Joined:
    Dec 14, 2013
    Messages:
    79
    What should I do with these PUPs? Delete?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1115296