# Please Check This Hijack Log. Thanks!!!



## goingcrazy123 (Dec 14, 2013)

Hello again! Here is my Hijack This Log.

I would be VERY grateful if you would analyze this and let me know what is wrong. It looks like there
are multiple versions of things running, and things installed that I do not use, like "Blekko" and "One Note."

Please help me/ Thank you very much!

Larry

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:25:26 PM, on 12/14/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
CHROME: 31.0.1650.63
FIREFOX: 12.0 (en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\JustCloud\BackupStack.exe
C:\Documents and Settings\SAM\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Wetelecom\LoadMdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\SAM\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe
C:\Documents and Settings\SAM\My Documents\My Data Sources\HIJACK THIS\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
R3 - URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.4\iobitappsToolbarIE.dll
R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\8.4\ytdToolbarIE.dll
O2 - BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.4\iobitappsToolbarIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Blekko Search Bar Helper Object - {BAE35237-8D73-44D0-905C-8A95EA1E7E69} - C:\Program Files\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll
O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\8.4\ytdToolbarIE.dll
O3 - Toolbar: Blekko Search Bar Toolbar - {EECF410C-006C-4A05-AD13-6741A0814DBF} - C:\Program Files\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll
O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\8.4\ytdToolbarIE.dll
O3 - Toolbar: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\8.4\iobitappsToolbarIE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [LoadMdm] C:\Program Files\Wetelecom\LoadMdm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Computer Backup (JustCloud) (BackupStack) - Just Develop It - C:\Program Files\JustCloud\BackupStack.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HideMyIpSRV - Hide My IP - C:\Documents and Settings\SAM\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Documents and Settings\SAM\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Documents and Settings\ SAM \My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7275 bytes


----------



## goingcrazy123 (Dec 14, 2013)

Dear Tech Support Representative,

Hello again. I am posting here the two files, DDS and Attach. See below. I will post the GMER shortly. It has been a full 24 hours now, and I am still awaiting your help patiently. My problem is that my computer is working very slowly, taking a long time to load programs. The Google Chrome is causing a lot of problems. I see the hourglass constantly and wait a long time to open new web pages. I get the "Aw Snap!" message often. It looks like my internet connection is screwy, too. Almost twice as many bytes are received than are sent.

I would like your help to uninstall Google Chrome completely. Mozilla Firefox works fine, so I'll use that. Can you help me uninstall Chrome safely, i.e. so that nothing important is disabled or deleted? Thank you.

Yesterday I ran Malwarebytes and came up with 14 malware (PUP, Optional, OPEN CANDY, etc). I deleted them and ran the Malwarebytes again and it came up clean. However, I notice that the icon for my wireless modem on the bottom of my screen looks different now and has a red X over it. Did I delete something important?

Thank you very much for your help!

Larry

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 6.0.2900.5512
Run by Larry at 19:38:26 on 2013-12-15
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\JustCloud\BackupStack.exe
C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\JustCloud\JustCloud.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Wetelecom\LoadMdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
mSearchAssistant = ${SEARCH_URL_IE7}
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.4\iobitappsToolbarIE.dll
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\8.4\ytdToolbarIE.dll
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.4\iobitappsToolbarIE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Blekko Search Bar Helper Object: {BAE35237-8D73-44D0-905C-8A95EA1E7E69} - c:\program files\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\8.4\ytdToolbarIE.dll
TB: Blekko Search Bar Toolbar: {EECF410C-006C-4A05-AD13-6741A0814DBF} - c:\program files\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\8.4\ytdToolbarIE.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files\iobit apps toolbar\ie\8.4\iobitappsToolbarIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [LoadMdm] c:\program files\wetelecom\LoadMdm.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\HMIPCore.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 91.224.178.5 77.88.8.8
TCP: Interfaces\{7E534C27-275F-40F6-A235-5644656D47A8} : DHCPNameServer = 91.224.178.5 77.88.8.8
TCP: Interfaces\{A8ED60BD-364E-4BA8-9809-F7E168FE9B86} : NameServer = 91.224.178.98 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\Larry\application data\mozilla\firefox\profiles\d6ynzd6q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.ua/search?hl=en-UA&source=hp&biw=&bih=&q=set+firefox+as+default+browser&oq=set+firefox+as+default+browser&gs_l=firefox-hp.3..0l10.5767.13863.0.15073.30.17.0.13.13.2.394.3168.3j5j6j3.17.0....0...1ac.1.24.firefox-hp..4.26.2099.RbF9dvdT86s|https://support.mozilla.org/en-US/kb/how-make-web-links-open-firefox-default
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - plugin: c:\documents and settings\Larry\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\Larry\my documents\my data sources\vlc video\vlc\npvlc.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-12-12 16:27; [email protected]; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2013-12-13 19:26; [email protected]; c:\program files\iobit apps toolbar\FF
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.spamfreesearch.autoRvrt - false
FF - user.js: extensions.spamfreesearch_i.hmpg - true
FF - user.js: extensions.spamfreesearch.hmpgUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=34762793000000000000000e35ae6694
FF - user.js: extensions.spamfreesearch.dfltSrch - true
FF - user.js: extensions.spamfreesearch.srchPrvdr - blekko
FF - user.js: extensions.spamfreesearch.keyWordUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=34762793000000000000000e35ae6694&q=
FF - user.js: extensions.spamfreesearch_i.dnsErr - true
FF - user.js: extensions.spamfreesearch_i.newTab - true
FF - user.js: extensions.spamfreesearch.newTabUrl - chrome://spamfreesearch/content/new browser tab.html?source=5f97ddbe&tbp=tab&u=34762793000000000000000e35ae6694
FF - user.js: extensions.spamfreesearch.tlbrSrchUrl - hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=34762793000000000000000e35ae6694&q=
FF - user.js: extensions.spamfreesearch.id - 34762793000000000000000e35ae6694
FF - user.js: extensions.spamfreesearch.appId - {1005247F-A178-490A-8DC3-6BAF09EA427B}
FF - user.js: extensions.spamfreesearch.instlDay - 15758
FF - user.js: extensions.spamfreesearch.vrsn - 1.8.3.9
FF - user.js: extensions.spamfreesearch.vrsni - 1.8.3.9
FF - user.js: extensions.spamfreesearch_i.vrsnTs - 1.8.3.923:45:45
FF - user.js: extensions.spamfreesearch.prtnrId - blekko
FF - user.js: extensions.spamfreesearch.prdct - spamfreesearch
FF - user.js: extensions.spamfreesearch.aflt - orgnl
FF - user.js: extensions.spamfreesearch_i.smplGrp - none
FF - user.js: extensions.spamfreesearch.tlbrId - base
FF - user.js: extensions.spamfreesearch.instlRef - 5f97ddbe
FF - user.js: extensions.spamfreesearch.dfltLng - 
FF - user.js: extensions.spamfreesearch.excTlbr - false
FF - user.js: extensions.spamfreesearch.admin - false
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cpudrv;cpudrv
R? MBAMService;MBAMService
R? wmdusbser;Wetelecom USB Device for Legacy Serial Communication
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Application Updater;Application Updater
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;avast! VM Monitor
S? avast! Antivirus;avast! Antivirus
S? BackupStack;Computer Backup (JustCloud)
S? HideMyIpSRV;HideMyIpSRV
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? SmartDefragDriver;SmartDefragDriver
.
=============== Created Last 30 ================
.
2013-12-13 17:25:54 -------- d-----w- c:\program files\IObit Apps Toolbar
2013-12-12 14:30:07 -------- d-----w- c:\documents and settings\Larry\application data\AVAST Software
2013-12-12 14:27:53 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-12 14:27:52 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-12 14:27:51 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-12 14:27:50 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-12 14:27:38 43152 ----a-w- c:\windows\avastSS.scr
2013-12-12 14:26:16 -------- d-----w- c:\program files\AVAST Software
2013-12-12 14:17:51 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-12-12 11:23:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-11 17:26:13 -------- d-----w- c:\program files\YTD Toolbar
.
==================== Find3M ====================
.
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-12 14:54:29 668672 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 14:54:28 81920 ------w- c:\windows\system32\ieencode.dll
2013-10-12 14:54:28 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-10-12 11:54:35 369664 ------w- c:\windows\system32\html.iec
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 19:50:51.10 ===============

ATTACH file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2011 12:53:32 PM
System Uptime: 12/15/2013 4:50:47 PM (3 hours ago)
.
Motherboard: TOSHIBA | | EAL20
Processor: Intel(R) Pentium(R) M processor 1.60GHz | BAN | 1598/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 18.004 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: 
Device ID: ACPI\CMP0101\2&DABA3FF&0
Manufacturer: 
Name: 
PNP Device ID: ACPI\CMP0101\2&DABA3FF&0
Service: 
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\65404E1A23F53
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\65404E1A23F53
Service: NIC1394
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_00011179&REV_03\3&61AAA01&0&FE
Manufacturer: 
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_00011179&REV_03\3&61AAA01&0&FE
Service: 
.
==== Installed Programs ======================
.
µTorrent
A-PDF Split 2.4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
Adolix Split and Merge PDF v1.7
avast! Free Antivirus
BCL easyConverter Desktop 3 (Word Version)
Blekko Search Bar 
CCleaner
EasyCleaner
Google Chrome
Hide My IP 5.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet/Wireless Software
IObit Apps Toolbar v8.4
JustCloud 
Ken Ward's Makeup 0.901
Linguata Hungarian 2.4
Linguata Ukrainian 2.3
Malwarebytes Anti-Malware version 1.75.0.1300
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MindMaster
mIWA
mLogView
mMHouse
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
PDF24 Creator 5.4.0
Platform
REALTEK GbE & FE Ethernet PCI NIC Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2792100)
Security Update for Windows XP (KB2797052)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2809289)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2817183)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2829530)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2838727)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2846071)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2862772)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2870699)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2879017)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2888505)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923789)
Skype 5.5
Smart Defrag 2
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
VIA Platform Device Manager
VLC media player 2.0.5
WebFldrs XP
Wetelecom
Windows Genuine Advantage Notifications (KB905474)
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
YTD Toolbar v8.4
YTD Video Downloader 4.1
.
==== End Of File ===========================


----------



## goingcrazy123 (Dec 14, 2013)

Here is the GMER file:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-16 00:08:56
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD4A 55.89GB
Running: wi07yquv.exe; Driver: C:\DOCUME~1\Larry\LOCALS~1\Temp\axrdrfow.sys

---- System - GMER 2.1 ----

SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAddBootEntry [0xEE2FDB10]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xEE2FE5EE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwClose [0xEE34243E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEvent [0xEE30A5E0]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateEventPair [0xEE30A62C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xEE30A7C6]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateKey [0xEE341DF2]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateMutant [0xEE30A54E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSection [0xEE30A670]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xEE30A596]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateThread [0xEE2FEB24]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwCreateTimer [0xEE30A780]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xEE2FF3DC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xEE2FDB76]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteKey [0xEE342B04]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xEE342DBA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwDuplicateObject [0xEE302B58]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateKey [0xEE34296F]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xEE3427DA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwLoadDriver [0xEE2FD75E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xEE2FDBDC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xEE302F4E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xEE2FFE6C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEvent [0xEE30A60A]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenEventPair [0xEE30A64E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xEE30A7EA]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenKey [0xEE34214E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenMutant [0xEE30A574]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenProcess [0xEE302452]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSection [0xEE30A6FE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xEE30A5BE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenThread [0xEE30283A]
SSDT  \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwOpenTimer [0xEE30A7A4]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xEE3B30CC]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryKey [0xEE342655]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryObject [0xEE2FFD38]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueryValueKey [0xEE3424A7]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwQueueApcThread [0xEE2FF88E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSP.sys ZwRenameKey [0xEE3C0F22]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwRestoreKey [0xEE341438]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xEE2FDC42]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetBootOptions [0xEE2FDCA8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetContextThread [0xEE2FF256]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xEE2FD7F8]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xEE2FD9CE]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSetValueKey [0xEE342C0B]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwShutdownSystem [0xEE2FD95C]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendProcess [0xEE2FF5A6]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSuspendThread [0xEE2FF708]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xEE2FDA56]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateProcess [0xEE2FF094]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwTerminateThread [0xEE2FF236]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwVdmControl [0xEE2FDD0E]
SSDT \??\C:\WINDOWS\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xEE2FE64A]

INT 0x62 ? 85F98CB8
INT 0x73 ? 85CD8F00
INT 0x74 ? 85CD8F00
INT 0x82 ? 85F98CB8
INT 0x84 ? 85CD8F00
INT 0xA4 ? 85CD8F00

---- Kernel code sections - GMER 2.1 ----

.text ntoskrnl.exe!_abnormal_termination + 220 804E27F4 4 Bytes [EA, A7, 30, EE]
.text ntoskrnl.exe!_abnormal_termination + 34D 804E2921 3 Bytes [0F, 3C, EE]
.text ntoskrnl.exe!_abnormal_termination + 398 804E296C 12 Bytes [42, DC, 2F, EE, A8, DC, 2F, ...] {INC EDX; FSUBR QWORD [EDI]; OUT DX, AL; TEST AL, 0xdc; DAS ; OUT DX, AL; PUSH ESI; DAS ; OUT DX, AL}
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A14 12 Bytes [A6, F5, 2F, EE, 08, F7, 2F, ...] {CMPSB ; CMC ; DAS ; OUT DX, AL; OR BH, DH; DAS ; OUT DX, AL; PUSH ESI; FISUBR DWORD [EDI]; OUT DX, AL}
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BC20 4 Bytes CALL EE300519 \??\C:\WINDOWS\system32\drivers\aswSnx.sys
? wvckn.sys The system cannot find the file specified. !
.text sptd.sys F75CD000 32 Bytes [E0, 16, 6F, 80, 5E, 67, 6F, ...]
.text  sptd.sys F75CD024 424 Bytes [7D, 6E, 50, 80, 44, B8, 54, ...]
.text sptd.sys F75CD1D4 4 Bytes [F3, A5, 6A, 4D] {REP MOVSD ; PUSH 0x4d}
.text sptd.sys F75CD1DC 1 Byte [02]
.text sptd.sys F75CD1E0 1 Byte [21]
.text ... 
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF76779E3]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\DOCUME~1\JOHANN~1\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Application Updater\ApplicationUpdater.exe[188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Application Updater\ApplicationUpdater.exe[188] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\JustCloud\BackupStack.exe[268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\JustCloud\BackupStack.exe[268] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe[428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\Larry\My Documents\Downloads\wi07yquv.exe[564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Larry\My Documents\Downloads\wi07yquv.exe[564] kernel32.dll!GetBinaryTypeW + 80  7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[720] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 80  7C868E04 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1468] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1796] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1916] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2536] ntdll.dll!RtlDosSearchPath_U + 186  7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2536] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[3036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[3036] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[3068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[3068] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3076] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3164] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3232] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3304] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[3432] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Wetelecom\LoadMdm.exe[3484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Wetelecom\LoadMdm.exe[3484] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3632] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3736] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe[3784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe[3784] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs 85F971E8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys

Device \Driver\usbuhci \Device\USBPDO-0 85E4E1E8
Device \Driver\usbuhci \Device\USBPDO-1 85E4E1E8
Device \Driver\usbuhci \Device\USBPDO-2 85E4E1E8
Device \Driver\usbehci \Device\USBPDO-3 85D171E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys

Device \Driver\Cdrom \Device\CdRom0 85E2E1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F751BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F751BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F751BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F751BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export  855671E8
Device \Driver\NetBT \Device\NetbiosSmb 855671E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A8ED60BD-364E-4BA8-9809-F7E168FE9B86} 855671E8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{B89DC8AB-932D-4464-8E64-BEAD0EB3B2B9} 855671E8
Device \Driver\usbuhci \Device\USBFDO-0 85E4E1E8
Device \Driver\usbuhci \Device\USBFDO-1 85E4E1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 855621E8
Device \Driver\usbuhci \Device\USBFDO-2 85E4E1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 855621E8
Device \Driver\usbehci \Device\USBFDO-3 85D171E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7E534C27-275F-40F6-A235-5644656D47A8} 855671E8
Device \FileSystem\Cdfs \Cdfs 85553430

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 165238


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome to Tech Support Guy 

Lets have a look and see what we have on there 

Firstly, OneNote is part of Microsoft's software, so don't worry about that entry. However, I do see some other things, so lets get started.

---------



> I would like your help to uninstall Google Chrome completely. Mozilla Firefox works fine, so I'll use that. Can you help me uninstall Chrome safely, i.e. so that nothing important is disabled or deleted? Thank you.


Uninstalling Google Chrome is easy, and we can backup any favourites etc. If you wish to back them up, just select the *Export Bookmarks from Chrome* section here:

https://support.google.com/chrome/answer/96816?hl=en-GB

Then, go to Start | Control Panel | AddRemove Programs.

Look for Google Chrome, and click on it to highlight it. Then, click on Uninstall at the top, and it will uninstall it 

---



> Yesterday I ran Malwarebytes and came up with 14 malware (PUP, Optional, OPEN CANDY, etc). I deleted them and ran the Malwarebytes again and it came up clean. However, I notice that the icon for my wireless modem on the bottom of my screen looks different now and has a red X over it. Did I delete something important?


MBAM rarely deletes anything that would cause problems, but if you have the log it produced, we can see what it did remove.

---

*P2P Warning!*


*IMPORTANT* I notice there are signs of one or more *P2P (Person to Person) File Sharing Programs* on your computer.

* µTorrent*

Please note that as long as you are using any form of *Peer-to-Peer networking* and *downloading files* from non-documented sources, you can expect infestations of malware to occur 
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the *Guidelines for P2P Programs* where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Cyber Education Letter
File sharing infects 500,000 computers 
USAToday

I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via *Control Panel >> Add or Remove Programs*.

*If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.*

----------------------------
Now that's out of the way, lets carry on 

First, go back to AddRemove programs and uninstall these:

*Blekko Search Bar 
IObit Apps Toolbar v8.4
*

Then, run the following tools. As you have a slow connection, download them all (only one will need updating online) and then run them in the order I post them 

---

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

----

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

----








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

---

Go here, then click the large blue "Download Now @ Bleeping Computer" link to download and save *AdwCleaner.exe* to your desktop.

Note: It looks like a gray bug with 6 black legs.

Close all open windows first, then double-click *AdwCleaner.exe* to load its main window.

Click the *Scan* button, then click "OK".

Allow the scan process to finish.

If it appears to freeze, be patient for a few minutes.

When it's finished, click on the *Report* button.

Return here to your thread, then copy-and-paste the ENTIRE log here

----

Please include the *MBAM log, SUPERAntiSpyware Scan Log, checkup.txt, JRT.txt and adwCleaner[R1].txt *in your next reply

eddie_


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Thanks for getting back to me. I am just getting started. (I have to cross the border into Germany tomorrow, so I might not be able to continue all this until I get back in 1-2 days). I haven't done your things yet - I will now - but I just ran another MalwareBytes scan, and it looks like I have a Trojan, plus the same PUP things. Please take a look at the log below.

I will do your other scans and post the logs now.

Thanks again for your help.

Larry

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Larry [administrator]

12/17/2013 5:07:30 PM
MBAM-log-2013-12-17 Tues.txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 108024
Time elapsed: 2 hour(s), 24 minute(s), 7 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MTS Connect (Trojan.Monder) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Documents and Settings\Larry\Local Settings\Temp\utt12.tmp (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\Larry\My Documents\Downloads\SoftonicDownloader_for_xp-tools.exe (PUP.Optional.Softonic.A) -> No action taken.
C:\Documents and Settings\Larry\My Documents\Gabor's Downloads\DTLite4413-0173.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\Larry\My Documents\LOG\MONEY MANAGEMENT\ETFS\[Health][Raw_Food][Education]_David_Wolfe-The_Sunfood_Diet_Succe_secure.exe (PUP.Optional.Topmedia) -> No action taken.
C:\Documents and Settings\Larry\My Documents\My Data Sources\Driver Cleaner\SoftonicDownloader_for_xp-tools.exe (PUP.Optional.Softonic.A) -> No action taken.
C:\Program Files\Wetelecom\DrvInst2.dll (Trojan.Monder) -> No action taken.
C:\Program Files\Wetelecom\uninst.exe (Trojan.Monder) -> No action taken.

(end)


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

So far I have uninstalled Blekko tool bar, Iobit tool bar, uTorrent, and Google Chrome and ran CC cleaner to clear the cache and registry.

Unfortunately, when I went to do the first scan you recommended - "Security Check" - I was unable to, because
the web page simply does not come up. I keep getting the message "page will not load". Can you give me another internet location where I can find the software and download it?

Should I move on to the second scan you recommend, or do I need to do the "Security Check" scan first??

Please inform. Thanks for your help.

Larry


----------



## goingcrazy123 (Dec 14, 2013)

The connection was reset

Every time I try to go to the website where "security check" is by screen317, I get this message:

*
The connection to the server was reset while the page was loading.

The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.*

Can you tell me how to fix this? This has only started happening after uninstalling Google Chrome. Thanks!

Larry


----------



## eddie5659 (Mar 19, 2001)

Sorry, was working a bit late last night.

I've just tried, and it works. Just clicking on the link should start the download. However, try the other things for now, we can always do that part later on.

With regards to MalwareBytes, if you re-run it but let the program remove the entries it found, that may help.

I'm not sure, but you may have a rogue program on there. So, if you still have problems with any of the above, can you try this:

Download *RogueKiller* to your desktop


Quit all running programs 
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe 
Wait until the Pre-scan has finished.
Click on Scan
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Click on Report and copy/paste the contents here.


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Okay, here is the JRT log. I updated my Mozilla browser, so maybe I can open Security Check now. This is a slow process, because my computer is still dragging its feet. Bear with me! Thanks.

Some Other Questions For You

1. As you've probably noticed, I have a lot of MS Security Updates and "Hotfixes." Do I REALLY need to clutter up my hard drive with all these things?? Do I have to download these things every time they become available?

2. I never use programs like Games, Outlook Express, Windows Media Player, etc. Can you tell me how to delete/uninstall them?

3. What is "CAPICOM"? I notice it is installed on my computer.

4. What is "Vinyl Deck"? I notice it is installed on my computer.

5. In general, I just want to get rid of anything I do not need or use. Is it safe to delete files in the Program Files folder on my C drive after I have already uninstalled the programs? I notice that a lot of installation and exe files remain behind even after I have uninstalled the original programs.

6. Do you see any redundant programs on my hard drive, like for example, two versions of Adobe, one older and one newer? If so, please let me know.

Thank you for your help. See the JRT Log below.

Larry

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Larry on Wed 12/18/2013 at 15:13:25.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] application updater 
Successfully deleted: [Service] application updater 
Successfully stopped: [Service] backupstack 
Successfully deleted: [Service] backupstack

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1214440339-1592454029-839522115-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
Successfully deleted: [Folder] "C:\Documents and Settings\Larry\Application Data\search settings"
Successfully deleted: [Folder] "C:\Documents and Settings\Larry\Application Data\ytd"
Successfully deleted: [Folder] "C:\Documents and Settings\Larry\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\application updater"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\ytd toolbar"
Failed to delete: [Folder] "C:\Program Files\Common Files\spigot"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"

~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\d6ynzd6q.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\d6ynzd6q.default\searchplugins\spamfreesearch.xml
Successfully deleted: [Folder] C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\d6ynzd6q.default\conduitcommon
Successfully deleted the following from C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\d6ynzd6q.default\prefs.js

user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2786678.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT2786678&octid=CT2786678&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT2786678", "b5I8zzzMgsg0XG/fawLlFw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT2786678", "9uXRY86McHhmOreOHsv6MA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT2786678", "I1tfz7EBg4DmNytL9x55lQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT2786678", "ZI41WLbm1fFgx4gn0bs99Q==");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Larry\\Application Data\\Mozilla\\Firefox\\Profiles\\d6ynzd6q.default\\conduitCom
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.20.0.4");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMode=standard ", "483x533");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 16 2012 14:18:02 GMT+0300 (FLE Daylight Time)");
user_pref("CommunityToolbar.globalUserId", "fdd0173e-3c17-4b0b-8110-7b08bf94a8c7");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 21 2013 14:08:20 GMT+0200 (FLE Standard Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Nov 03 2013 10:44:10 GMT+0200 (FLE Standard Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Nov 21 2013 14:08:20 GMT+0200 (FLE Standard Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "5cba3b68-b884-4b3f-af9f-0288aff3e43d");
user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=34762793000000000000000e35ae6694");
user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=34762793000000000000000e35ae6694");
user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=34762793000000000000000e35ae6694&q=");
user_pref("extensions.spamfreesearch.prtnrId", "blekko");
user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=34762793000000000000000e35ae6694&q=");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/18/2013 at 15:27:47.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Here's the Adware Cleaner Log. I will send the others next. Thank you.

Larry

# AdwCleaner v3.015 - Report created 18/12/2013 at 16:14:49
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Larry - LARRY-PC
# Running from : C:\Documents and Settings\Larry\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Larry\Desktop\JustCloud.lnk
File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Folder Found C:\Program Files\Common Files\Spigot
Folder Found C:\Program Files\GreenTree Applications

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\582d9dfb63be542
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Uniblue\DriverScanner
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\d6ynzd6q.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [3179 octets] - [18/12/2013 16:14:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3239 octets] ##########


----------



## goingcrazy123 (Dec 14, 2013)

Here's the new Adware Log after cleaning. See below.

My computer is still operating hellishly slowly. I needed to make an urgent phone call today via Skype to Germany by the close of business and did not make it, simply because the Skype application loaded too slowly.

QUESTION:

I pay for a broadband DSL service (not Wi-Fi or dial-up). Is it possible that during certain early evening hours, internet use in my immediate vicinity is heavy, and that explains for the slower connection? Or doesn't it matter how many people are using my provider's services? Is there some sort of logical connection?

Can you suggest another location for Security Check? I have been unable to access the web site that you gave me (via Firefox), so I still have not been able to run that check.

I will check for rogues upon my return from Germany. Here is the new Adware:

Thank you for your help!

Larry

# AdwCleaner v3.015 - Report created 18/12/2013 at 19:51:56
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Larry - LARRY-PC
# Running from : C:\Documents and Settings\Larry\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Documents and Settings\Larry\Start Menu\Programs\Startup\JustCloud.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\d6ynzd6q.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [3319 octets] - [18/12/2013 16:14:49]
AdwCleaner[R1].txt - [1075 octets] - [18/12/2013 18:55:43]
AdwCleaner[S0].txt - [3397 octets] - [18/12/2013 16:36:49]
AdwCleaner[S1].txt - [1000 octets] - [18/12/2013 19:51:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1060 octets] ##########


----------



## eddie5659 (Mar 19, 2001)

Okay, first lets look at the other questions 



> 1. As you've probably noticed, I have a lot of MS Security Updates and "Hotfixes." Do I REALLY need to clutter up my hard drive with all these things?? Do I have to download these things every time they become available?


With the amount of infections caused by exploits of software etc, and the fact that these are security updates and will protect you from all sorts, I highly advise to keep them installed.



> 2. I never use programs like Games, Outlook Express, Windows Media Player, etc. Can you tell me how to delete/uninstall them?


Well, Outlook Express I suppose can go, but then sometimes Microsoft doesn't like it when things like these get uninstalled. In fact, not sure if you will be able to. With regards to Windows Media Player, I would also keep this, as it has codecs etc that you may need in the future.



> 3. What is "CAPICOM"? I notice it is installed on my computer.


This is needed by your computer, and without it, you may run into some problems. It includes functionality for authentication using digital signatures, for enveloping messages, and for encrypting and decrypting data.



> 4. What is "Vinyl Deck"? I notice it is installed on my computer.


I've no idea, I'll look at that in a bit more detail in a bit.



> 5. In general, I just want to get rid of anything I do not need or use. Is it safe to delete files in the Program Files folder on my C drive after I have already uninstalled the programs? I notice that a lot of installation and exe files remain behind even after I have uninstalled the original programs.


Sometimes yes, but again it depends on what programs. Again, we can look at that in a bit more depth, once we've removed any malware you have first 



> 6. Do you see any redundant programs on my hard drive, like for example, two versions of Adobe, one older and one newer? If so, please let me know.


Not a problem, again we'll be doing that as we go along, as that is one of the reasons for the Security Check 

Now, as Security Check doesn't work at the moment, we can use other programs so ignore that for now 

Also, just looked through your logs, and it looks like there is a mixture of all sorts on there. I'm going to post another program for you to run, it may take a while, maybe do it offline so it can be a bit quicker. It doesn't remove anything but produces two logs which I can look at and then we can remove a large bulk of stuff 

It is possible for ISP's to have a cap on certain times of the day, or when loads of people are on it may start to get slower.

-----------

So, looking a bit deeper, can you uninstall these because they're not needed or are outdated or are dangerous to use.
If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later 

*YTD Toolbar v8.4
YTD Video Downloader 4.1
Smart Defrag 2
*

Then, after doing the above, can you run this program for me:

Download *OTL* to your Desktop

*(Vista or Win 7 => right click and Run As Administrator)*


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Standard Output*.
Select 
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
DRIVES
netsvcs
activex
msconfig
drivers32
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
atapi.sys
csrss.exe
PRINTISOLATIONHOST.EXE
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\* \s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
```

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.
A black box will appear, this is part of the custom scan, so don't be alarmed 
*IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES*

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


eddie


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

I'm back successfully from Germany. Thanks for patiently answering my questions. I'm doing the 
Rogue Cleaner now, and then I'll do OTL. By the way, I have Windows XP. Will OTL run on that? 

Smart Defrag is dangerous?! Ohmygawd. I specifically downloaded it as a way to solve the slow 
computer. So is Disk Defragmenter just as good?

Larry


----------



## goingcrazy123 (Dec 14, 2013)

Here's the Rogue Killer scan. I still have those PUP nasties:

RogueKiller V8.7.13 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Larry [Admin rights]
Mode : Scan -- Date : 12/20/2013 00:31:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{A8ED60BD-364E-4BA8-9809-F7E168FE9B86} : NameServer (91.224.178.98 8.8.8.8 [(Unknown Country?) (XX) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{A8ED60BD-364E-4BA8-9809-F7E168FE9B86} : NameServer (91.224.178.98 8.8.8.8 [(Unknown Country?) (XX) - UNITED STATES (US)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) IC25N060ATMR04-0 +++++
--- User ---
[MBR] 4a93cad9ae61038bac51c785e5eb86ab
[BSP] bb66ff2940b9e6c2bc19e7fb77fd72e1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12202013_003147.txt >>


----------



## goingcrazy123 (Dec 14, 2013)

What should I do with these PUPs? Delete?


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Here's my new MBam Log. I had Trojan.P2P.Worm and deleted it. This is the log afterwards. I'll do OTL now.

Larry

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Larry :: LARRY-PC [administrator]

12/20/2013 9:09:24 AM
mbam-log-2013-12-20 (09-09-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198593
Time elapsed: 18 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Larry\Local Settings\Temp\Temporary Internet Files\Content.IE5\EN8D8N2L\JRT[1].exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully.

(end)


----------



## eddie5659 (Mar 19, 2001)

Just typing this in my lunchbreak, but as its christmas, I'm out tonight but will look at this fully tomorrow 



> Smart Defrag is dangerous?! Ohmygawd. I specifically downloaded it as a way to solve the slow
> computer. So is Disk Defragmenter just as good?


Its made by Iobit, and we tend to remove the program as it can cause slowness and other issues. At the end, I'll post a defrag tool I use, but that will be after the cleanup stage 



> What should I do with these PUPs? Delete?


Leave them for now, I'll fully research it tomorrow.

I think the OTL logs will be a good starting point, so that will be where it will fully begin


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie. Here is the OTL.txt. I tried pasting this earlier, but it doesn't seem to have gone through. 
It says the message is too long. I'll cut this in two or three parts. See my next post for the missing part of the OTL.txt.There's some weird stuff in Chinese characters! 

Larry

OTL logfile created on: 12/20/2013 5:07:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Larry\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.42 Mb Total Physical Memory | 488.86 Mb Available Physical Memory | 49.36% Memory free
2.33 Gb Paging File | 1.69 Gb Available in Paging File | 72.35% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 18.53 Gb Free Space | 33.16% Space Free | Partition Type: NTFS
Drive E: | 29.80 Gb Total Space | 19.61 Gb Free Space | 65.79% Space Free | Partition Type: FAT32

Computer Name: LARRY-PC | User Name: Larry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/20 16:46:30 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/12/20 10:56:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\My Documents\Downloads\OTL.exe
PRC - [2013/12/12 16:27:33 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/12 16:27:33 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/11 00:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/07/13 08:00:14 | 000,397,312 | ---- | M] (TODO: <Company name>) -- C:\Program Files\Wetelecom\LoadMdm.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/02 00:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 00:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/08/02 00:27:54 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

========== Modules (No Company Name) ==========

MOD - [2013/12/19 21:55:29 | 002,153,472 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13121900\algo.dll
MOD - [2013/12/12 16:27:36 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/15 21:54:30 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/10/15 21:54:27 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/10/15 21:54:26 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/10/15 21:54:21 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2013/10/15 21:54:17 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013/10/15 21:54:14 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2013/10/15 21:54:13 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/10/15 21:54:10 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/10/15 21:53:59 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/10/15 21:53:52 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/07/16 22:55:23 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/05/21 19:31:42 | 003,888,640 | ---- | M] () -- C:\Program Files\JustCloud\MPCBIconOverlays.dll
MOD - [2010/04/18 15:58:58 | 000,904,704 | ---- | M] () -- C:\Program Files\JustCloud\x86\System.Data.SQLite.dll
MOD - [2006/08/02 00:26:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 00:24:54 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/23 13:07:08 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll


----------



## goingcrazy123 (Dec 14, 2013)

Part Two of OTL.Txt:

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/12/18 14:03:04 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/12 16:27:33 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/10/11 00:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/06/19 16:16:46 | 003,616,880 | ---- | M] (Hide My IP) [On_Demand | Stopped] -- C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/12/12 16:27:39 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/12 16:27:39 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/12 16:27:39 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/12 16:27:39 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/12 16:27:39 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/12/12 16:27:39 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/12/12 16:27:39 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/12 16:27:39 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/01/18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/10/28 10:54:52 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/11 04:46:12 | 000,107,136 | ---- | M] (WeTelecom Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wmdusbser.sys -- (wmdusbser)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2007/06/27 14:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)
DRV - [2007/03/11 21:39:46 | 000,043,936 | ---- | M] (Alfa Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AFPAnsi.sys -- (AFPAnsi)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/29 03:49:38 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2006/01/18 18:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-1592454029-839522115-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1214440339-1592454029-839522115-1003\..\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF: "URL" = http://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=34762793000000000000000e35ae6694$amp;q={searchTerms}
IE - HKU\S-1-5-21-1214440339-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com.ua/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Documents and Settings\Larry\My Documents\My Data Sources\VLC Video\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/12 16:27:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/27 13:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Extensions
[2013/12/17 21:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\d6ynzd6q.default\extensions
[2013/06/14 20:15:40 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\d6ynzd6q.default\searchplugins\yandex.xml
[2012/01/15 19:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/18 14:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/18 14:03:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/11/22 10:45:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2001/08/23 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LoadMdm] C:\Program Files\Wetelecom\LoadMdm.exe (TODO: <Company name>)
O4 - HKLM..\Run: [PDFPrint] C:\Documents and Settings\Larry\My Documents\My Data Sources\URL to PDF\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-21-1214440339-1592454029-839522115-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\HMIPCore.dll (Hide My IP)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 91.224.178.5 77.88.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E534C27-275F-40F6-A235-5644656D47A8}: DhcpNameServer = 91.224.178.5 77.88.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8ED60BD-364E-4BA8-9809-F7E168FE9B86}: NameServer = 91.224.178.98 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/27 11:51:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1afd3ac0-0145-11e1-b979-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1afd3ac0-0145-11e1-b979-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1afd3ac0-0145-11e1-b979-806d6172696f}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{1afd3ac0-0145-11e1-b979-806d6172696f}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{1afd3ac0-0145-11e1-b979-806d6172696f}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{6e09c143-c529-11e2-99b3-000fb05c624f}\Shell - "" = AutoRun
O33 - MountPoints2\{6e09c143-c529-11e2-99b3-000fb05c624f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6e09c143-c529-11e2-99b3-000fb05c624f}\Shell\AutoRun\command - "" = E:\Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


----------



## goingcrazy123 (Dec 14, 2013)

Here's Part Three:

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - lvcodec2.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HideMyIpSRV - C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe (Hide My IP)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/12/20 17:04:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Larry\Recent
[2013/12/20 00:31:45 | 000,107,136 | ---- | C] (WeTelecom Incorporated) -- C:\WINDOWS\System32\drivers\wmdusbser.sys.bak
[2013/12/20 00:31:45 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2013/12/20 00:31:44 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys.bak
[2013/12/20 00:31:44 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys.bak
[2013/12/20 00:31:44 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys.bak
[2013/12/20 00:31:44 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys.bak
[2013/12/20 00:31:44 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys.bak
[2013/12/20 00:31:43 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys.bak
[2013/12/20 00:31:42 | 002,206,720 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\w29n51.sys.bak
[2013/12/20 00:31:41 | 000,207,488 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\vinyl97.sys.bak
[2013/12/20 00:31:41 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2013/12/20 00:31:40 | 000,058,112 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2013/12/20 00:31:39 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2013/12/20 00:31:39 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2013/12/20 00:31:38 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2013/12/20 00:31:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2013/12/20 00:31:38 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2013/12/20 00:31:37 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2013/12/20 00:31:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2013/12/20 00:31:36 | 000,021,376 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2013/12/20 00:31:35 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2013/12/20 00:31:35 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2013/12/20 00:31:34 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2013/12/20 00:31:33 | 000,011,264 | ---- | C] (Superlogix) -- C:\WINDOWS\System32\drivers\supermounter.sys.bak
[2013/12/20 00:31:32 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2013/12/20 00:31:31 | 000,443,448 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys.bak
[2013/12/20 00:31:31 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2013/12/20 00:31:31 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2013/12/20 00:31:30 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys.bak
[2013/12/20 00:31:30 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys.bak
[2013/12/20 00:31:30 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys.bak
[2013/12/20 00:31:30 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys.bak
[2013/12/20 00:31:29 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys.bak
[2013/12/20 00:31:27 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys.bak
[2013/12/20 00:31:27 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2013/12/20 00:31:27 | 000,012,544 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\s24trans.sys.bak
[2013/12/20 00:31:26 | 000,080,512 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys.bak
[2013/12/20 00:31:26 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys.bak
[2013/12/20 00:31:26 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\rtl8139.sys.bak
[2013/12/20 00:31:25 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2013/12/20 00:31:25 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2013/12/20 00:31:25 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2013/12/20 00:31:25 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2013/12/20 00:31:23 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys.bak
[2013/12/20 00:31:22 | 000,034,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2013/12/20 00:31:21 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2013/12/20 00:31:20 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2013/12/20 00:31:19 | 000,003,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2013/12/20 00:31:18 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2013/12/20 00:31:18 | 000,063,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2013/12/20 00:31:18 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2013/12/20 00:31:15 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys.bak
[2013/12/20 00:31:13 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2013/12/20 00:31:13 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2013/12/20 00:31:11 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys.bak
[2013/12/20 00:31:10 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys.bak
[2013/12/20 00:31:09 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys.bak
[2013/12/20 00:31:08 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys.bak
[2013/12/20 00:31:06 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2013/12/20 00:31:04 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2013/12/20 00:31:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys.bak
[2013/12/20 00:31:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2013/12/20 00:31:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2013/12/20 00:31:03 | 000,312,096 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvrs.sys.bak
[2013/12/20 00:31:03 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2013/12/20 00:31:02 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys.bak
[2013/12/20 00:30:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2013/12/20 00:30:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2013/12/20 00:30:53 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2013/12/20 00:30:51 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2013/12/20 00:30:51 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys.bak
[2013/12/20 00:30:51 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2013/12/20 00:30:50 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2013/12/20 00:30:50 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2013/12/20 00:30:47 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2013/12/20 00:30:46 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2013/12/20 00:30:46 | 000,011,776 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2013/12/20 00:30:45 | 000,262,528 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2013/12/20 00:30:42 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys.bak
[2013/12/20 00:30:39 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys.bak
[2013/12/20 00:30:38 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2013/12/20 00:30:37 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2013/12/20 00:30:37 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2013/12/20 00:30:36 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys.bak
[2013/12/20 00:30:35 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys.bak
[2013/12/20 00:30:35 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys.bak
[2013/12/20 00:30:34 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys.bak
[2013/12/20 00:30:33 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys.bak
[2013/12/20 00:30:33 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys.bak
[2013/12/20 00:30:33 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys.bak
[2013/12/20 00:30:32 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys.bak
[2013/12/20 00:30:32 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys.bak
[2013/12/20 00:30:32 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys.bak
[2013/12/20 00:30:31 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys.bak
[2013/12/20 00:30:30 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys.bak
[2013/12/20 00:30:29 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys.bak
[2013/12/20 00:30:28 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys.bak
[2013/12/20 00:30:28 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys.bak
[2013/12/20 00:30:28 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys.bak
[2013/12/20 00:30:28 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys.bak
[2013/12/20 00:30:27 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys.bak
[2013/12/20 00:30:27 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys.bak
[2013/12/20 00:30:27 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys.bak
[2013/12/20 00:30:26 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys.bak
[2013/12/20 00:30:26 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys.bak
[2013/12/20 00:30:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2013/12/20 00:30:21 | 000,044,000 | ---- | C] (Alfa Corporation) -- C:\WINDOWS\System32\drivers\AFPUni.sys.bak
[2013/12/20 00:30:20 | 000,043,936 | ---- | C] (Alfa Corporation) -- C:\WINDOWS\System32\drivers\AFPAnsi.sys.bak
[2013/12/20 00:30:17 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys.bak
[2013/12/19 21:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\vlc
[2013/12/18 20:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Desktop\RK_Quarantine
[2013/12/18 16:14:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/18 15:12:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/12/18 00:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\SUPERAntiSpyware.com
[2013/12/18 00:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/12/18 00:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/12/18 00:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/12/18 00:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/12/16 16:34:05 | 000,044,000 | ---- | C] (Alfa Corporation) -- C:\WINDOWS\System32\drivers\AFPUni.sys
[2013/12/16 16:34:05 | 000,043,936 | ---- | C] (Alfa Corporation) -- C:\WINDOWS\System32\drivers\AFPAnsi.sys
[2013/12/16 16:34:05 | 000,011,264 | ---- | C] (Superlogix) -- C:\WINDOWS\System32\drivers\supermounter.sys
[2013/12/16 16:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\XP Tools
[2013/12/16 16:34:01 | 000,073,728 | ---- | C] (SuperLogix) -- C:\WINDOWS\System32\smh.dat
[2013/12/16 16:33:57 | 001,509,376 | ---- | C] (SuperLogix) -- C:\WINDOWS\System32\context.dll
[2013/12/16 16:32:30 | 003,500,247 | ---- | C] (xptools.net ) -- C:\Documents and Settings\Larry\Desktop\xtsetup.exe
[2013/12/16 14:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2013/12/16 14:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2013/12/14 21:22:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Larry\My Documents\HijackThis.exe
[2013/12/12 16:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\AVAST Software
[2013/12/12 16:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2013/12/12 16:27:54 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/12/12 16:27:52 | 000,403,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/12/12 16:27:51 | 000,774,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/12/12 16:27:50 | 000,070,384 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/12/12 16:27:49 | 000,035,656 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/12/12 16:27:48 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/12/12 16:27:44 | 000,269,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/12/12 16:27:38 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/12/12 16:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/12/12 16:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/12/12 13:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/12 13:23:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/12/03 16:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\My Documents\Sanyo f0
[2013/12/03 16:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\My Documents\Sanyo f2
[2013/11/23 18:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Desktop\ALCOHOLISM


----------



## goingcrazy123 (Dec 14, 2013)

========== Files - Modified Within 30 Days ==========

[2013/12/20 16:49:23 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/20 16:45:06 | 000,000,534 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d17abb23-26f0-4654-8e66-fb597997dec6.job
[2013/12/20 16:28:01 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/20 14:05:04 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/12/20 10:10:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/20 10:10:10 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/20 10:09:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/20 02:00:05 | 000,000,534 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 42f42dbe-6fcc-487f-9923-ea810bbad3e7.job
[2013/12/20 00:31:45 | 000,107,136 | ---- | M] (WeTelecom Incorporated) -- C:\WINDOWS\System32\drivers\wmdusbser.sys.bak
[2013/12/20 00:31:45 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys.bak
[2013/12/20 00:31:45 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2013/12/20 00:31:44 | 000,022,271 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys.bak
[2013/12/20 00:31:44 | 000,011,935 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys.bak
[2013/12/20 00:31:44 | 000,011,871 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys.bak
[2013/12/20 00:31:44 | 000,011,807 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys.bak
[2013/12/20 00:31:44 | 000,011,295 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys.bak
[2013/12/20 00:31:43 | 002,206,720 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\w29n51.sys.bak
[2013/12/20 00:31:41 | 000,207,488 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\vinyl97.sys.bak
[2013/12/20 00:31:41 | 000,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2013/12/20 00:31:40 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2013/12/20 00:31:39 | 000,144,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2013/12/20 00:31:39 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2013/12/20 00:31:39 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2013/12/20 00:31:38 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2013/12/20 00:31:38 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2013/12/20 00:31:37 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2013/12/20 00:31:36 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2013/12/20 00:31:36 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2013/12/20 00:31:35 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2013/12/20 00:31:35 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2013/12/20 00:31:34 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2013/12/20 00:31:33 | 000,011,264 | ---- | M] (Superlogix) -- C:\WINDOWS\System32\drivers\supermounter.sys.bak
[2013/12/20 00:31:32 | 000,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2013/12/20 00:31:31 | 000,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2013/12/20 00:31:31 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2013/12/20 00:31:30 | 000,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys.bak
[2013/12/20 00:31:30 | 000,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys.bak
[2013/12/20 00:31:30 | 000,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys.bak
[2013/12/20 00:31:30 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys.bak
[2013/12/20 00:31:29 | 000,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys.bak
[2013/12/20 00:31:27 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys.bak
[2013/12/20 00:31:27 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2013/12/20 00:31:27 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys.bak
[2013/12/20 00:31:27 | 000,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\s24trans.sys.bak
[2013/12/20 00:31:26 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys.bak
[2013/12/20 00:31:26 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2013/12/20 00:31:26 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\rtl8139.sys.bak
[2013/12/20 00:31:25 | 000,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2013/12/20 00:31:25 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2013/12/20 00:31:25 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2013/12/20 00:31:24 | 000,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys.bak

@@@@@@@@@@
[2013/12/20 00:31:22 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2013/12/20 00:31:21 | 000,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2013/12/20 00:31:20 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2013/12/20 00:31:19 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2013/12/20 00:31:18 | 000,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2013/12/20 00:31:18 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2013/12/20 00:31:18 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2013/12/20 00:31:15 | 000,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys.bak
[2013/12/20 00:31:13 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2013/12/20 00:31:13 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2013/12/20 00:31:11 | 000,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys.bak
[2013/12/20 00:31:10 | 000,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys.bak
[2013/12/20 00:31:09 | 001,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys.bak
[2013/12/20 00:31:08 | 000,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys.bak
[2013/12/20 00:31:06 | 000,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2013/12/20 00:31:05 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2013/12/20 00:31:04 | 000,312,096 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvrs.sys.bak
[2013/12/20 00:31:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys.bak
[2013/12/20 00:31:04 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2013/12/20 00:31:04 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2013/12/20 00:31:03 | 000,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2013/12/20 00:31:02 | 000,046,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys.bak
[2013/12/20 00:30:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2013/12/20 00:30:54 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2013/12/20 00:30:53 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2013/12/20 00:30:51 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2013/12/20 00:30:51 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2013/12/20 00:30:51 | 000,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys.bak
[2013/12/20 00:30:51 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2013/12/20 00:30:50 | 000,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2013/12/20 00:30:47 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2013/12/20 00:30:46 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2013/12/20 00:30:46 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2013/12/20 00:30:46 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2013/12/20 00:30:42 | 000,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys.bak
[2013/12/20 00:30:40 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys.bak
[2013/12/20 00:30:38 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2013/12/20 00:30:37 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2013/12/20 00:30:37 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2013/12/20 00:30:36 | 000,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys.bak
[2013/12/20 00:30:35 | 000,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys.bak
[2013/12/20 00:30:35 | 000,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys.bak
[2013/12/20 00:30:34 | 000,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys.bak
[2013/12/20 00:30:34 | 000,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys.bak
[2013/12/20 00:30:33 | 000,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys.bak
[2013/12/20 00:30:33 | 000,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys.bak
[2013/12/20 00:30:32 | 000,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys.bak
[2013/12/20 00:30:32 | 000,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys.bak
[2013/12/20 00:30:32 | 000,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys.bak
[2013/12/20 00:30:31 | 000,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys.bak
[2013/12/20 00:30:30 | 000,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys.bak
[2013/12/20 00:30:29 | 000,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys.bak
[2013/12/20 00:30:29 | 000,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys.bak
[2013/12/20 00:30:28 | 000,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys.bak
[2013/12/20 00:30:28 | 000,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys.bak
[2013/12/20 00:30:28 | 000,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys.bak
[2013/12/20 00:30:27 | 000,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys.bak
[2013/12/20 00:30:27 | 000,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys.bak
[2013/12/20 00:30:27 | 000,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys.bak
[2013/12/20 00:30:27 | 000,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys.bak
[2013/12/20 00:30:26 | 000,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys.bak
[2013/12/20 00:30:23 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2013/12/20 00:30:21 | 000,044,000 | ---- | M] (Alfa Corporation) -- C:\WINDOWS\System32\drivers\AFPUni.sys.bak
[2013/12/20 00:30:21 | 000,043,936 | ---- | M] (Alfa Corporation) -- C:\WINDOWS\System32\drivers\AFPAnsi.sys.bak
[2013/12/20 00:30:18 | 000,053,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys.bak
[2013/12/19 21:51:48 | 000,146,944 | ---- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/19 20:16:37 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/12/19 17:54:23 | 000,145,370 | ---- | M] () -- C:\Documents and Settings\Larry\My Documents\Larry Bank Acct No.JPG
[2013/12/19 17:21:15 | 000,112,247 | ---- | M] () -- C:\Documents and Settings\Larry\My Documents\Larry Wire, p.B.JPG
[2013/12/19 17:20:17 | 000,118,927 | ---- | M] () -- C:\Documents and Settings\Larry\My Documents\Larry Wire, p.A.JPG
[2013/12/18 17:50:58 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/12/18 00:42:20 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2013/12/17 16:04:32 | 000,147,464 | ---- | M] () -- C:\Documents and Settings\Larry\My Documents\Larry, p.1.JPG
[2013/12/16 16:55:00 | 000,000,081 | ---- | M] () -- C:\WINDOWS\xptools.ini
[2013/12/16 16:38:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bn.dll
[2013/12/16 16:34:05 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\XP Tools.lnk
[2013/12/16 16:32:40 | 003,500,247 | ---- | M] (xptools.net ) -- C:\Documents and Settings\Larry\Desktop\xtsetup.exe
[2013/12/16 14:21:39 | 000,001,158 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\Auslogics Duplicate File Finder.lnk
[2013/12/16 14:03:56 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\Options.ini
[2013/12/14 21:04:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Larry\My Documents\HijackThis.exe
[2013/12/13 17:52:24 | 000,004,112 | ---- | M] () -- C:\WINDOWS\System32\HideMyIpSRV.ini
[2013/12/13 17:52:24 | 000,002,240 | ---- | M] () -- C:\WINDOWS\System32\HideMyIpSRVOff.ini
[2013/12/12 16:28:57 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/12/12 16:27:39 | 000,774,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/12/12 16:27:39 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/12/12 16:27:39 | 000,178,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/12/12 16:27:39 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/12/12 16:27:39 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/12/12 16:27:39 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/12/12 16:27:39 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/12/12 16:27:39 | 000,035,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/12/12 16:27:38 | 000,269,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/12/12 16:27:38 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/12/12 13:24:24 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/11 16:39:34 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/12/06 02:01:59 | 000,009,785 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\UKRAINE BOOKS.jpg
[2013/12/05 16:36:52 | 000,002,496 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\Mindmaster.lnk
[2013/12/03 09:38:16 | 000,497,550 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/03 09:38:16 | 000,085,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/11/24 02:11:42 | 000,007,073 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\stop drinking.jpg

========== Files Created - No Company Name ==========

[2013/12/19 20:16:30 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/12/19 17:44:58 | 000,145,370 | ---- | C] () -- C:\Documents and Settings\Larry\My Documents\Larry Bank Acct No.JPG
[2013/12/19 17:15:39 | 000,118,927 | ---- | C] () -- C:\Documents and Settings\Larry\My Documents\Larry Wire, p.A.JPG
[2013/12/19 17:15:39 | 000,112,247 | ---- | C] () -- C:\Documents and Settings\Larry\My Documents\Larry Wire, p.B.JPG
[2013/12/18 17:50:53 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Larry\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/12/18 00:45:45 | 000,000,534 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d17abb23-26f0-4654-8e66-fb597997dec6.job
[2013/12/18 00:45:44 | 000,000,534 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 42f42dbe-6fcc-487f-9923-ea810bbad3e7.job
[2013/12/18 00:45:03 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/18 00:45:01 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/18 00:42:20 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2013/12/17 16:00:54 | 000,147,464 | ---- | C] () -- C:\Documents and Settings\Larry\My Documents\Larry, p.1.JPG
[2013/12/16 16:37:03 | 000,000,081 | ---- | C] () -- C:\WINDOWS\xptools.ini
[2013/12/16 16:35:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2013/12/16 16:34:05 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\XP Tools.lnk
[2013/12/16 16:34:02 | 000,620,032 | ---- | C] () -- C:\WINDOWS\System32\xtsupermenuHook.dll
[2013/12/16 16:34:01 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\SuperRes.dll
[2013/12/16 16:34:00 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Shreder.dll
[2013/12/16 14:21:39 | 000,001,158 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\Auslogics Duplicate File Finder.lnk
[2013/12/12 16:28:57 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/12/12 16:28:20 | 000,000,386 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/12 16:27:53 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/12/12 16:27:52 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/12/12 13:24:24 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/11 16:38:57 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/12/06 02:01:56 | 000,009,785 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\UKRAINE BOOKS.jpg
[2013/11/27 17:02:13 | 005,911,285 | ---- | C] () -- C:\Documents and Settings\Larry\My Documents\03 Forgiveness.mp3
[2013/11/24 02:11:38 | 000,007,073 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\stop drinking.jpg
[2013/10/13 17:22:28 | 000,004,112 | ---- | C] () -- C:\WINDOWS\System32\HideMyIpSRV.ini
[2013/10/13 17:22:28 | 000,002,240 | ---- | C] () -- C:\WINDOWS\System32\HideMyIpSRVOff.ini
[2012/02/16 03:28:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/14 21:15:21 | 000,146,944 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/11/19 19:40:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2013/10/12 16:54:28 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/16 14:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2013/12/12 16:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/05/15 21:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boxoft
[2013/05/15 21:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boxtools
[2011/10/28 12:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/12/18 17:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/10/07 12:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MaskMyIP
[2013/02/13 15:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MindMaster
[2013/12/12 16:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\AVAST Software
[2011/10/28 12:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\DAEMON Tools Lite
[2011/10/28 13:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\GHISLER
[2013/05/20 10:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\IObit
[2013/03/28 15:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Kotato
[2012/06/06 19:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Leadertech
[2013/10/07 12:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\MaskMyIP
[2011/11/21 12:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\onOne Software
[2012/06/13 01:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Oracle
[2013/11/12 19:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Publish or Perish
[2011/10/27 15:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\SystemRequirementsLab
[2013/12/17 22:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< Code: >
[2011/10/27 11:48:58 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2011/10/27 11:51:05 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013/12/12 16:28:20 | 000,000,386 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2013/12/18 00:45:01 | 000,000,904 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013/12/18 00:45:03 | 000,000,908 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013/12/18 00:45:44 | 000,000,534 | ---- | C] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 42f42dbe-6fcc-487f-9923-ea810bbad3e7.job
[2013/12/18 00:45:45 | 000,000,534 | ---- | C] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d17abb23-26f0-4654-8e66-fb597997dec6.job

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: IC25N060ATMR04-0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable media other than\tfloppy
Interface type: USB
Media Type: Removable media other than\tfloppy
Model: SanDisk Cruzer USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 56.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 30.00GB
Starting Offset: 16384
Hidden sectors: 0

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/11/27 11:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Adobe
[2013/12/12 16:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\AVAST Software
[2011/10/28 12:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\DAEMON Tools Lite
[2012/07/02 22:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\dvdcss
[2011/10/28 13:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\GHISLER
[2013/06/08 13:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Help
[2011/10/27 12:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Identities
[2011/10/27 16:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Intel
[2013/05/20 10:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\IObit
[2013/03/28 15:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Kotato
[2012/06/06 19:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Leadertech
[2011/10/27 15:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Macromedia
[2013/05/25 00:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Malwarebytes
[2013/10/07 12:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\MaskMyIP
[2013/10/11 00:44:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Larry\Application Data\Microsoft
[2011/10/27 13:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Mozilla
[2011/11/21 12:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\onOne Software
[2012/06/13 01:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Oracle
[2013/11/12 19:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Publish or Perish
[2013/12/20 16:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Skype
[2011/10/27 15:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Sun
[2013/12/18 00:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\SUPERAntiSpyware.com
[2011/10/27 15:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\SystemRequirementsLab
[2013/12/17 22:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\uTorrent
[2013/12/19 23:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\vlc
[2011/10/27 15:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\WinRAR

< %SYSTEMDRIVE%\*.* >
[2011/10/27 11:51:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013/12/18 17:50:58 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/10/27 11:51:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/10/27 11:51:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/10/27 11:51:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/10/27 14:11:21 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/10/27 14:41:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/12/20 10:09:31 | 1560,281,088 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA

< %windir%\Installer\*.* >
[2013/02/13 15:05:29 | 000,577,024 | ---- | M] () -- C:\WINDOWS\Installer\10a2f71.msi
[2012/07/28 03:47:34 | 013,123,584 | R--- | M] () -- C:\WINDOWS\Installer\10bbab.msp
[2011/11/11 17:16:20 | 008,458,240 | R--- | M] () -- C:\WINDOWS\Installer\10e2cc0.msp
[2011/11/11 17:15:00 | 001,795,584 | R--- | M] () -- C:\WINDOWS\Installer\10e2cd6.msp
[2011/11/01 14:34:30 | 002,531,840 | R--- | M] () -- C:\WINDOWS\Installer\10e2cec.msp
[2011/11/01 14:34:58 | 004,225,536 | R--- | M] () -- C:\WINDOWS\Installer\10e2d07.msp
[2011/11/11 17:14:40 | 009,096,192 | R--- | M] () -- C:\WINDOWS\Installer\10e2d1d.msp
[2011/11/01 14:34:28 | 002,247,168 | R--- | M] () -- C:\WINDOWS\Installer\10e2d33.msp
[2011/11/01 14:34:56 | 004,250,112 | R--- | M] () -- C:\WINDOWS\Installer\10e2d4b.msp
[2012/04/28 20:44:02 | 009,586,176 | R--- | M] () -- C:\WINDOWS\Installer\10f67e1.msp
[2011/11/01 12:34:26 | 001,169,920 | R--- | M] () -- C:\WINDOWS\Installer\10fd705.msp
[2012/02/02 22:56:22 | 000,963,584 | R--- | M] () -- C:\WINDOWS\Installer\10fd70c.msp
[2012/03/23 13:59:02 | 007,899,648 | R--- | M] () -- C:\WINDOWS\Installer\10fd722.msp
[2012/03/26 23:28:54 | 005,009,920 | R--- | M] () -- C:\WINDOWS\Installer\10fd738.msp
[2012/07/18 14:54:24 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\1222acb.msp
[2012/07/25 15:57:08 | 002,532,864 | R--- | M] () -- C:\WINDOWS\Installer\1222ae1.msp
[2012/07/18 14:55:46 | 009,585,664 | R--- | M] () -- C:\WINDOWS\Installer\1222af8.msp
[2012/07/25 15:57:06 | 003,157,504 | R--- | M] () -- C:\WINDOWS\Installer\1222b0f.msp
[2012/09/25 11:35:46 | 005,009,920 | R--- | M] () -- C:\WINDOWS\Installer\1222b25.msp
[2011/10/27 15:24:01 | 002,295,808 | ---- | M] () -- C:\WINDOWS\Installer\127ce9.msi
[2011/09/05 23:51:04 | 013,135,872 | R--- | M] () -- C:\WINDOWS\Installer\127cea.msp
[2011/07/11 21:43:20 | 011,641,344 | R--- | M] () -- C:\WINDOWS\Installer\132f758.msp
[2012/11/25 20:08:12 | 001,160,192 | ---- | M] () -- C:\WINDOWS\Installer\13a4119.msi
[2012/11/25 20:13:44 | 000,492,544 | ---- | M] () -- C:\WINDOWS\Installer\13a411e.msi
[2011/11/21 21:20:59 | 000,223,744 | ---- | M] () -- C:\WINDOWS\Installer\14cb1a2.msi
[2013/11/01 18:17:42 | 005,009,920 | R--- | M] () -- C:\WINDOWS\Installer\157fa0f.msp
[2013/10/22 06:08:44 | 001,107,456 | R--- | M] () -- C:\WINDOWS\Installer\157fa1b.msp
[2013/09/06 05:46:04 | 013,146,112 | R--- | M] () -- C:\WINDOWS\Installer\157fa31.msp
[2011/10/27 15:05:48 | 000,160,768 | ---- | M] () -- C:\WINDOWS\Installer\165e0.msi
[2012/04/04 21:37:36 | 003,149,824 | R--- | M] () -- C:\WINDOWS\Installer\17efe0c.msp
[2012/04/04 21:37:40 | 002,540,544 | R--- | M] () -- C:\WINDOWS\Installer\17efe22.msp
[2012/06/19 11:54:42 | 005,009,920 | R--- | M] () -- C:\WINDOWS\Installer\17efe38.msp
[2012/06/19 11:54:40 | 002,239,488 | R--- | M] () -- C:\WINDOWS\Installer\17efe4e.msp
[2012/05/30 06:18:24 | 001,739,264 | R--- | M] () -- C:\WINDOWS\Installer\17efe57.msp
[2012/05/30 06:18:08 | 011,885,056 | R--- | M] () -- C:\WINDOWS\Installer\17efe86.msp
[2011/10/28 11:01:36 | 003,536,896 | ---- | M] () -- C:\WINDOWS\Installer\1a12a4.msi
[2011/12/15 20:40:40 | 023,374,336 | R--- | M] () -- C:\WINDOWS\Installer\1c2b9e.msp
[2013/07/22 11:41:26 | 000,371,200 | R--- | M] () -- C:\WINDOWS\Installer\1e0d8a3.msp
[2013/09/18 15:23:50 | 004,347,904 | R--- | M] () -- C:\WINDOWS\Installer\1e0d8b9.msp
[2013/07/08 06:06:14 | 001,235,456 | R--- | M] () -- C:\WINDOWS\Installer\1e0d8c1.msp
[2013/09/18 15:22:18 | 010,510,848 | R--- | M] () -- C:\WINDOWS\Installer\1e0d8d7.msp
[2013/09/04 16:56:48 | 005,980,160 | R--- | M] () -- C:\WINDOWS\Installer\1e0d8ed.msp
[2013/09/18 15:23:10 | 009,745,408 | R--- | M] () -- C:\WINDOWS\Installer\1e0d903.msp
[2011/10/27 15:35:02 | 000,031,232 | ---- | M] () -- C:\WINDOWS\Installer\1f5b0d.msi
[2011/10/27 15:37:08 | 002,719,232 | ---- | M] () -- C:\WINDOWS\Installer\1f5b15.msi
[2009/04/05 00:08:40 | 343,058,432 | R--- | M] () -- C:\WINDOWS\Installer\20298e8.msp
[2009/04/05 00:10:08 | 009,926,144 | R--- | M] () -- C:\WINDOWS\Installer\20298f2.msp
[2009/04/05 00:10:16 | 007,888,384 | R--- | M] () -- C:\WINDOWS\Installer\20298fb.msp
[2009/04/05 00:10:24 | 001,282,560 | R--- | M] () -- C:\WINDOWS\Installer\2029902.msp
[2011/12/26 09:59:58 | 004,368,896 | R--- | M] () -- C:\WINDOWS\Installer\20e1a67.msp
[2011/12/25 05:40:46 | 000,819,200 | R--- | M] () -- C:\WINDOWS\Installer\20e1a6e.msp
[2011/11/19 19:43:45 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\219daef.msi
[2011/07/21 12:34:34 | 003,456,000 | R--- | M] () -- C:\WINDOWS\Installer\21cfc77.msp
[2011/11/01 12:34:26 | 001,169,920 | ---- | M] () -- C:\WINDOWS\Installer\2275069.msp
[2013/07/21 23:46:20 | 011,019,264 | R--- | M] () -- C:\WINDOWS\Installer\241e09d.msp
[2013/09/04 16:56:14 | 011,640,832 | R--- | M] () -- C:\WINDOWS\Installer\241e0b2.msp
[2013/07/03 23:36:42 | 000,791,552 | R--- | M] () -- C:\WINDOWS\Installer\241e0b9.msp
[2013/09/18 15:23:22 | 011,210,240 | R--- | M] () -- C:\WINDOWS\Installer\241e0d0.msp
[2012/01/04 01:25:14 | 017,751,552 | R--- | M] () -- C:\WINDOWS\Installer\25222fb.msp
[2013/04/19 14:30:22 | 010,971,136 | R--- | M] () -- C:\WINDOWS\Installer\25adce7.msp
[2013/05/08 20:37:02 | 009,661,440 | R--- | M] () -- C:\WINDOWS\Installer\25adcfc.msp
[2013/06/21 09:29:40 | 005,005,824 | R--- | M] () -- C:\WINDOWS\Installer\25add12.msp
[2013/04/22 22:26:34 | 011,759,616 | R--- | M] () -- C:\WINDOWS\Installer\25add1c.msp
[2013/05/13 02:05:28 | 000,658,432 | R--- | M] () -- C:\WINDOWS\Installer\25add23.msp
[2013/04/26 07:37:42 | 010,860,544 | R--- | M] () -- C:\WINDOWS\Installer\25add2f.msp
[2012/12/18 21:27:10 | 018,984,960 | R--- | M] () -- C:\WINDOWS\Installer\27c65d3.msp
[2011/09/15 17:37:28 | 016,691,712 | R--- | M] () -- C:\WINDOWS\Installer\283fd7b.msp
[2011/09/15 17:34:54 | 428,804,608 | R--- | M] () -- C:\WINDOWS\Installer\283ff96.msp
[2011/09/15 17:38:04 | 010,838,528 | R--- | M] () -- C:\WINDOWS\Installer\283ffa0.msp
[2011/09/15 17:39:22 | 011,163,136 | R--- | M] () -- C:\WINDOWS\Installer\283ffab.msp
[2011/09/15 17:40:36 | 007,959,552 | R--- | M] () -- C:\WINDOWS\Installer\283ffb4.msp
[2012/07/18 14:53:56 | 005,009,920 | R--- | M] () -- C:\WINDOWS\Installer\287da5b.msp
[2012/07/18 14:53:36 | 010,937,344 | ---- | M] () -- C:\WINDOWS\Installer\287da5d.msp
[2011/10/28 11:29:56 | 000,061,952 | ---- | M] () -- C:\WINDOWS\Installer\287da5e.mst
[2012/07/18 14:53:36 | 010,937,344 | R--- | M] () -- C:\WINDOWS\Installer\2989acf.msp
[2012/07/18 14:46:48 | 000,593,408 | R--- | M] () -- C:\WINDOWS\Installer\2989ae5.msp
[2012/07/25 15:59:06 | 011,032,064 | R--- | M] () -- C:\WINDOWS\Installer\2989afb.msp
[2012/06/26 17:03:12 | 003,875,840 | R--- | M] () -- C:\WINDOWS\Installer\2989b11.msp
[2012/04/28 20:43:58 | 008,459,264 | R--- | M] () -- C:\WINDOWS\Installer\2cb3651.msp
[2012/03/15 01:24:28 | 001,795,584 | R--- | M] () -- C:\WINDOWS\Installer\2cb3667.msp
[2012/04/06 02:13:32 | 016,527,872 | R--- | M] () -- C:\WINDOWS\Installer\2cb3673.msp
[2012/04/04 21:38:16 | 003,620,864 | ---- | M] () -- C:\WINDOWS\Installer\2cb3675.msp
[2011/10/28 11:29:56 | 000,061,952 | ---- | M] () -- C:\WINDOWS\Installer\2cb3676.mst
[2011/04/28 17:51:24 | 001,375,744 | R--- | M] () -- C:\WINDOWS\Installer\2d5a5c4.msp
[2012/04/28 21:44:02 | 009,586,176 | ---- | M] () -- C:\WINDOWS\Installer\2ddce6e.msp
[2012/02/03 21:13:48 | 004,988,928 | R--- | M] () -- C:\WINDOWS\Installer\2e3e78b.msp
[2011/10/31 04:54:38 | 002,748,416 | R--- | M] () -- C:\WINDOWS\Installer\2e3e792.msp
[2013/11/18 06:05:00 | 005,006,336 | R--- | M] () -- C:\WINDOWS\Installer\2ef82bc.msp
[2012/08/30 02:06:58 | 005,007,872 | R--- | M] () -- C:\WINDOWS\Installer\2fe7601.msp
[2011/12/26 12:06:20 | 005,115,392 | R--- | M] () -- C:\WINDOWS\Installer\2fe7cb9.msp
[2011/10/28 12:06:03 | 000,429,568 | ---- | M] () -- C:\WINDOWS\Installer\300905.msi
[2011/10/28 12:06:10 | 000,432,640 | ---- | M] () -- C:\WINDOWS\Installer\30090d.msi
[2012/09/06 09:22:10 | 013,475,840 | R--- | M] () -- C:\WINDOWS\Installer\3038591.msp
[2013/03/20 08:59:38 | 005,004,288 | R--- | M] () -- C:\WINDOWS\Installer\305f0dc.msp
[2011/12/08 19:24:04 | 004,989,952 | R--- | M] () -- C:\WINDOWS\Installer\30be1eb.msp
[2013/07/26 12:21:06 | 002,847,744 | R--- | M] () -- C:\WINDOWS\Installer\314f432.msp
[2013/06/21 09:29:54 | 013,143,552 | R--- | M] () -- C:\WINDOWS\Installer\314f44c.msp
[2013/07/23 12:24:12 | 012,871,168 | R--- | M] () -- C:\WINDOWS\Installer\314f45d.msp
[2013/06/21 09:24:42 | 010,079,232 | R--- | M] () -- C:\WINDOWS\Installer\314f472.msp
[2013/07/17 12:33:28 | 005,008,384 | R--- | M] () -- C:\WINDOWS\Installer\314f488.msp
[2013/02/16 02:26:54 | 001,374,720 | R--- | M] () -- C:\WINDOWS\Installer\329e7a7.msp
[2012/10/16 03:12:32 | 000,943,616 | R--- | M] () -- C:\WINDOWS\Installer\3339821.msp
[2012/10/10 04:27:32 | 011,291,136 | R--- | M] () -- C:\WINDOWS\Installer\3339831.msp
[2012/11/17 09:36:10 | 003,865,600 | R--- | M] () -- C:\WINDOWS\Installer\333984b.msp
[2012/12/19 22:37:38 | 005,007,872 | R--- | M] () -- C:\WINDOWS\Installer\3339861.msp
[2012/09/27 05:19:16 | 014,703,616 | R--- | M] () -- C:\WINDOWS\Installer\3339870.msp
[2012/09/07 10:14:18 | 001,704,448 | R--- | M] () -- C:\WINDOWS\Installer\333987c.msp
[2012/10/03 22:52:08 | 010,118,144 | R--- | M] () -- C:\WINDOWS\Installer\3339891.msp
[2013/02/13 21:04:42 | 005,007,360 | R--- | M] () -- C:\WINDOWS\Installer\335af46.msp
[2012/03/15 13:43:28 | 004,216,320 | R--- | M] () -- C:\WINDOWS\Installer\336e09.msp
[2013/03/08 17:34:38 | 005,196,288 | R--- | M] () -- C:\WINDOWS\Installer\34362cb.msp
[2013/02/06 23:30:34 | 001,035,776 | R--- | M] () -- C:\WINDOWS\Installer\34362d2.msp
[2013/02/18 16:56:54 | 000,760,832 | R--- | M] () -- C:\WINDOWS\Installer\34362d8.msp
[2013/04/16 20:03:18 | 005,004,800 | R--- | M] () -- C:\WINDOWS\Installer\34362ee.msp
[2012/05/30 06:17:06 | 005,010,432 | R--- | M] () -- C:\WINDOWS\Installer\34374c9.msp
[2012/04/22 22:37:42 | 001,182,720 | R--- | M] () -- C:\WINDOWS\Installer\34bb96d.msp
[2012/09/25 12:35:46 | 004,285,952 | R--- | M] () -- C:\WINDOWS\Installer\34fa351.msp
[2012/09/25 12:35:30 | 007,695,360 | R--- | M] () -- C:\WINDOWS\Installer\34fa367.msp
[2012/09/25 12:36:20 | 008,465,408 | R--- | M] () -- C:\WINDOWS\Installer\34fa37d.msp
[2012/10/24 15:24:30 | 005,007,872 | R--- | M] () -- C:\WINDOWS\Installer\34fa393.msp
[2009/02/25 20:08:18 | 008,311,808 | R--- | M] () -- C:\WINDOWS\Installer\3504126.msp
[2011/09/21 17:18:24 | 004,985,856 | R--- | M] () -- C:\WINDOWS\Installer\350413c.msp
[2008/08/11 12:49:32 | 022,457,344 | R--- | M] () -- C:\WINDOWS\Installer\3504152.msp
[2011/06/28 22:27:28 | 004,028,928 | R--- | M] () -- C:\WINDOWS\Installer\350416a.msp
[2010/07/23 02:04:08 | 011,395,072 | R--- | M] () -- C:\WINDOWS\Installer\35099b3.msp
[2010/11/21 00:33:46 | 001,980,928 | R--- | M] () -- C:\WINDOWS\Installer\35099c9.msp
[2011/07/27 08:39:50 | 009,892,352 | R--- | M] () -- C:\WINDOWS\Installer\35099df.msp
[2011/07/27 08:37:28 | 011,592,192 | R--- | M] () -- C:\WINDOWS\Installer\3509a03.msp
[2010/07/23 02:03:24 | 000,338,432 | R--- | M] () -- C:\WINDOWS\Installer\3509a19.msp
[2009/08/18 14:08:34 | 001,373,696 | R--- | M] () -- C:\WINDOWS\Installer\3509a2f.msp
[2009/05/26 19:53:56 | 000,579,072 | R--- | M] () -- C:\WINDOWS\Installer\3509a44.msp
[2009/10/16 08:08:48 | 002,237,952 | R--- | M] () -- C:\WINDOWS\Installer\3509a5a.msp
[2011/09/06 22:48:02 | 008,181,248 | R--- | M] () -- C:\WINDOWS\Installer\3509a70.msp
[2010/05/20 20:57:12 | 005,907,456 | R--- | M] () -- C:\WINDOWS\Installer\3509a8f.msp
[2010/05/20 20:57:18 | 004,989,952 | R--- | M] () -- C:\WINDOWS\Installer\3509a90.msp
[2009/07/27 05:31:24 | 003,738,624 | R--- | M] () -- C:\WINDOWS\Installer\3509aa7.msp
[2010/03/24 19:54:54 | 002,516,992 | R--- | M] () -- C:\WINDOWS\Installer\3509ac2.msp
[2010/03/24 19:54:48 | 003,126,272 | R--- | M] () -- C:\WINDOWS\Installer\3509ac3.msp
[2009/08/05 08:49:32 | 003,457,024 | R--- | M] () -- C:\WINDOWS\Installer\3509adc.msp
[2010/08/13 19:00:36 | 009,404,928 | R--- | M] () -- C:\WINDOWS\Installer\3509af4.msp
[2011/04/29 13:27:04 | 004,158,464 | R--- | M] () -- C:\WINDOWS\Installer\3509b0c.msp
[2010/08/04 16:13:04 | 000,686,080 | R--- | M] () -- C:\WINDOWS\Installer\3509b22.msp
[2011/08/10 18:42:04 | 007,070,208 | R--- | M] () -- C:\WINDOWS\Installer\3509b38.msp
[2010/08/13 19:02:20 | 002,545,664 | R--- | M] () -- C:\WINDOWS\Installer\3509b4e.msp
[2010/02/21 02:03:34 | 004,472,832 | R--- | M] () -- C:\WINDOWS\Installer\3509b6a.msp
[2011/06/21 12:59:26 | 001,764,352 | R--- | M] () -- C:\WINDOWS\Installer\3509b84.msp
[2011/09/06 22:46:22 | 009,006,080 | R--- | M] () -- C:\WINDOWS\Installer\3509b9a.msp
[2010/10/21 19:10:00 | 003,995,136 | R--- | M] () -- C:\WINDOWS\Installer\3509bb4.msp
[2011/04/29 13:28:40 | 001,995,264 | R--- | M] () -- C:\WINDOWS\Installer\3509bca.msp
[2011/08/10 18:43:30 | 003,795,968 | R--- | M] () -- C:\WINDOWS\Installer\3509be0.msp
[2011/03/17 21:03:50 | 000,308,736 | R--- | M] () -- C:\WINDOWS\Installer\3509bf5.msp
[2008/09/24 13:05:44 | 016,381,440 | R--- | M] () -- C:\WINDOWS\Installer\355465f.msp
[2012/06/08 02:53:08 | 000,470,528 | ---- | M] () -- C:\WINDOWS\Installer\357761f.msi
[2012/02/29 23:45:14 | 004,989,440 | R--- | M] () -- C:\WINDOWS\Installer\35ff9c0.msp
[2012/03/20 22:57:14 | 006,188,544 | R--- | M] () -- C:\WINDOWS\Installer\36710c2.msp
[2012/04/21 20:55:38 | 000,980,480 | R--- | M] () -- C:\WINDOWS\Installer\36710c9.msp
[2012/05/30 06:17:06 | 005,010,432 | ---- | M] () -- C:\WINDOWS\Installer\36710cb.msp
[2011/10/28 11:29:56 | 000,061,952 | ---- | M] () -- C:\WINDOWS\Installer\36710cc.mst
[2012/04/04 22:38:16 | 003,620,864 | R--- | M] () -- C:\WINDOWS\Installer\367211.msp
[2012/04/30 14:38:28 | 005,011,456 | R--- | M] () -- C:\WINDOWS\Installer\367227.msp
[2012/04/28 21:44:02 | 009,586,176 | ---- | M] () -- C:\WINDOWS\Installer\367229.msp
[2011/10/28 11:29:56 | 000,061,952 | ---- | M] () -- C:\WINDOWS\Installer\36722a.mst
[2012/10/20 23:32:14 | 009,590,272 | R--- | M] () -- C:\WINDOWS\Installer\36765c7.msp
[2012/10/20 23:32:14 | 002,830,848 | R--- | M] () -- C:\WINDOWS\Installer\36765dd.msp
[2012/11/17 09:36:02 | 005,007,872 | R--- | M] () -- C:\WINDOWS\Installer\36765f3.msp
[2013/09/18 15:20:14 | 005,009,920 | R--- | M] () -- C:\WINDOWS\Installer\37ec21f.msp
[2013/09/12 12:33:18 | 006,130,688 | R--- | M] () -- C:\WINDOWS\Installer\37ec228.msp
[2013/07/17 12:33:26 | 016,541,184 | R--- | M] () -- C:\WINDOWS\Installer\3810f2c.msp
[2013/05/08 20:36:50 | 010,943,488 | R--- | M] () -- C:\WINDOWS\Installer\3810f54.msp
[2013/08/28 10:37:22 | 013,143,552 | R--- | M] () -- C:\WINDOWS\Installer\3810f69.msp
[2013/08/03 12:12:46 | 011,208,192 | R--- | M] () -- C:\WINDOWS\Installer\3810f80.msp
[2013/07/11 04:30:06 | 008,865,792 | R--- | M] () -- C:\WINDOWS\Installer\3810f96.msp
[2013/05/08 20:36:58 | 010,508,800 | R--- | M] () -- C:\WINDOWS\Installer\3810fac.msp
[2013/08/27 04:58:04 | 005,007,360 | R--- | M] () -- C:\WINDOWS\Installer\3810fc2.msp
[2013/08/03 12:12:54 | 004,347,904 | R--- | M] () -- C:\WINDOWS\Installer\3810fd8.msp
[2013/05/08 20:37:18 | 009,744,896 | R--- | M] () -- C:\WINDOWS\Installer\3810fee.msp
[2013/05/22 13:07:58 | 005,008,384 | R--- | M] () -- C:\WINDOWS\Installer\3a4773.msp
[2012/12/10 00:29:28 | 006,211,072 | R--- | M] () -- C:\WINDOWS\Installer\3bb0149.msp
[2013/01/16 12:29:08 | 005,006,848 | R--- | M] () -- C:\WINDOWS\Installer\3bb015f.msp
[2012/12/06 16:29:48 | 003,721,728 | R--- | M] () -- C:\WINDOWS\Installer\3bb0166.msp
[2013/01/23 18:05:40 | 009,765,376 | R--- | M] () -- C:\WINDOWS\Installer\3bb016c.msp
[2012/12/14 10:00:26 | 013,178,368 | R--- | M] () -- C:\WINDOWS\Installer\3bb0187.msp
[2012/12/19 22:36:38 | 013,662,720 | R--- | M] () -- C:\WINDOWS\Installer\3bb019d.msp
[2011/12/22 22:50:54 | 000,256,000 | R--- | M] () -- C:\WINDOWS\Installer\3c7233.msp
[2012/04/06 08:12:34 | 015,709,696 | R--- | M] () -- C:\WINDOWS\Installer\3c723a.msp
[2012/04/28 20:44:02 | 009,101,824 | R--- | M] () -- C:\WINDOWS\Installer\3c7250.msp
[2012/04/04 21:38:44 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\3c7266.msp
[2012/09/10 15:59:10 | 010,739,712 | R--- | M] () -- C:\WINDOWS\Installer\3f14e9d.msp
[2013/04/23 01:16:00 | 018,951,680 | R--- | M] () -- C:\WINDOWS\Installer\3f89cdb.msp
[2013/05/21 14:17:50 | 002,825,728 | R--- | M] () -- C:\WINDOWS\Installer\3f89ce4.msp
[2013/05/14 20:23:08 | 012,840,448 | R--- | M] () -- C:\WINDOWS\Installer\3f89cf5.msp
[2011/11/21 11:05:16 | 000,088,576 | ---- | M] () -- C:\WINDOWS\Installer\40f02.msi
[2008/07/29 18:31:06 | 006,083,072 | R--- | M] () -- C:\WINDOWS\Installer\40f03.msp
[2008/07/29 18:37:12 | 000,911,360 | R--- | M] () -- C:\WINDOWS\Installer\40f04.msp
[2008/07/29 18:33:08 | 000,506,368 | R--- | M] () -- C:\WINDOWS\Installer\40f05.msp
[2008/07/29 18:43:22 | 001,013,248 | R--- | M] () -- C:\WINDOWS\Installer\40f06.msp
[2008/07/29 18:35:10 | 000,553,472 | R--- | M] () -- C:\WINDOWS\Installer\40f07.msp
[2008/07/29 18:39:14 | 003,403,264 | R--- | M] () -- C:\WINDOWS\Installer\40f08.msp
[2008/07/29 18:41:16 | 006,487,040 | R--- | M] () -- C:\WINDOWS\Installer\40f09.msp
[2008/07/29 18:29:04 | 002,926,080 | R--- | M] () -- C:\WINDOWS\Installer\40f0a.msp
[2008/07/29 18:45:28 | 002,543,616 | R--- | M] () -- C:\WINDOWS\Installer\40f0b.msp
[2011/11/21 11:08:33 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Installer\40f1f.msi
[2008/07/29 22:07:20 | 000,023,040 | R--- | M] () -- C:\WINDOWS\Installer\40f20.msp
[2008/07/29 20:18:48 | 003,376,640 | R--- | M] () -- C:\WINDOWS\Installer\40f21.msp
[2008/07/29 21:22:42 | 004,137,984 | R--- | M] () -- C:\WINDOWS\Installer\40f22.msp
[2008/07/29 20:34:28 | 001,448,448 | R--- | M] () -- C:\WINDOWS\Installer\40f23.msp
[2008/07/29 22:15:12 | 003,697,664 | R--- | M] () -- C:\WINDOWS\Installer\40f24.msp
[2008/07/29 20:40:38 | 000,291,840 | R--- | M] () -- C:\WINDOWS\Installer\40f25.msp
[2008/07/29 21:37:56 | 002,679,808 | R--- | M] () -- C:\WINDOWS\Installer\40f26.msp
[2008/07/29 22:28:10 | 000,278,016 | R--- | M] () -- C:\WINDOWS\Installer\40f27.msp
[2008/07/29 20:26:26 | 001,043,456 | R--- | M] () -- C:\WINDOWS\Installer\40f28.msp
[2008/07/29 22:23:12 | 000,250,880 | R--- | M] () -- C:\WINDOWS\Installer\40f29.msp
[2011/11/21 11:10:01 | 000,648,192 | ---- | M] () -- C:\WINDOWS\Installer\40f31.msi
[2008/12/13 10:57:24 | 008,397,824 | R--- | M] () -- C:\WINDOWS\Installer\40f3f.msp
[2008/12/13 11:21:36 | 010,473,472 | R--- | M] () -- C:\WINDOWS\Installer\40f49.msp
[2008/12/13 10:58:22 | 000,754,688 | R--- | M] () -- C:\WINDOWS\Installer\40f54.msp
[2012/02/17 07:45:24 | 002,299,392 | R--- | M] () -- C:\WINDOWS\Installer\456219.msp
[2012/04/28 20:43:58 | 008,459,264 | ---- | M] () -- C:\WINDOWS\Installer\45621b.msp
[2011/10/28 11:29:56 | 000,061,952 | ---- | M] () -- C:\WINDOWS\Installer\460e344.mst
[2013/03/27 15:04:40 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\514a32.msi
[2013/12/17 21:23:16 | 000,011,264 | ---- | M] () -- C:\WINDOWS\Installer\54a1dff.ipi
[2011/05/02 01:06:16 | 002,705,920 | R--- | M] () -- C:\WINDOWS\Installer\5539d4.msp
[2011/03/28 04:27:52 | 015,456,256 | R--- | M] () -- C:\WINDOWS\Installer\5539dc.msp
[2011/12/29 16:21:26 | 000,019,968 | ---- | M] () -- C:\WINDOWS\Installer\5b002.msi
[2012/09/13 07:50:30 | 014,549,504 | R--- | M] () -- C:\WINDOWS\Installer\5f08c6.msp
[2012/09/25 21:39:06 | 001,760,768 | R--- | M] () -- C:\WINDOWS\Installer\5f08ce.msp
[2012/09/25 21:38:52 | 011,885,568 | R--- | M] () -- C:\WINDOWS\Installer\5f08e6.msp
[2012/09/25 21:35:18 | 009,101,824 | R--- | M] () -- C:\WINDOWS\Installer\5f08fc.msp
[2012/09/25 21:35:46 | 004,285,952 | ---- | M] () -- C:\WINDOWS\Installer\5f08fe.msp
[2011/10/28 11:29:56 | 000,061,952 | ---- | M] () -- C:\WINDOWS\Installer\5f08ff.mst
[2011/10/28 11:21:25 | 002,397,184 | ---- | M] () -- C:\WINDOWS\Installer\6435a.msi
[2011/10/28 11:21:45 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\64360.msi
[2011/10/28 11:22:20 | 001,713,152 | ---- | M] () -- C:\WINDOWS\Installer\64366.msi
[2011/10/28 11:22:40 | 002,022,912 | ---- | M] () -- C:\WINDOWS\Installer\6436c.msi
[2011/10/28 11:22:51 | 001,640,960 | ---- | M] () -- C:\WINDOWS\Installer\64372.msi
[2011/10/28 11:23:02 | 000,048,128 | ---- | M] () -- C:\WINDOWS\Installer\6437b.msi
[2011/10/28 11:23:12 | 001,647,616 | ---- | M] () -- C:\WINDOWS\Installer\64381.msi
[2011/10/28 11:23:18 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\64387.msi
[2011/10/28 11:23:39 | 002,319,872 | ---- | M] () -- C:\WINDOWS\Installer\6438d.msi
[2011/10/28 11:23:52 | 000,513,024 | ---- | M] () -- C:\WINDOWS\Installer\64393.msi
[2011/10/28 11:24:03 | 000,516,608 | ---- | M] () -- C:\WINDOWS\Installer\6439a.msi
[2011/10/28 11:24:16 | 000,506,880 | ---- | M] () -- C:\WINDOWS\Installer\643a1.msi
[2011/10/28 11:24:23 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\643a7.msi
[2011/10/28 11:24:37 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\643ad.msi
[2011/10/28 11:24:52 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\643b3.msi
[2011/10/28 11:25:09 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\643b9.msi
[2011/10/28 11:25:15 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\643bf.msi
[2011/10/28 11:25:28 | 001,640,960 | ---- | M] () -- C:\WINDOWS\Installer\643c5.msi
[2011/10/28 11:29:52 | 018,181,632 | ---- | M] () -- C:\WINDOWS\Installer\643d1.msi
[2012/04/04 15:32:41 | 016,613,376 | R--- | M] () -- C:\WINDOWS\Installer\64c4b3.msp
[2011/10/27 12:01:09 | 000,264,704 | ---- | M] () -- C:\WINDOWS\Installer\6648d.msi
[2011/10/27 16:04:08 | 006,432,768 | ---- | M] () -- C:\WINDOWS\Installer\6a3d9.msi
[2011/10/27 16:04:20 | 000,585,728 | ---- | M] () -- C:\WINDOWS\Installer\6a3df.msi
[2011/10/27 16:04:43 | 000,668,672 | ---- | M] () -- C:\WINDOWS\Installer\6a3e6.msi
[2011/10/27 16:04:46 | 000,477,696 | ---- | M] () -- C:\WINDOWS\Installer\6a3ec.msi
[2011/10/27 16:04:48 | 000,478,208 | ---- | M] () -- C:\WINDOWS\Installer\6a3f2.msi
[2011/10/27 16:04:57 | 000,909,824 | ---- | M] () -- C:\WINDOWS\Installer\6a3f8.msi
[2011/10/27 16:05:02 | 000,593,920 | ---- | M] () -- C:\WINDOWS\Installer\6a3fe.msi
[2011/10/27 16:05:05 | 000,594,432 | ---- | M] () -- C:\WINDOWS\Installer\6a404.msi
[2011/10/27 16:05:09 | 000,594,944 | ---- | M] () -- C:\WINDOWS\Installer\6a40a.msi
[2011/10/27 16:05:12 | 000,590,336 | ---- | M] () -- C:\WINDOWS\Installer\6a410.msi
[2011/10/27 16:05:14 | 000,593,920 | ---- | M] () -- C:\WINDOWS\Installer\6a416.msi
[2011/10/27 16:05:24 | 000,598,528 | ---- | M] () -- C:\WINDOWS\Installer\6a41c.msi
[2013/05/10 14:03:40 | 019,456,000 | R--- | M] () -- C:\WINDOWS\Installer\862f0b.msp
[2010/02/25 01:14:38 | 000,543,232 | R--- | M] () -- C:\WINDOWS\Installer\922edf.msp
[2010/04/11 23:17:10 | 004,210,688 | R--- | M] () -- C:\WINDOWS\Installer\922eea.msp
[2010/04/11 23:17:08 | 002,607,104 | R--- | M] () -- C:\WINDOWS\Installer\922eeb.msp
[2010/04/11 23:17:12 | 014,599,680 | R--- | M] () -- C:\WINDOWS\Installer\922ef9.msp
[2010/09/23 08:39:44 | 004,265,472 | R--- | M] () -- C:\WINDOWS\Installer\922f03.msp
[2009/03/20 12:48:56 | 000,183,808 | R--- | M] () -- C:\WINDOWS\Installer\922f0d.msp
[2009/11/09 01:25:26 | 001,935,360 | R--- | M] () -- C:\WINDOWS\Installer\922f27.msp
[2010/03/31 02:23:04 | 015,638,528 | R--- | M] () -- C:\WINDOWS\Installer\922f33.msp
[2010/09/23 22:02:28 | 000,798,208 | R--- | M] () -- C:\WINDOWS\Installer\922f3a.msp
[2013/12/18 01:49:09 | 000,022,528 | ---- | M] () -- C:\WINDOWS\Installer\be49c2.msi
[2011/09/15 18:35:54 | 001,411,072 | R--- | M] () -- C:\WINDOWS\Installer\c26887.msp
[2011/09/15 18:37:52 | 034,428,416 | R--- | M] () -- C:\WINDOWS\Installer\c26888.msp
[2013/09/03 20:01:59 | 019,845,120 | R--- | M] () -- C:\WINDOWS\Installer\c49219.msp
[2009/04/04 11:14:58 | 001,094,656 | R--- | M] () -- C:\WINDOWS\Installer\dc36e9.msp
[2009/04/04 12:36:32 | 021,390,848 | R--- | M] () -- C:\WINDOWS\Installer\dc36ea.msp
[2009/04/04 18:09:34 | 015,190,016 | R--- | M] () -- C:\WINDOWS\Installer\dc3709.msp
[2009/04/04 18:08:40 | 343,058,432 | ---- | M] () -- C:\WINDOWS\Installer\dc3747.msp
[2011/10/28 11:29:56 | 000,061,952 | ---- | M] () -- C:\WINDOWS\Installer\dc3748.mst
[2013/04/26 13:55:52 | 000,805,888 | ---- | M] () -- C:\WINDOWS\Installer\ee3d73.msi
[2012/01/03 19:58:05 | 015,929,344 | R--- | M] () -- C:\WINDOWS\Installer\f8d22d.msp
[2006/05/14 07:38:00 | 000,270,430 | ---- | M] () -- C:\WINDOWS\Installer\iProInst.bmp
[2006/08/01 09:29:44 | 000,577,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[2013/10/15 21:45:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{3C3901C5-3455-3E0A-A214-0B093A5070A6}.SchedServiceConfig.rmi
[2011/11/21 11:08:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.SchedServiceConfig.rmi

< %windir%\system32\tasks\*.* >

< %windir%\system32\tasks\*.* /64 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004/08/04 00:56:50 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2004/08/04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 18:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 18:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 19:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 19:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/14 05:42:04 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2008/04/14 05:42:04 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
[2004/08/04 00:56:46 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004/08/04 00:56:46 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\$NtServicePackUninstall$\pnrpnsp.dll
[2008/04/14 05:42:04 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/14 05:42:04 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2008/04/14 05:42:04 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: REGEDIT.EXE >
[2008/04/14 05:42:34 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008/04/14 05:42:34 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2004/08/04 00:56:56 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe


----------



## goingcrazy123 (Dec 14, 2013)

Geez, this thing is long....This is the last part. Next I will post "Extras.Txt"

< MD5 for: SERVICES.EXE >
[2009/02/06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2008/04/14 05:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/14 05:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2004/08/04 00:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Documents and Settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004/08/04 00:56:48 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
[2008/04/14 05:42:10 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/14 05:42:10 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/12/18 14:02:47 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/12/18 14:02:47 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/12/18 14:02:47 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/12/18 14:03:14 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/12/18 14:03:14 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/12/18 14:03:14 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/14 05:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/23 14:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/12/18 14:02:47 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/12/18 14:02:47 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/12/18 14:02:47 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/12/18 14:03:14 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/12/18 14:03:14 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/12/18 14:03:14 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 05:42:36 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/14 05:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/23 14:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011/10/28 10:54:52 | 000,443,448 | ---- | M] ()* Unable to obtain MD5* -- C:\WINDOWS\system32\drivers\sptd.sys

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\* \s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 3476-2793
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/15/2013 09:54 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/15/2013 09:54 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
10/15/2013 09:44 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
10/13/2013 03:32 AM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 19,867,488,256 bytes free

========== Files - Unicode (All) ==========
[2013/10/01 00:05:55 | 098,541,442 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\Ꞷ➶哌6
[2013/10/01 00:05:55 | 098,541,442 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\Ꞷ➶哌6
[2013/09/29 17:47:30 | 098,466,785 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\爵哌6
[2013/09/29 17:47:30 | 098,466,785 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\爵哌6
[2013/09/28 17:35:25 | 098,442,955 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\撼苲哌6
[2013/09/28 17:35:25 | 098,442,955 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\撼苲哌6
[2013/09/25 22:28:38 | 097,858,179 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\嶸쿁哌6
[2013/09/25 22:28:38 | 097,858,179 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\嶸쿁哌6
[2013/09/25 01:11:09 | 097,613,522 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鼀�哌6
[2013/09/25 01:11:09 | 097,613,522 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鼀�哌6
[2013/09/23 21:41:48 | 098,685,961 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\웊ㆀ哌6
[2013/09/23 21:41:48 | 098,685,961 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\웊ㆀ哌6
[2013/09/22 20:00:36 | 098,597,466 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\묜띀哌6
[2013/09/22 20:00:36 | 098,597,466 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\묜띀哌6
[2013/09/20 21:10:33 | 098,487,876 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\똉哌6
[2013/09/20 21:10:33 | 098,487,876 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\똉哌6
[2013/09/17 23:35:26 | 098,071,447 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\更脼哌6
[2013/09/17 23:35:26 | 098,071,447 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\更脼哌6
[2013/09/17 11:38:30 | 097,931,385 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\獜ǅ哌6
[2013/09/17 11:38:30 | 097,931,385 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\獜ǅ哌6
[2013/09/15 17:14:05 | 097,671,483 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ⓐ哌6
[2013/09/15 17:14:05 | 097,671,483 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ⓐ哌6
[2013/09/15 00:00:31 | 097,600,188 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\댑댍哌6
[2013/09/15 00:00:31 | 097,600,188 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\댑댍哌6
[2013/09/14 02:11:02 | 097,519,942 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\嶴뾻哌6
[2013/09/14 02:11:02 | 097,519,942 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\嶴뾻哌6
[2013/09/12 19:36:53 | 097,373,152 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䣁環哌6
[2013/09/12 19:36:53 | 097,373,152 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䣁環哌6
[2013/09/12 13:36:30 | 097,238,077 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㛍팔哌6
[2013/09/12 07:39:09 | 097,238,077 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㛍팔哌6
[2013/09/10 23:23:18 | 097,004,533 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㛏壇哌6
[2013/09/10 23:23:18 | 097,004,533 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㛏壇哌6
[2013/09/09 15:57:22 | 096,665,497 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\樦ꆢ哌6
[2013/09/09 15:57:22 | 096,665,497 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\樦ꆢ哌6
[2013/09/08 17:35:10 | 096,566,691 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\菋䖷哌6
[2013/09/08 17:35:10 | 096,566,691 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\菋䖷哌6
[2013/09/07 20:31:51 | 096,533,415 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᔦ萢哌6
[2013/09/07 20:31:51 | 096,533,415 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᔦ萢哌6
[2013/09/06 21:04:35 | 096,462,459 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\덌Ϊ哌6
[2013/09/06 21:04:35 | 096,462,459 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\덌Ϊ哌6
[2013/09/05 19:27:53 | 096,185,213 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\컕奬哌6
[2013/09/05 19:27:53 | 096,185,213 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\컕奬哌6
[2013/09/04 19:58:02 | 095,920,262 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꈩ⪛哌6
[2013/09/04 19:58:02 | 095,920,262 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ꈩ⪛哌6
[2013/09/03 18:49:45 | 095,638,383 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\쑿練哌6
[2013/09/03 18:49:45 | 095,638,383 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\쑿練哌6
[2013/09/01 22:13:06 | 095,199,041 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\섰哌6
[2013/09/01 22:13:06 | 095,199,041 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\섰哌6
[2013/08/31 22:21:44 | 095,128,664 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\⑅띉哌6
[2013/08/31 22:21:44 | 095,128,664 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\⑅띉哌6

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\WINDOWS:nlsPreferences

< End of report >


----------



## goingcrazy123 (Dec 14, 2013)

Here is the Extras.Txt:

OTL Extras logfile created on: 12/20/2013 5:07:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Larry\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.42 Mb Total Physical Memory | 488.86 Mb Available Physical Memory | 49.36% Memory free
2.33 Gb Paging File | 1.69 Gb Available in Paging File | 72.35% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 18.53 Gb Free Space | 33.16% Space Free | Partition Type: NTFS
Drive E: | 29.80 Gb Total Space | 19.61 Gb Free Space | 65.79% Space Free | Partition Type: FAT32

Computer Name: LARRY-PC | User Name: Larry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Documents and Settings\Larry\My Documents\My Data Sources\VLC Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Documents and Settings\Larry\My Documents\My Data Sources\VLC Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Larry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Larry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome
"C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide ALL IP\HideAllIP.exe" = C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide ALL IP\HideAllIP.exe:*isabled:Hide ALL IP
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*isabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*isabled:VLC media player
"C:\Documents and Settings\Larry\My Documents\My Data Sources\uTorrent\utorrent 3.3.2.exe" = C:\Documents and Settings\Larry\My Documents\My Data Sources\uTorrent\utorrent 3.3.2.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C5845B5-729F-40E3-A945-4454E67F65F4}" = BCL easyConverter Desktop 3 (Word Version)
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5A2C78C-5D8F-40D2-A130-7696D4F22953}" = MindMaster
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype 5.5
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adolix Split and Merge PDF_is1" = Adolix Split and Merge PDF v1.7
"A-PDF Split_is1" = A-PDF Split 2.4
"Avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HMIP50_is1" = Hide My IP 5.4
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"JustCloud" = JustCloud 
"Ken Ward's Makeup_is1" = Ken Ward's Makeup 0.901
"Linguata Hungarian" = Linguata Hungarian 2.4
"Linguata Ukrainian" = Linguata Ukrainian 2.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel(R) PROSet/Wireless Software
"VLC media player" = VLC media player 2.1.2
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"XP Tools_is1" = XP Tools Pro 9.98.18

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/17/2013 6:23:56 PM | Computer Name = LARRY-PC | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.7.27, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/18/2013 7:08:53 AM | Computer Name = LARRY-PC | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 backupstack.exe, P2 1.0.0.0, P3 518e6fd4, P4
system.data.sqlite, P5 1.0.66.0, P6 4bcb6cc5, P7 280, P8 86, P9 system.data.sqlite.sqlite,
P10 NIL.

Error - 6/18/2013 7:09:48 AM | Computer Name = LARRY-PC | Source = Application Hang | ID = 1002
Description = Hanging application JustCloud.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/18/2013 7:09:49 AM | Computer Name = LARRY-PC | Source = Application Hang | ID = 1002
Description = Hanging application JustCloud.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/22/2013 7:02:04 AM | Computer Name = LARRY-PC | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 backupstack.exe, P2 1.0.0.0, P3 518e6fd4, P4
system.data.sqlite, P5 1.0.66.0, P6 4bcb6cc5, P7 280, P8 86, P9 system.data.sqlite.sqlite,
P10 NIL.

Error - 6/23/2013 1:00:10 PM | Computer Name = LARRY-PC | Source = Application Hang | ID = 1002
Description = Hanging application POWERPNT.EXE, version 12.0.6600.1000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/23/2013 1:13:26 PM | Computer Name = LARRY-PC | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.6668.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/23/2013 1:14:12 PM | Computer Name = LARRY-PC | Source = Application Hang | ID = 1001
Description = Fault bucket -1013952839.

Error - 6/24/2013 3:04:37 PM | Computer Name = LARRY-PC | Source = Application Error | ID = 1000
Description = Faulting application kindle.exe, version 1.10.6.40500, faulting module
kindle.exe, version 1.10.6.40500, fault address 0x000e1361.

Error - 7/4/2013 12:37:14 PM | Computer Name = LARRY-PC | Source = Application Hang | ID = 1002
Description = Hanging application EasyClea.exe, version 2.0.6.380, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 5/2/2012 2:16:58 PM | Computer Name = LARRY-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28190
seconds with 14160 seconds of active time. This session ended with a crash.

Error - 9/30/2012 9:07:36 AM | Computer Name = LARRY-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8491
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 9/30/2012 11:21:01 AM | Computer Name = LARRY-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6980
seconds with 1920 seconds of active time. This session ended with a crash.

Error - 3/5/2013 9:16:48 AM | Computer Name = LARRY-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 815 seconds with 540 seconds of active time. This session ended with a crash.

Error - 4/20/2013 10:43:33 AM | Computer Name = LARRY-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7627
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 5/3/2013 3:30:51 PM | Computer Name = LARRY-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22430
seconds with 5640 seconds of active time. This session ended with a crash.

Error - 12/5/2013 3:04:47 PM | Computer Name = LARRY-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 15602
seconds with 3360 seconds of active time. This session ended with a crash.

Error - 12/14/2013 2:10:52 PM | Computer Name = LARRY-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1591
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/18/2013 1:51:58 PM | Computer Name = LARRY-PC | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 12/18/2013 1:51:58 PM | Computer Name = LARRY-PC | Source = Service Control Manager | ID = 7034
Description = The MBAMScheduler service terminated unexpectedly. It has done this
1 time(s).

Error - 12/18/2013 1:51:58 PM | Computer Name = LARRY-PC | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/18/2013 1:51:58 PM | Computer Name = LARRY-PC | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/18/2013 1:52:01 PM | Computer Name = LARRY-PC | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 12/18/2013 1:53:01 PM | Computer Name = LARRY-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Print Spooler service
to connect.

Error - 12/18/2013 1:53:01 PM | Computer Name = LARRY-PC | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%1053

Error - 12/19/2013 4:51:44 PM | Computer Name = LARRY-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 12/19/2013 4:51:50 PM | Computer Name = LARRY-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 12/19/2013 4:51:50 PM | Computer Name = LARRY-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

< End of report >


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

-----1) In OTL Part 4, please disregard this:

@@@@@@@@@@

I had put that in there to remind myself where to chop up the text in pasting.

------2) Also, I have NO idea how those smilies ended up in the middle of the log.

------3) Right now my Microsoft Word files are taking an extremely long time to come up after I click on a file. Any idea why?

------4) The OTL scan took a long time to run and now it wants to know if I want to "run fix" or "clean up" or something. Should I just close it all up without doing anything? That will mean running the scan again tomorrow. I am two hours ahead of you, time-wise (if you're in England).

I hope we can take some definitive actions tomorrow. (I still have not run that Security Check application, because I could not access it). Thank you very much for your help!

Larry


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

It's Saturday, Dec 21. I hope we can get some things done today. Just did a new MBAM log, and still found *Trojan.Monder *and PUP.Optional.Conduit! See below:
Larry

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Larry :: LARRY-PC [administrator]

12/21/2013 12:36:09 AM
mbam-log-2013-12-21 (00-36-09).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296135
Time elapsed: 4 hour(s), 23 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\System Volume Information\_restore{0FA1F6FF-1C5C-4BB2-A631-F23A49FA903E}\RP750\A0208895.dll (Trojan.Monder) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0FA1F6FF-1C5C-4BB2-A631-F23A49FA903E}\RP752\A0209256.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

(end)


----------



## goingcrazy123 (Dec 14, 2013)

Would someone please help me? I am an unemployed writer, with just this one computer. I am going crazy staring at this hourglass constantly. A journal editor needs my final revised draft NOW, and it is taking forever to browse from one internet page to another, as well as to open MS Word files. I have already done several scans, including OTL. Is anyone available to help me, despite the holidays? S.O.S.

Larry


----------



## eddie5659 (Mar 19, 2001)

I'm still here but its the holiday season, so trying to get stuff done before Christmas.



> C:\Documents and Settings\Larry\Local Settings\Temp\Temporary Internet Files\Content.IE5\EN8D8N2L\JRT[1].exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully.


That is actually a legit program, you ran it earlier as I asked for it. Looks like its a false positive, so I'll contact them and let them know 



> ------2) Also, I have NO idea how those smilies ended up in the middle of the log.


Its okay, its because its the word Disable with a : at the begining. Its our smilies, try it 



> ------4) The OTL scan took a long time to run and now it wants to know if I want to "run fix" or "clean up" or something. Should I just close it all up without doing anything? That will mean running the scan again tomorrow. I am two hours ahead of you, time-wise (if you're in England).


We'll run another program first, but when we come to remove anything with it, its a lot quicker, trust me 

Now, this one will remove some things. There are a few I'm looking at, so this is main thing, as you look like you have a few things on there.

Also, did you know this is installed. If you did, that's fine, I'll ignore it:

*HideAllIP*

----

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to goingcrazy123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie. Here's the ComboFix Txt.....Yeah, I know about the IP thing. I occasionally use it when I want to see Netflix, which is not accessible to people living outside the USA. Please let me know the results of this scan! Thanks a lot.

Larry

ComboFix 13-12-20.01 - Larry 12/21/2013 22:20:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.990.552 [GMT 2:00]
Running from: c:\documents and settings\Larry\My Documents\Downloads\goingcrazy123.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
_ ADS - WINDOWS: deleted 192 bytes in 1 streams. _
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFPANSI
-------\Service_AFPAnsi
.
.
((((((((((((((((((((((((( Files Created from 2013-11-21 to 2013-12-21 )))))))))))))))))))))))))))))))
.
.
2013-12-19 19:50 . 2013-12-21 11:13 -------- d-----w- c:\documents and settings\Larry\Application Data\vlc
2013-12-18 14:14 . 2013-12-21 08:51 -------- d-----w- C:\AdwCleaner
2013-12-18 13:12 . 2013-12-18 13:12 -------- d-----w- c:\windows\ERUNT
2013-12-18 12:02 . 2013-12-18 12:02 1776240 ----a-w- c:\program files\Mozilla Firefox\nss3.dll
2013-12-18 12:02 . 2013-12-18 12:02 393840 ----a-w- c:\program files\Mozilla Firefox\nssckbi.dll
2013-12-18 12:02 . 2013-12-18 12:02 92272 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll
2013-12-18 12:02 . 2013-12-18 12:02 28272 ----a-w- c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-12-18 12:02 . 2013-12-18 12:02 18544 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2013-12-18 12:02 . 2013-12-18 12:02 153712 ----a-w- c:\program files\Mozilla Firefox\softokn3.dll
2013-12-18 12:02 . 2013-12-18 12:02 872352 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2013-12-18 12:02 . 2013-12-18 12:02 276592 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2013-12-18 12:02 . 2013-12-18 12:02 170960 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-12-18 12:02 . 2013-12-18 12:02 108144 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-12-18 12:02 . 2013-12-18 12:02 22370928 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2013-12-17 22:44 . 2013-12-17 22:44 -------- d-----w- c:\documents and settings\Larry\Application Data\SUPERAntiSpyware.com
2013-12-17 22:43 . 2013-12-17 23:44 -------- d-----w- c:\program files\Google
2013-12-17 22:41 . 2013-12-20 14:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-12-17 22:41 . 2013-12-17 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-12-16 14:35 . 2013-12-21 18:25 0 ----a-w- c:\windows\system32\bn.dll
2013-12-16 14:34 . 2008-02-24 14:17 11264 ----a-w- c:\windows\system32\drivers\supermounter.sys
2013-12-16 14:34 . 2007-03-11 19:39 44000 ----a-w- c:\windows\system32\drivers\AFPUni.sys
2013-12-16 14:34 . 2007-03-11 19:39 43936 ----a-w- c:\windows\system32\drivers\AFPAnsi.sys
2013-12-16 14:34 . 2009-08-21 21:07 620032 ----a-w- c:\windows\system32\xtsupermenuHook.dll
2013-12-16 14:34 . 2003-10-16 20:56 6144 ----a-w- c:\windows\system32\SuperRes.dll
2013-12-16 14:34 . 2003-09-06 20:32 73728 ----a-w- c:\windows\system32\smh.dat
2013-12-16 14:34 . 2003-10-11 08:24 89088 ----a-w- c:\windows\system32\Shreder.dll
2013-12-16 14:33 . 2008-08-04 12:21 1509376 ----a-w- c:\windows\system32\context.dll
2013-12-16 12:29 . 2013-12-16 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Auslogics
2013-12-12 14:30 . 2013-12-12 14:30 -------- d-----w- c:\documents and settings\Larry\Application Data\AVAST Software
2013-12-12 14:27 . 2013-12-12 14:27 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-12 14:27 . 2013-12-12 14:27 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-12 14:27 . 2013-12-12 14:27 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-12 14:27 . 2013-12-12 14:27 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-12 14:27 . 2013-12-12 14:27 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-12 14:27 . 2013-12-12 14:27 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-12 14:27 . 2013-12-12 14:27 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-12 14:27 . 2013-12-12 14:27 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-12-12 14:27 . 2013-12-12 14:27 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-12 14:27 . 2013-12-12 14:27 43152 ----a-w- c:\windows\avastSS.scr
2013-12-12 14:26 . 2013-12-12 14:26 -------- d-----w- c:\program files\AVAST Software
2013-12-12 14:17 . 2013-12-12 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-12-12 11:23 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-19 22:31 . 2013-12-19 22:31 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS.bak
2013-12-19 22:31 . 2013-12-19 22:31 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 107136 ----a-w- c:\windows\system32\drivers\wmdusbser.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 25471 ----a-w- c:\windows\system32\drivers\watv10nt.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 22271 ----a-w- c:\windows\system32\drivers\watv06nt.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 11935 ----a-w- c:\windows\system32\drivers\wadv11nt.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 11871 ----a-w- c:\windows\system32\drivers\wadv09nt.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 11295 ----a-w- c:\windows\system32\drivers\wadv08nt.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 11807 ----a-w- c:\windows\system32\drivers\wadv07nt.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 14208 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 2206720 ----a-w- c:\windows\system32\drivers\w29n51.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 42240 ----a-w- c:\windows\system32\drivers\viaagp.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 207488 ----a-w- c:\windows\system32\drivers\vinyl97.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 26368 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak
2013-12-19 22:31 . 2013-12-19 22:31 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 60160 ----a-w- c:\windows\system32\drivers\usbaudio.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 44672 ----a-w- c:\windows\system32\drivers\uagp35.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 11264 ----a-w- c:\windows\system32\drivers\supermounter.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 49408 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 443448 ----a-w- c:\windows\system32\drivers\sptd.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 95424 ----a-w- c:\windows\system32\drivers\slnthal.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 5888 ----a-w- c:\windows\system32\drivers\smbali.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 404990 ----a-w- c:\windows\system32\drivers\slntamr.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 13240 ----a-w- c:\windows\system32\drivers\slwdmsup.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 40960 ----a-w- c:\windows\system32\drivers\sisagp.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 129535 ----a-w- c:\windows\system32\drivers\slnt7554.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 166912 ----a-w- c:\windows\system32\drivers\s3gnbm.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 12544 ----a-w- c:\windows\system32\drivers\s24trans.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 80512 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 20992 ----a-w- c:\windows\system32\drivers\rtl8139.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 13776 ----a-w- c:\windows\system32\drivers\recagent.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 16512 ----a-w- c:\windows\system32\drivers\raspti.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 69120 ----a-w- c:\windows\system32\drivers\psched.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
2013-12-19 22:31 . 2013-12-19 22:31 35840 ----a-w- c:\windows\system32\drivers\processr.sys.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-12 14:27 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2009-11-07 00:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LoadMdm"="c:\program files\Wetelecom\LoadMdm.exe" [2010-07-13 397312]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-12 3568312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Larry\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 13:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2013-03-20 18:38 162856 -c--a-w- c:\documents and settings\Larry\My Documents\My Data Sources\URL to PDF\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:36 19549320 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Larry\\My Documents\\My Data Sources\\uTorrent\\utorrent 3.3.2.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [12/12/2013 4:27 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [12/12/2013 4:27 PM 178304]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/12/2013 4:27 PM 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/12/2013 4:27 PM 403440]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 6:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 11:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [10/11/2013 12:54 AM 120088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/12/2013 4:27 PM 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [12/12/2013 4:27 PM 70384]
R2 MBAMScheduler;MBAMScheduler;c:\documents and settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/12/2013 1:24 PM 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/12/2013 1:23 PM 22856]
S2 MBAMService;MBAMService;c:\documents and settings\Larry\My Documents\My Data Sources\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe [12/12/2013 1:24 PM 701512]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 HideMyIpSRV;HideMyIpSRV;c:\documents and settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe [10/14/2013 12:54 PM 3616880]
S3 wmdusbser;Wetelecom USB Device for Legacy Serial Communication;c:\windows\system32\drivers\wmdusbser.sys [6/11/2010 4:46 AM 107136]
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-21 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-12 14:27]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-17 22:43]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-17 22:43]
.
2013-12-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 42f42dbe-6fcc-487f-9923-ea810bbad3e7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2013-12-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d17abb23-26f0-4654-8e66-fb597997dec6.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
TCP: DhcpNameServer = 91.224.178.5 77.88.8.8
FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\d6ynzd6q.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.ua/
FF - ExtSQL: 2013-12-12 16:27; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-21 22:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
.
c:\windows\TEMP\avast_ash\Mozilla Firefox\update.xml.part 0 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\HMIPCore.dll
.
- - - - - - - > 'explorer.exe'(3024)
c:\program files\JustCloud\MPCBIconOverlays.dll
c:\program files\JustCloud\LogicNP.EZShellExtensions.dll
c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
c:\program files\JustCloud\x86\System.Data.SQLite.dll
c:\program files\JustCloud\AWSSDK.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2013-12-21 22:47:29 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-21 20:47
.
Pre-Run: 20,568,911,872 bytes free
Post-Run: 20,655,800,320 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 1C8274C80625C5714F05B40589BB5F50
8F558EB6672622401DA993E1E865C861


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Would you kindly tell me what your holiday hours are this week? Knowing that, at least, might help me maintain my sanity. My computer is still working sluggishly, particularly when opening programs and internet pages. Some questions for you:

Questions:

1) So I unloaded Google Chrome and began using Mozilla Firefox. Seems I opened a new can of worms: outdated version, outdated Adobe Flash, and other "plugins". Solved the first two issues, but I'm getting messages that so-and-so plugin has stopped working. How I solve this? How can I speed up Firefox?

2) I am getting this message often, which requires me to keep typing in their stupid letters so they know I am not a robot. Is this a sign of lingering malware on my system?
*
Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot.

*3) I notice that after we did the OTL scan, there are about 25-30 "jpg" files in my MUSIC folder - of all places - and when I go to delete them, I am told that they are system files. They are labeled "AlbumArt" followed by combinations of numbers and capital letters. How do I get rid of them?

4) The only internet browser I am using now is Firefox. When I use CCleaner, however, it cleans out the IE cache as well. Why is the IE cache filling up if I never use it?

5) Right now I have 33% free space on my hard drive. Could you help me bump that up to over 50%? There are a lot of things I don't use, like Games, etc.

6) Is it safe to delete old "exe" files after I have installed a program and/or after I have uninstalled a program? There are a lot of files in my Programs folder that go to programs I no longer use. As I said, I want to do some thorough housecleaning! This is my ONLY laptop, and I am unemployed writer, so I MUST keep it in good working order.

7) Finally, you said you can recommend a good defrag tool?

Okay. Waiting anxiously to hear from you. Happy Holidays (although mine will be miserable until I get this computer back in shape).

Larry aka GoingCrazy


----------



## eddie5659 (Mar 19, 2001)

Hiya

Sorry, I was at family yesterday. I'm off work all this week, but have people round tomorrow and xmas day, and then need to drive them back on boxing day. But, I will make time to check here daily, to keep on top of this 

I'll answer the questions in a min, but let me read the latest log and we can go from there. Posting now so you know I am here


----------



## eddie5659 (Mar 19, 2001)

Okay, now there are some files that may look suspicious but may be backed up files. I see you have JustCloud, which is a backup service, so I just want to check a few files to make sure they're okay. The file sizes match, but best to be safe 


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\WINDOWS\System32\drivers\wmdusbser.sys.bak*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

Also, do the same with these:

*C:\WINDOWS\System32\drivers\slnthal.sys.bak
C:\WINDOWS\System32\drivers\irbus.sys.bak
C:\WINDOWS\System32\drivers\AFPAnsi.sys.bak*

-----------

Now, for those chinese ones, we'll remove in a second fix. As you may notice, the symbols change when you paste it here. That is because our forum software isn't capable of displaying all languages.

So, before you run the OTL fix, can you upload the scan as an attachment, as this will retain the symbols 

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *OTL.txt* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Submit Reply*










--------------------

After uploading the OTL scan, can you do the following. The reason we do this part second, is that the OTL log gets overwritten with the new scan, so you only have the one notepad, instead of many 

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Commands
[CREATERESTOREPOINT] 
:OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
IE - HKU\S-1-5-21-1214440339-1592454029-839522115-1003\..\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF: "URL" = http://blekko.com/ws/?source=5f97ddbe&amp;tbp=rbox&amp;u=34762793000000000000000e35ae6694$amp;q= {searchTerms}
FF - user.js - File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
O33 - MountPoints2\{1afd3ac0-0145-11e1-b979-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1afd3ac0-0145-11e1-b979-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1afd3ac0-0145-11e1-b979-806d6172696f}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{1afd3ac0-0145-11e1-b979-806d6172696f}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{1afd3ac0-0145-11e1-b979-806d6172696f}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{6e09c143-c529-11e2-99b3-000fb05c624f}\Shell - "" = AutoRun
O33 - MountPoints2\{6e09c143-c529-11e2-99b3-000fb05c624f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6e09c143-c529-11e2-99b3-000fb05c624f}\Shell\AutoRun\command - "" = E:\Launcher.exe
[2013/12/18 17:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/05/20 10:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\IObit
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
[purity]
```

Then click the *Run Fix* button at the top 
Click OK.
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.

----------

Now, we'll use SystemLook to see what remains of the ones we've seen. This may be rather long, so posting in parts is fine 

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
*Blekko*.*
*IObit*.*
*backupstack*.*
*conduit*.*
*babylon*.*
*ilivid*.*
*asktoolbar*.*
*spam free*.*
*spamfree*.*
*delta-search*.*
*driverscanner*.*
*Vendio*.*
*YouTube*.*
*hbcennhacfaagdopikcegfcobcadeocj*.*
*icdlfehblmklkikfigmjhbmmpmkmpooj*.*
*mhkaekfpcppmmioggniknbnbdbcigpkk*.*
*pfndaklgolladniicklehhancnlgocpp*.*
*582d9dfb63be542*.*
:folderfind
*Blekko*
*IObit*
*backupstack*
*conduit*
*babylon*
*ilivid*
*asktoolbar*
*spam free*
*spamfree*
*delta-search*
*driverscanner*
*Vendio*
*YouTube*
*hbcennhacfaagdopikcegfcobcadeocj*
*icdlfehblmklkikfigmjhbmmpmkmpooj*
*mhkaekfpcppmmioggniknbnbdbcigpkk*
*pfndaklgolladniicklehhancnlgocpp*
*582d9dfb63be542*
:regfind
Blekko
IObit
backupstack
conduit
babylon
ilivid
asktoolbar
spam free
spamfree
delta-search
driverscanner
Vendio
YouTube
hbcennhacfaagdopikcegfcobcadeocj
icdlfehblmklkikfigmjhbmmpmkmpooj
mhkaekfpcppmmioggniknbnbdbcigpkk
pfndaklgolladniicklehhancnlgocpp
582d9dfb63be542
3C471948-F874-49F5-B338-4F214A2EE0B1
F3FEE66E-E034-436A-86E4-9690573BEE8A
03EB0E9C-7A91-4381-A220-9B52B641CDB1
BAE35237-8D73-44D0-905C-8A95EA1E7E69
EECF410C-006C-4A05-AD13-6741A0814DBF
F3FEE66E-E034-436A-86E4-9690573BEE8A
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

--------------

Then, just in case you have something lurking behind the scenes, can you run the following tools:

Please download the latest version of TDSSKiller from *here

* and save it to your *Desktop*.

Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters.*








Put a checkmark beside *loaded modules*.








A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to

load your background programs.
Then click on *Change parameters* in TDSSKiller.
Check all boxes then click OK.








Click the *Start Scan* button.








The scan should take no longer than 2 minutes.
If a *suspicious object* is detected, the default action will be *Skip*, click on *Continue*.








 If *malicious objects* are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure *Cure* (default) is selected, then click *Continue* > *Reboot now to finish the cleaning process.*








*Note*: If *Cure* is not available, please choose *Skip* instead, do not choose *

Delete* unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy

and paste the contents of that file here.

============================

I know that is a lot to run, but it will definatly help. Also, to speed things up a bit, uninstall *SUPERAntiSpyware* from AddRemove Programs, as that will start on startup, which is a pain in my eyes.

Now, onto the questions 



> 1) So I unloaded Google Chrome and began using Mozilla Firefox. Seems I opened a new can of worms: outdated version, outdated Adobe Flash, and other "plugins". Solved the first two issues, but I'm getting messages that so-and-so plugin has stopped working. How I solve this? How can I speed up Firefox?


For these, can you do this, as this is another way of seeing what is out of date:

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go 
HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

Also, do you know which plugin isn't working?



> 2) I am getting this message often, which requires me to keep typing in their stupid letters so they know I am not a robot. Is this a sign of lingering malware on my system?
> 
> Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot.


That is a normal thing, I get that sometimes when I research files in a website I use. Its a way to avoid any strange activity, and its just a way to ensure you are wanting to visit all the time, and not something on your system. Saying that, doing the above may help in the long run.



> 3) I notice that after we did the OTL scan, there are about 25-30 "jpg" files in my MUSIC folder - of all places - and when I go to delete them, I am told that they are system files. They are labeled "AlbumArt" followed by combinations of numbers and capital letters. How do I get rid of them?


They are system files. What OTL does is make things unhidden so it can see them. We'll unhide them usually at the end, but if you want to do that now, its this:

Set Explorer to hide Hidden Files and Folders:

Right-click your Start button and go to "Explore".
Select Tools from the menu
Select Folder Options
Select the View tab
Click on Don't Show all Files and Folders
Select *Apply to All Folders *| *Yes* | *Apply* |* OK*.



> 4) The only internet browser I am using now is Firefox. When I use CCleaner, however, it cleans out the IE cache as well. Why is the IE cache filling up if I never use it?


It may be the remains of the files still in IE, but sometimes entries may still be in there.



> 5) Right now I have 33% free space on my hard drive. Could you help me bump that up to over 50%? There are a lot of things I don't use, like Games, etc.


Not a problem, I'll look through your installed programs, and see what can go 



> 6) Is it safe to delete old "exe" files after I have installed a program and/or after I have uninstalled a program? There are a lot of files in my Programs folder that go to programs I no longer use. As I said, I want to do some thorough housecleaning! This is my ONLY laptop, and I am unemployed writer, so I MUST keep it in good working order.


If the install exe's are say in your download folder etc, then yes, then can be deleted. If they are in the folder, say Program Files, then I would keep them. If however its been uninstalled, and folders are left, for example a game may produce many files, and uninstalling just leaves the saved files, then removing them should be okay.

A rule of thumb I do, is I move them to the Recycle bin, use the pc as normal, reboot etc, and all normal programs. If no issues after a few days, I remove them from the Bin 



> 7) Finally, you said you can recommend a good defrag tool?


Yep, just fired the old laptop to find the name. Its Auslogics, and here is the site:

http://www.auslogics.com/en/software/disk-defrag/

and its free 

--------------------

Good luck on the writing, I have a lot of praise for the freelancers out there, as you guys get more done, and delve deeper :up:

eddie


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

You wrote:


Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:
*C:\WINDOWS\System32\drivers\wmdusbser.sys.bak*

 Click on the *Upload* button

There is NO "box" on this website labeled *"Suspicious files to scan". I see only a box labeled "Browse" and one labeled "Upload."

Are you thinking of some other website, perhaps?

Larry

*


----------



## goingcrazy123 (Dec 14, 2013)

P.S. Auslogics looks good, but it keeps hitting me up for money. (Did I mention to you that I'm unemployed?) Is there a version of this that is free, or maybe another reliable freeware I could use? Auslogics says there's a lot of space I could free up, and that I have security issues, like websites that save my passwords, etc. It's a big tease to hear you have all these problems, and then make the person pay to get rid of them. Good marketing, but annoying as hell. Sent out 14 job applications so far and just had one grueling telephone interview, which I thought went well, but alas just got the rejection. Merry Christmas, indeed. Not in the mood to spend any cash I need to survive on unless I really have to. (I have a PhD, by the way. It does NOT help in getting a job). Larry


----------



## goingcrazy123 (Dec 14, 2013)

Yikes, this sounds very complicated. So are you saying you want me to do the OTL scan over again? The results
were inconclusive because the symbols are garbled?


----------



## goingcrazy123 (Dec 14, 2013)

Sorry to ask a dumb question, Eddie, but one reason why I have not kept up with all the updates is because I'm wondering: does this mean there will be duplicate programs on my computer? I.e. when you download "updates" do they REPLACE the older version of the installed program, or do the old files stay on the hard drive too? Before I download any updates, should I uninstall the previous programs?


----------



## eddie5659 (Mar 19, 2001)

Just replying as I have to go in a few mins.

At the http://virscan.org/ website, at the top (and I'll update my speech for others) there should be a Browse button. Click on that, browse to the location of the file, and then click Upload. Then scan as before 

The Auslogics I use says about the paid version, but I just select no. All I have is the defrag tool, none of the other stuff. I'll look at that soon and see if I have a version from somewhere else.

The OTL scan. You should already have the OTL.txt file on your laptop, in the C:\Documents and Settings\Larry\My Documents\Downloads folder. Just locate it, and upload it as I posted above. That way, I can sort the chinese things a different way. Its just that certain symbols are correct when viewed in Notepad, but can change on here, as we don't have all languages installed 

The fix doesn't need a fresh scan, its just removing things. But, like I said, do that bit after the uploading of the original OTL.txt, as it normally overwrites the txt file.

When you download updates, they update the program, and the older version doesn't exist after. The only times it may not do this is Java installs, but then they're easy to sort after. Just leave the originals installed, download the new ones, from Secunia (although it will take you to the main sites for any outdated programs) and afterwards, you can delete the exe file you just downloaded.

If the files are only in your Download folder (exe's) then you can delete them without any issue.

I'll be here, on and off tonight, will check in after dinner.

Also, sorry to hear about the job front, its tough out there for any career, but I hope you get one soon


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Still working on this stuff. Please bear with me. So when I click "Browse" on the http://virscan.org/ website, how exactly do I locate those specific files that you mentioned?

Thanks for your help, and Marry Christmas.

Larry


----------



## eddie5659 (Mar 19, 2001)

When you click on the Browse button, a box will apear. On the left are the folders, click on each to open up the folder you need to get to C:\WINDOWS\System32\drivers\ and then look for the first file, which is wmdusbser.sys.bak, and click on Open then Upload.

Here is a screenshot of the location, but a different file, as I don't have the same:

Also, as mine is Windows 7, it may look a little different. You may be able to use the dropdown part at the top, but either way will work:


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

I am attempting to upload the OTL Text as an attachment. Not sure I am doing this right. Please let me know. Thanks. Will post the Extras next.

Larry


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Here is the new Extras OTL txt. Please note in these OTL txts: ***Apparently I have a registry key error!!!!Can you help me fix it? Is it important?? 

Thanks for your help. Will do the Virscan now.

Larry


----------



## goingcrazy123 (Dec 14, 2013)

P.S. The plugin that isn't working is Shockwave something. How do I update it?


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

I am pretty thoroughly confused at this point. Not sure i did this right. I hit the "Run Fix" after the first OTL scan,
but there's a bunch of errors.

Now I'll do the second OTL scan and fix.

It would be very helpful if you could make an abridged list of *concrete actions* I need to take, and then under that give the longer elaboration. I asked you how many different OTL scans you wanted me to do, but you didn't answer. I'm confused why we did one OTL scan, but didn't run the fix, then did Combofix, then came back to OTL, and then at that point, I'm not sure if you wanted me to run the fix after the first one, or paste in the NEW set of custom codes and only fix that. So if you could be more clear about when/whether I should run the fixes or just send you the logs of what came up after the scans, that would be helpful.

I'll do the second OTL scan and fix, then go on to Virscan, System Look, and Kaspersky. Thanks.

Larry


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie. I rebooted after that first OTL fix, and this image popped up on my screen when the computer came back on. See attached jpg. What does this mean? Is this serious? I don't think I have any installation disks. How should I proceed? Or don't I have to do anything? How do I find this missing file?

Thanks for your help.

Larry


----------



## goingcrazy123 (Dec 14, 2013)

Okay, here are the results of the second custom OTL fix and reboot. This looks intriguing. Can you perhaps give me a layman's explanation of what your concerns were, what we did, and what you see now?

I should have gone into IT. Everyone's always got some kind of computer trouble....

On to Virscan....


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Scanned the first system 32 file with Virscan, but when I click on "copy to clipboard," nothing happens. I'll 
copy the results here:

Scanner results Scanner results : Scanners did not find malware! Time : 2013/12/26 16:15:48 (EET) Scanner  Engine Ver Sig Ver Sig Date Scan result Time a-squared 5.1.0.4 00050000000000 0005-00-00 -
0.000 AhnLab V3 2013.04.23.00 2013.04.23 2013-04-23 -
0.000 AntiVir 8.2.10.202 7.11.50.58 2012-11-16 -
10.473 Antiy 2.0.18 2.0.18. 0002-18-00 -
0.228 Arcavir 2011 201312160034 2013-12-16 -
6.544 Authentium 5.3.14 5.3.14 0005-14-00 -
0.811 AVAST! 4.7.4 131225-1 2013-12-25 -
0.275 AVG 10.0.1405 2109/6449 2013-12-25 -
0.302 BitDefender 7.90123.10665446 7.52304 2013-12-27 -
6.609 ClamAV 0.97.8 18287 2013-12-26 -
0.336 Comodo 5.1 15023 2013-12-15 -
0.000 CP Secure 1.3.0.5 2013.10.19 2013-10-19 -
0.258 Dr.Web 5.0.2.3300 2013.12.27 2013-12-27 -
26.084 F-Prot 4.6.2.117 20131225 2013-12-25 -
0.787 F-Secure 7.02.73807 2013.12.26.03  2013-12-26 -
0.344 Fortinet 4.3.392 16.549 2013-12-16 -
11.295 GData 22.14422 20131216 2013-12-16 -
0.000 Ikarus T3.1.32.10.0 ..1.32.10.0. --1.32.10.0 -
4.286 JiangMin 16.0.100 2013.08.13 2013-08-13 -
0.000 Kaspersky 5.5.10 2013.07.09 2013-07-09 -
0.000 KingSoft 2009.2.5.15 2013.12.24.9 2013-12-24 -
0.000 McAfee 5400.1158 5805 2009-11-17 -
5.075 Microsoft 1.10100 2013.12.15 2013-12-15 -
0.000 NOD32 3.0.21 9216 2013-12-26 -
0.535 Norman 6.8.3 201305031020 2013-05-03 -
0.381 nProtect 20131224.01 16169433 2013-12-24 -
0.000 Panda 9.05.01 2013.01.22 2013-01-22 -
31.366 Quick Heal 11.00 2013.12.24 2013-12-24 -
0.000 Rising 20.0 24.78.00.04 2013-09-02 -
0.000 Sophos 3.16.1 4.62 2013-12-27 -
3.285 Sunbelt 3.9.2574.2 24328 2013-12-13 -
0.000 Symantec 1.3.0.24 20130909.001 2013-09-09 -
25.430 The Hacker 6.8.0.5 v00379 2013-12-15 -
0.000 Trend Micro 9.500-1005 10.498.04 2013-12-26 -
0.453 VBA32 3.12.24.3 20131226.0812 2013-12-26 -
2.540 ViRobot 20131213 2013.12.13 2013-12-13 -
10.111 VirusBuster 5.5.2.13 15.0.658.0/14882860 2013-12-25 -
10.122 ■Heuristic/Suspicious ■Exact
Note: This file has been scanned before. Therefore, this file's scan result will not be stored in the database. 
Copy to clipboard​
​


----------



## goingcrazy123 (Dec 14, 2013)

Heres the second scan, this time of file *C:\WINDOWS\System32\drivers\slnthal.sys.bak
*
Again, when I click on "copy to clipboard," nothing happens. Says I'm missing Adobe flash plugin, but when I go to install it, I get the message that it must be "manually installed."

Scanner results Scanner results : Scanners did not find malware! Time : 2009/08/03 09:02:51 (EEST) Scanner  Engine Ver Sig Ver Sig Date Scan result Time a-squared 4.5.0.3 20090803030114 2009-08-03 -
0.358 AhnLab V3 2009.08.01.00 2009.08.01 2009-08-01 -
0.765 AntiVir 8.2.0.238 7.1.5.58 2009-08-02 -
0.371 Antiy 2.0.18 20090802.2666756 2009-08-02 -
0.162 Arcavir 2009 200908021754 2009-08-02 -
0.148 Authentium 5.1.1 200908021115 2009-08-02 -
1.415 AVAST! 4.7.4 090802-0 2009-08-02 -
0.010 AVG 8.5.288 270.13.42/2278 2009-08-03 -
0.341 BitDefender 7.81008.3870826 7.26963 2009-08-03 -
0.661 CA (VET) 9.0.0.143 31.6.6649 2009-08-01 -
3.408 ClamAV 0.95.2 9644 2009-08-03 -
0.025 Comodo 3.10 1846 2009-08-03 -
0.707 CP Secure 1.1.0.715 2009.08.01 2009-08-01 -
11.535 Dr.Web 4.44.0.9170 2009.08.03 2009-08-03 -
5.046 F-Prot 4.4.4.56 20090802 2009-08-02 -
1.332 F-Secure 7.02.73807 2009.07.29.10 2009-07-29 -
7.850 Fortinet 2.81-3.120 10.673 2009-08-02 -
0.248 GData 19.6843/19.423 20090803 2009-08-03 -
5.924 Ikarus T3.1.01.64 2009.08.02.73143 2009-08-02 -
3.096 JiangMin 11.0.800 2009.08.02 2009-08-02 -
3.796 Kaspersky 5.5.10 2009.08.03 2009-08-03 -
0.058 KingSoft 2009.2.5.15 2009.8.3.11 2009-08-03 -
0.494 McAfee 5.3.00 5696 2009-08-02 -
3.073 Microsoft 1.4903 2009.08.02 2009-08-02 -
5.208 Norman 6.01.09 6.01.00 2009-07-31 -
4.025 nProtect 20090802.01 4993276 2009-08-02 -
6.948 Panda 9.05.01 2009.08.02 2009-08-02 -
2.179 Quick Heal 10.00 2009.08.03 2009-08-03 -
1.160 Rising 20.0 21.40.62.00 2009-08-02 -
1.029 Sophos 2.89.1 4.44 2009-08-03 -
2.834 Sunbelt 5308 5308 2009-08-02 -
1.555 Symantec 1.3.0.24 20090802.003 2009-08-02 -
0.184 The Hacker 6.3.4.3 v00375 2009-07-31 -
0.743 Trend Micro 8.700-1004 6.338.03 2009-08-02 -
0.028 VBA32 3.12.10.9 20090802.1657 2009-08-02 -
2.007 ViRobot 20090730 2009.07.30 2009-07-30 -
0.458 VirusBuster 4.5.11.10 10.110.2/1825244 2009-08-02 -
2.222 ■Heuristic/Suspicious ■Exact
Note: This file has been scanned before. Therefore, this file's scan result will not be stored in the database. 
Copy to clipboard​


----------



## goingcrazy123 (Dec 14, 2013)

Apparently *C:\WINDOWS\System32\drivers\irbus.sys.bak

*is clean, too.

Scanner results : Scanners did not find malware! Time : 2013/12/26 16:55:03 (EET) Scanner  Engine Ver Sig Ver Sig Date Scan result Time a-squared 5.1.0.4 00050000000000 0005-00-00 -
0.000 AhnLab V3 2013.04.23.00 2013.04.23 2013-04-23 -
0.000 AntiVir 8.2.10.202 7.11.50.58 2012-11-16 -
10.803 Antiy 2.0.18 2.0.18. 0002-18-00 -
0.210 Arcavir 2011 201312160034 2013-12-16 -
6.650 Authentium 5.3.14 5.3.14 0005-14-00 -
0.840 AVAST! 4.7.4 131225-1 2013-12-25 -
0.315 AVG 10.0.1405 2109/6449 2013-12-25 -
0.517 BitDefender 7.90123.10665446 7.52304 2013-12-27 -
6.512 ClamAV 0.97.8 18287 2013-12-26 -
0.331 Comodo 5.1 15023 2013-12-15 -
0.000 CP Secure 1.3.0.5 2013.10.19 2013-10-19 -
0.225 Dr.Web 5.0.2.3300 2013.12.27 2013-12-27 -
26.097 F-Prot 4.6.2.117 20131225 2013-12-25 -
0.889 F-Secure 7.02.73807 2013.12.26.03 2013-12-26 -
0.320 Fortinet 4.3.392 16.549 2013-12-16 -
24.079 GData 22.14422 20131216 2013-12-16 -
0.000 Ikarus T3.1.32.10.0 ..1.32.10.0. --1.32.10.0 -
3.471 JiangMin 16.0.100 2013.08.13 2013-08-13 -
0.000 Kaspersky 5.5.10 2013.07.09 2013-07-09 -
0.000 KingSoft 2009.2.5.15 2013.12.24.9 2013-12-24 -
0.000 McAfee 5400.1158 5805 2009-11-17 -
4.874 Microsoft 1.10100 2013.12.15 2013-12-15 -
0.000 NOD32 3.0.21 9216 2013-12-26 -
0.273 Norman 6.8.3 201305031020 2013-05-03 -
0.454 nProtect 20131224.01 16169433 2013-12-24 -
0.000 Panda 9.05.01 2013.09.03 2013-09-03 -
0.000 Quick Heal 11.00 2013.12.24 2013-12-24 -
0.000 Rising 20.0 24.78.00.04 2013-09-02 -
0.000 Sophos 3.16.1 4.62 2013-12-27 -
2.949 Sunbelt 3.9.2574.2 24328 2013-12-13 -
0.000 Symantec 1.3.0.24 20130909.001 2013-09-09 -
0.521 The Hacker 6.8.0.5 v00379 2013-12-15 -
0.000 Trend Micro 9.500-1005 10.498.04 2013-12-26 -
0.327 VBA32 3.12.24.3 20131226.0812 2013-12-26 -
2.595 ViRobot 20131213 2013.12.13 2013-12-13 -
10.507 VirusBuster 5.5.2.13 15.0.658.0/14882860 2013-12-25 -
10.185 ■Heuristic/Suspicious ■Exact
Note: This file has been scanned before. Therefore, this file's scan result will not be stored in the database. 
Copy to clipboard​


----------



## goingcrazy123 (Dec 14, 2013)

Scanner results : Scanners did not find malware! Time : 2013/12/26 17:09:14 (EET) Scanner  Engine Ver Sig Ver Sig Date Scan result Time a-squared 5.1.0.4 00050000000000 0005-00-00 -
0.000 AhnLab V3 2013.04.23.00 2013.04.23 2013-04-23 -
0.000 AntiVir 8.2.10.202 7.11.50.58 2012-11-16 -
11.280 Antiy 2.0.18 2.0.18. 0002-18-00 -
0.297 Arcavir 2011 201312160034 2013-12-16 -
8.184 Authentium 5.3.14 5.3.14 0005-14-00 -
0.945 AVAST! 4.7.4 131225-1 2013-12-25 -
0.510 AVG 10.0.1405 2109/6449 2013-12-25  -
0.787 BitDefender 7.90123.10665446 7.52304 2013-12-27 -
6.695 ClamAV 0.97.8 18287 2013-12-26 -
0.495 Comodo 5.1 15023 2013-12-15 -
0.000 CP Secure 1.3.0.5 2013.10.19 2013-10-19 -
0.306 Dr.Web 5.0.2.3300 2013.12.27 2013-12-27 -
25.511 F-Prot 4.6.2.117 20131225 2013-12-25 -
1.106 F-Secure 7.02.73807 2013.12.26.03 2013-12-26 -
3.527 Fortinet 4.3.392 16.549 2012-10-17 -
0.000 GData 22.14422 20131216 2013-12-16 -
0.000 Ikarus T3.1.32.10.0 ..1.32.10.0. --1.32.10.0 -
3.407 JiangMin 16.0.100 2013.08.13 2013-08-13 -
0.000 Kaspersky 5.5.10 2013.07.09 2013-07-09 -
0.000 KingSoft 2009.2.5.15 2013.12.24.9 2013-12-24 -
0.000 McAfee 5400.1158 5805 2009-11-17 -
5.096 Microsoft 1.10100 2013.12.15 2013-12-15 -
0.000 NOD32 3.0.21 9216 2013-12-26 -
0.283 Norman 6.8.3 201305031020 2013-05-03 -
0.216 nProtect 20131224.01 16169433 2013-12-24 -
0.000 Panda 9.05.01 2013.09.03 2013-09-03 -
0.000 Quick Heal 11.00 2013.12.24 2013-12-24 -
0.000 Rising 20.0 24.78.00.04 2013-09-02 -
0.000 Sophos 3.16.1 4.62 2013-12-27 -
3.007 Sunbelt 24328 24328 2013-12-13 -
31.781 Symantec 1.3.0.24 20130909.001 2013-09-09 -
1.359 The Hacker 6.8.0.5 v00379 2013-12-15 -
0.000 Trend Micro 9.500-1005 10.498.04 2013-12-26 -
0.448 VBA32 3.12.24.3 20131226.0812 2013-12-26 -
2.606 ViRobot 20131224 2013.12.24 2013-12-24 -
0.000 VirusBuster 5.5.2.13 15.0.658.0/14882860 2013-12-25 -
10.122 ■Heuristic/Suspicious ■Exact
Note: This file has been scanned before. Therefore, this file's scan result will not be stored in the database. 
Copy to clipboard​


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Here is the System Look scan log (attached). Please look over it to see if we got everything. Thanks.

*---1) *It looks like a big source of my malware problems was the You Tube Downloader program I used. As a musician and teacher, a few years back, I had downloaded a lot of You Tube videos. That YTD program has been on my laptop for at least a year!

I uninstalled it, of course, but could you possible recommend a safe program that downloads YouTube videos? Or are you saying that all YT videos are dangerous to download? 

*---2)* I read up about the *"PUP optional spigot"* or whatever it's called. It's a computer intruder that can cause all sorts of harm to my system!!! Question: Following your advice, I backed up my entire computer on the Cloud that was connected to this computer. Does this mean that my Cloud storage is also infected with the malware? If so, how should I go about cleaning it?

*---3)* By the way, the JustCloud icon is now missing from my Desktop. Where did it go? How do I get it back?

*---4)* Ah, and it just occurred to me. I am sharing this Cloud storage with a friend. If HIS computer has malware and he then backs up his computer on the Cloud, can my computer get infected via the Cloud??

The dangers of our hyperconnected digital universe boggle the mind!

If you would answer these 4 questions, I would greatly appreciate it. I will now do the Kaspersky scan you recommend. Thank you for your help.

Larry


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Um, I think you need to rewrite your instructions for Kaspersky. About 7 objects were found. Following your instructions, I just clicked "Continue" and that was it. Nothing happened.

Instead of clicking "Continue" should I select one of the drop down menus for each of the suspicious items?

And if yes, there are only 3 options: *1) skip, 2) copy to quarantine, and 3) delete.
*
There is no "Cure" option.

What do you want me to do? Attached is the Log without my having fixed anything. At the very bottom it shows the things it considered suspicious. One or two are related to the HideMyIP thing.

Please let me know soon, if you can. Thanks for your help.

Larry


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Sorry for all the posts today. Okay, now I get it: "suspicious" versus "malicious." There are no malicious threats, according to Kaspersky, just 7 suspicious ones.

I'm going to try the Auslogics defrag tool now. I now have only* 31% *free space on my hard drive. Could you perhaps walk me through some ways to free up space? Maybe in the Program files?

Also, how many of these programs you had me download need to be retained?

Thanks for your patient assistance!

Larry


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Still waiting to hear from you...

This isn't malware...or maybe it is....but a lot of programs and Firefox browser are still awfully slow loading. This
could NOT be normal. There's a lot of lost time waiting for things to come up. If we could speed things up, it would get 2014 off to a GREAT start!

Larry


----------



## eddie5659 (Mar 19, 2001)

Hi

Looking at this now. I see the first OTL log you uploaded was long, so starting there, and will work though the posts.

May take a while, as there are 82 pages on the first log, so bear with me


----------



## eddie5659 (Mar 19, 2001)

Okay, not sure what happened on the new log, but it seems that all of the details for processes were looked at, which means the safelist (known files we can ignore) were also checked, which is why it was lo long.

As for the registry key error's, they'll be fixed in the OTL fixes.

---

I can see what you mean about the Auslogics tools. I only have the defrag tool, but for some reason, it looks like the full tools were obtained. I'll look for an alternative in a bit.

In the meantime, uninstall these:

*Auslogics Duplicate File Finder
Auslogics BoostSpeed
SUPERAntiSpyware*

---



> P.S. The plugin that isn't working is Shockwave something. How do I update it?


Okay, go here to get the latest one:

http://get.adobe.com/shockwave/

---



> It would be very helpful if you could make an abridged list of concrete actions I need to take, and then under that give the longer elaboration. I asked you how many different OTL scans you wanted me to do, but you didn't answer. I'm confused why we did one OTL scan, but didn't run the fix, then did Combofix, then came back to OTL, and then at that point, I'm not sure if you wanted me to run the fix after the first one, or paste in the NEW set of custom codes and only fix that. So if you could be more clear about when/whether I should run the fixes or just send you the logs of what came up after the scans, that would be helpful.


The reason I didn't do a fix straight away was because of the 'chinese' entries, ComboFix sometimes finds things that are deeper, so I run a few tools, so that I can start to remove things fully. I did mention originally this part:



> After uploading the OTL scan, can you do the following. The reason we do this part second, is that the OTL log gets overwritten with the new scan, so you only have the one notepad, instead of many...


So, the fix was after the uploading of the file. It worked, so have the chinese part, but I have put a setting in the fix that should delete those entries.

I can be a bit clearer for you, I'll post after this reply what needs to be done next 

---

Good to see the OTL fix worked on second try 

---

Hardware wizard: Not sure why that would pop up. Has it appeared again?

---

Good to see that those files are clean, we can ignore them now 

---

Systemlook reply:



> ---1) It looks like a big source of my malware problems was the You Tube Downloader program I used. As a musician and teacher, a few years back, I had downloaded a lot of You Tube videos. That YTD program has been on my laptop for at least a year!
> 
> I uninstalled it, of course, but could you possible recommend a safe program that downloads YouTube videos? Or are you saying that all YT videos are dangerous to download?


Many of the reason these tools are free is because they are packed full of rubbish, like you've seen. However, I cannot recommend a youtube downloader as its against their terms and policies, and its against our rules 



> ---2) I read up about the "PUP optional spigot" or whatever it's called. It's a computer intruder that can cause all sorts of harm to my system!!! Question: Following your advice, I backed up my entire computer on the Cloud that was connected to this computer. Does this mean that my Cloud storage is also infected with the malware? If so, how should I go about cleaning it?


You did have spigot, I haven't added it to my search, but I will do on the next looking I do. I've no idea how to check the Cloud storage, you may have to contact them, or I'll ask around, and see what others know, as I never use cloud things myself.



> ---3) By the way, the JustCloud icon is now missing from my Desktop. Where did it go? How do I get it back?


If the program is still there, as in Start | Programs, right-click on it and select 'Shortcut to desktop' and it should put the icon there. Or is the picture gone, but the shortcut still there?



> ---4) Ah, and it just occurred to me. I am sharing this Cloud storage with a friend. If HIS computer has malware and he then backs up his computer on the Cloud, can my computer get infected via the Cloud??


Again, not sure. I'll check on this.

---------

Got to go, but back in an hour or two, no longer. Posting this now, so its there, but will be carrying on when back, so any extra details I speak of in this reply I'll get to on the second.

back in a bit


----------



## eddie5659 (Mar 19, 2001)

> Um, I think you need to rewrite your instructions for Kaspersky. About 7 objects were found. Following your instructions, I just clicked "Continue" and that was it. Nothing happened.
> 
> Instead of clicking "Continue" should I select one of the drop down menus for each of the suspicious items?
> 
> ...


The entries found are okay to have, not all files are signed, which is what its mainly looking for.

I will have a look at all my speeches, not just the ones here, but all my saved ones over the next week, to make sure they're updated. Will take a while, but any new ones I post should be okay.



> I'm going to try the Auslogics defrag tool now. I now have only 31% free space on my hard drive. Could you perhaps walk me through some ways to free up space? Maybe in the Program files?
> 
> Also, how many of these programs you had me download need to be retained?


Posted just above to remove three so far, I just want to make sure you're clean before we remove other stuff.



> This isn't malware...or maybe it is....but a lot of programs and Firefox browser are still awfully slow loading. This
> could NOT be normal. There's a lot of lost time waiting for things to come up. If we could speed things up, it would get 2014 off to a GREAT start!


Not a problem, do the following to see if it helps:

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.


Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

---

Now, looking through the extra parts after I posted the bit above, I may see why Cloud storage may be having issues. Earlier, the automated tools remove the following. I'll report these to the developer to say they're legit, so we'll get them back:

JRT:

Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack

Adwcleaner:

File Found : C:\Documents and Settings\Larry\Desktop\JustCloud.lnk

The reason I've just noticed this is I asked you to search in SystemLook, and it found this:

C:\Program Files\JustCloud\BackupStack.exe

I will be back with a fix for these in a bit.

Will post this now, then sort the other bits above in a min. Then, after that, post in segments what to do next. Off I go a hunting those pesky developers 

eddie


----------



## eddie5659 (Mar 19, 2001)

Okay, lets start with AdwCleaner.

Open it up again, and click on the Tools menu, then select *Quarantine Manager* and click on the following and click on *Restore*

*C:\Documents and Settings\Larry\Desktop\JustCloud.lnk*

Let me know if it works.


----------



## eddie5659 (Mar 19, 2001)

Looks like the Registry part of SystemLook wasn't run, so lets do that next. Just so you know, all the entries found in the SystemLook log were okay, nothing harmful, which means most of the malware we've seen so far is being removed 

And, we have a database of files etc, so any info on certain files is very useful, as this can help many malware experts in the future. These entries are legit, but we try and compile a list of good/bad, to help everyone 

So, here is the next SystemLook bit 


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:regfind
Blekko
IObit
conduit
babylon
ilivid
asktoolbar
spam free
spamfree
delta-search
driverscanner
Vendio
YouTube
hbcennhacfaagdopikcegfcobcadeocj
icdlfehblmklkikfigmjhbmmpmkmpooj
mhkaekfpcppmmioggniknbnbdbcigpkk
pfndaklgolladniicklehhancnlgocpp
582d9dfb63be542
3C471948-F874-49F5-B338-4F214A2EE0B1
F3FEE66E-E034-436A-86E4-9690573BEE8A
03EB0E9C-7A91-4381-A220-9B52B641CDB1
BAE35237-8D73-44D0-905C-8A95EA1E7E69
EECF410C-006C-4A05-AD13-6741A0814DBF
F3FEE66E-E034-436A-86E4-9690573BEE8A
spigot
:folderfind
*spigot*
:filefind
*spigot*.*
:file
C:\Program Files\Wetelecom\LoadMdm.exe
C:\WINDOWS\system32\drivers\wmdusbser.sys
C:\WINDOWS\System32\drivers\AFPUni.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

-----------------

Also, do you use anything by Yandex?


----------



## goingcrazy123 (Dec 14, 2013)

Thanks, Eddie. Running TFC now. Any news on the Cloud issue? Can I infect it? Can it infect me?

Will post the TFC log shortly.

Larry


----------



## eddie5659 (Mar 19, 2001)

There shoudn't be a log for the TFC, just the SystemLook one 

I'm still waiting for a reply on the cloud, I'll ask a few more this time


----------



## goingcrazy123 (Dec 14, 2013)

*Hey Eddie,

My apologies for the delay. Had two articles accepted for publication and I had to do some revisions. I hope you still recall my case  I'll separate my posts (system look log in next post).

**1) About Just.Cloud:*
*I originally wrote: "By the way, the JustCloud icon is now missing from my Desktop. Where did it go? How do I get it back?" *
*You wrote: "If the program is still there, as in Start | Programs, right-click on it and select 'Shortcut to desktop' and it should put the icon there. Or is the picture gone, but the shortcut still there?"*

*Me:
*
*Okay, I restored JustCloud.Ink from the Quarantine in AdwCleaner, and now the desktop *
*icon is back. However, I am now getting a sign that I need to "reactivate" it (i.e. pay more money) and that my "license has expired." However, the account is in my friend's name and he says that he has not received such a message, and that the account is all paid up. What could explain this? What can I do to fix this? Are there any other files related to JustCloud that can be restored so that I can use this service that has already been paid for?*

*2) Auslogics BoostSpeed
I bought this damned thing for a one-month trial. Expires Jan 23. Okay if I keep it installed until then?*

*3) Just curious: why don't you use "cloud things"? Too dangerous? Makes one vulnerable to hackers? American NSA spying?*
* 
Thanks for your help.

Back in a bit...

Larry
*


----------



## goingcrazy123 (Dec 14, 2013)

*About that long OTC log....
*
*
*
*
*
*You wrote: "Okay, not sure what happened on the new log, but it seems that all of the details for processes were looked at, which means the safelist (known files we can ignore) were also checked, which is why it was so long."*
*
*
*Me: In one of your speeches - I think regarding the OTC scan - you said to "select all users". Well, conscientious as I am, I saw lots of little boxes labeled "All" so I checked them all. I guess you meant just the question at the very top about all users  
*
*
*
*Sorry 'bout that. You might want to edit that speech to specify that one should only check*
the box next to the question on top about all users.

Larry


----------



## goingcrazy123 (Dec 14, 2013)

Hi again Eddie.

About Yandex:

I am not sure. I think I vaguely remember downloading some program and being asked if I
wanted Yandex with it, but I thought I said no. Why do you see it installed?

I ran the TFC Old Timer. It looks like it just clears temp files. Correct?

I have CC Cleaner. Which would you say is best: TFC or CCCleaner for cleaning off unnecessary files?

Actually, I regularly run Disk Cleanup (every day) and CC Cleaner. I think my computer would work faster 
if I could just free up some space (i.e. unused programs like "Games"). Is it dangerous to uninstall Games?

Finally, I have this notice at the bottom of my screen: "Mozilla Firefox seems slow...to start" and there's a 
picture of turtle. Should I do a reset, or is that risky?

Will post the new SystemLook soon. Sorry for the delay.

Larry

Larry


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

At long last, here is the new SystemLook log. Looks like we found a bunch of crap 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:51 on 09/01/2014 by Larry
Administrator - Elevation successful

========== regfind ==========

Searching for "Blekko"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF]
"URL"="http://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=34762793000000000000000e35ae6694$amp;q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF]
"DisplayName"="Blekko Search Bar"
[HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF]
"URL"="http://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=34762793000000000000000e35ae6694$amp;q={searchTerms}"
[HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF]
"DisplayName"="Blekko Search Bar"

Searching for "IObit"
[HKEY_LOCAL_MACHINE\SOFTWARE\IObit]

Searching for "conduit"
No data found.

Searching for "babylon"
No data found.

Searching for "ilivid"
No data found.

Searching for "asktoolbar"
No data found.

Searching for "spam free"
No data found.

Searching for "spamfree"
No data found.

Searching for "delta-search"
No data found.

Searching for "driverscanner"
No data found.

Searching for "Vendio"
No data found.

Searching for "YouTube"
[HKEY_CURRENT_USER\Software\HOW Inc.\Free YouTube Downloader]
[HKEY_CURRENT_USER\Software\HOW Inc.\Free YouTube Downloader\3.5.128.0]
"DefaultDownloadFolder"="C:\Documents and Settings\Larry\My Documents\Downloads\Free YouTube Downloader"
[HKEY_CURRENT_USER\Software\LogiShrd\LWS\Preferences\Apps]
"YouTube"="false"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\PowerPoint\RecentFolderList]
"MultimediaDir"="C:\Documents and Settings\Larry\My Documents\Downloads\Free YouTube Downloader\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Free YouTube Downloader]
[HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\HOW Inc.\Free YouTube Downloader]
[HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\HOW Inc.\Free YouTube Downloader\3.5.128.0]
"DefaultDownloadFolder"="C:\Documents and Settings\Larry\My Documents\Downloads\Free YouTube Downloader"
[HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\LogiShrd\LWS\Preferences\Apps]
"YouTube"="false"
[HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\Microsoft\Office\12.0\PowerPoint\RecentFolderList]
"MultimediaDir"="C:\Documents and Settings\Larry\My Documents\Downloads\Free YouTube Downloader\"

Searching for "hbcennhacfaagdopikcegfcobcadeocj"
No data found.

Searching for "icdlfehblmklkikfigmjhbmmpmkmpooj"
No data found.

Searching for "mhkaekfpcppmmioggniknbnbdbcigpkk"
No data found.

Searching for "pfndaklgolladniicklehhancnlgocpp"
No data found.

Searching for "582d9dfb63be542"
No data found.

Searching for "3C471948-F874-49F5-B338-4F214A2EE0B1"
No data found.

Searching for "F3FEE66E-E034-436A-86E4-9690573BEE8A"
No data found.

Searching for "03EB0E9C-7A91-4381-A220-9B52B641CDB1"
No data found.

Searching for "BAE35237-8D73-44D0-905C-8A95EA1E7E69"
No data found.

Searching for "EECF410C-006C-4A05-AD13-6741A0814DBF"
No data found.

Searching for "F3FEE66E-E034-436A-86E4-9690573BEE8A"
No data found.

Searching for "spigot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Conferencing\CaptureDevices\spigot.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34B66CF356D744245B0C8EDE24AC03DC]
"00000000000000000000000000000000"="C:\Program Files\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62F013B2CCF0DEE4EB7CB83D7A21280C]
"00000000000000000000000000000000"="C:\Program Files\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8740C21CF79D2514E94A247F4DEFE091]
"00000000000000000000000000000000"="C:\Program Files\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E83F13912F1FBF64390A163E8464B6C7]
"00000000000000000000000000000000"="C:\Program Files\Common Files\Spigot\GC\"

========== folderfind ==========

Searching for "*spigot*"
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot d------ [14:37 18/12/2013]

========== filefind ==========

Searching for "*spigot*.*"
No files found.

========== file ==========

C:\Program Files\Wetelecom\LoadMdm.exe - File found and opened.
MD5: 19A8F2AA9E5473D07F3E1FA8E32FEDB3
Created at 06:00 on 13/07/2010
Modified at 06:00 on 13/07/2010
Size: 397312 bytes
Attributes: --a----
FileDescription: TODO: <File description>
FileVersion: 1.0.0.1
ProductVersion: 1.0.0.1
OriginalFilename: LoadMdm.exe
InternalName: LoadMdm.exe
ProductName: TODO: <Product name>
CompanyName: TODO: <Company name>
LegalCopyright: TODO: (c) <Company name>. All rights reserved.

C:\WINDOWS\system32\drivers\wmdusbser.sys - File found and opened.
MD5: 4A7CBA39C73675CAD73EDB6D2F770105
Created at 02:46 on 11/06/2010
Modified at 02:46 on 11/06/2010
Size: 107136 bytes
Attributes: --a----
FileDescription: USB Modem/Serial Device Driver
FileVersion: 2. 0. 6. 8
ProductVersion: 2. 0. 6. 8
OriginalFilename: wmdusbser.sys
InternalName: wmdusbser
ProductName: WeTelecom Incorporated USB Modem/Serial Device Driver
CompanyName: WeTelecom Incorporated
LegalCopyright: Copyright ?2001-2009

C:\WINDOWS\System32\drivers\AFPUni.sys - File found and opened.
MD5: B4CF663EBFAB0C75444FD25437E420F1
Created at 14:34 on 16/12/2013
Modified at 19:39 on 11/03/2007
Size: 44000 bytes
Attributes: --a----
FileDescription: Windows NT File System Protector Network Edition Unicode Build
FileVersion: 2003
ProductVersion: 2003
OriginalFilename: AFPUni.sys
InternalName: Alfa File Protector (TM) 2003 Unicode Build
ProductName: AlfaFP (TM) 2003 Unicode Build for Windows NT/2K
CompanyName: Alfa Corporation
LegalCopyright: Copyright (C) Alfa Corporation 1999-2002
Comments: Includes network file system and removeable media protection.

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

> My apologies for the delay. Had two articles accepted for publication and I had to do some revisions.


Excellent news :up:



> Okay, I restored JustCloud.Ink from the Quarantine in AdwCleaner, and now the desktop
> icon is back. However, I am now getting a sign that I need to "reactivate" it (i.e. pay more money) and that my "license has expired." However, the account is in my friend's name and he says that he has not received such a message, and that the account is all paid up. What could explain this? What can I do to fix this? Are there any other files related to JustCloud that can be restored so that I can use this service that has already been paid for?


Looking at their site, I found this:



> My application says my license has expired, why?
> 
> This is a small bug we are aware of, basically if a Windows computer is added to an account but has no backup license it displays this message. In a future update it will display 'Additional license required' instead.
> 
> If you have a license, or wish to re-assign a license you can do so by logging into the control panel, clicking 'Account' then 'Health Check'.


http://support.justcloud.com/faq?q=license+has+expired

--

With regards to Auslogics BoostSpeed, yes its fine to keep on. Its not malware, optimizers, boosters, cleaners, etc. are basically useless and a waste of money and can do more harm than good

Reading these links might also put you off such progs:

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

http://www.edbott.com/weblog/?p=643



> 3) Just curious: why don't you use "cloud things"? Too dangerous? Makes one vulnerable to hackers? American NSA spying?


None of those reasons, I just don't really need to. My computer is mainly for tech stuff or gaming. For gaming, we use a program called Origin (like Steam) so they're easy to get anytime. I back up this pc for my techy stuff when I can, onto a flash drive 

I have asked someone about cloud storage, as you were concerned about infected files etc. The only way you can be infected from the cloud is if you restore an infected file from there or if your friend uploads an infected file/program, and you download the file/program and install it on your computer. The cloud is like a big seperate hard disk you can store files on. All the cloud does is take away the hard work of manually backing up, as it does this automatically depending on what you tell it to do.



> Me: In one of your speeches - I think regarding the OTC scan - you said to "select all users". Well, conscientious as I am, I saw lots of little boxes labeled "All" so I checked them all. I guess you meant just the question at the very top about all users


In my speech I do put this after the custom scan part: Do not change any settings unless otherwise told to do so.

Still, I suppose puting it at the top is a bit easier for people to see, so doing that now 

--

The PUP optional spigot is only a toolbar, so if you didn't install that, then you're okay 



> I am not sure. I think I vaguely remember downloading some program and being asked if I wanted Yandex with it, but I thought I said no. Why do you see it installed?


In your Combofix log you have these:

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 91.224.178.5 77.88.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E534C27-275F-40F6-A235-5644656D47A8}: DhcpNameServer = 91.224.178.5 77.88.8.8

91.224.178.5 is a Ukraine address, and its the IP you're on, so that is okay. 
77.88.8.8 is a Russian address, dns.yandex.ru

So, it looks like whatever that program is, connects to Yandex.



> I ran the TFC Old Timer. It looks like it just clears temp files. Correct?


Yep, correct. I tend to use this, as it looks at only Temp folders, as opposed to CCleaner that does all sorts. Its up to you which to use, I know many use CCleaner 

---

For your installed stuff, after I post this and gone through the SystemLook log, I'm going to see what you have installed. Also, we can look at the processes, as sometimes you don't need them all running on startup.



> Finally, I have this notice at the bottom of my screen: "Mozilla Firefox seems slow...to start" and there's a picture of turtle. Should I do a reset, or is that risky?


See if this helps:

https://support.mozilla.org/en-US/questions/974113

--------------------

Posting fix for SystemLook in a min


----------



## eddie5659 (Mar 19, 2001)

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Commands
[CREATERESTOREPOINT] 
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF]
[-HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF]
[-HKEY_CURRENT_USER\Software\HOW Inc.\Free YouTube Downloader]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Free YouTube Downloader]
[-HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\HOW Inc.\Free YouTube Downloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\34B66CF356D744245B0C8EDE24AC03DC]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\62F013B2CCF0DEE4EB7CB83D7A21280C]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\8740C21CF79D2514E94A247F4DEFE091]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\E83F13912F1FBF64390A163E8464B6C7]
"00000000000000000000000000000000"=-
```

Then click the *Run Fix* button at the top 
Click OK.
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.


----------



## eddie5659 (Mar 19, 2001)

Okay, I've been through the Installed programs you have, though some may have already gone 

These ones you need to keep:

Microsoft .NET Framework 4 Extended
Platform
WebFldrs XP
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Intel(R) Extreme Graphics 2 Driver
Microsoft Software Update for Web Folders (English) 12
Microsoft Office Access MUI (English) 2007
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft .NET Framework 3.0 Service Pack 2
Adobe Reader X (10.1.8)
REALTEK GbE & FE Ethernet PCI NIC Driver
Microsoft .NET Framework 2.0 Service Pack 2
System Requirements Lab for Intel
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Skype 5.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
avast! Free Antivirus
CCleaner
Microsoft Office Enterprise 2007
Hide My IP 5.4
VIA Platform Device Manager
JustCloud
Linguata Hungarian 2.4
Linguata Ukrainian 2.3
Malwarebytes Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Intel(R) PROSet/Wireless Software
VLC media player 2.1.2
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)

These are all used by Intel, which may be your motherboard etc, so leave installed. They just look strange, as in the name, so grouped them all here 

mDrWiFi
mPfWiz
mPfMgr
mHelp
mIWA
mProSafe
mLogView
mZConfig
mXML
mCore
mMHouse
mWlsSafe

---

Remove:

Auslogics Duplicate File Finder
Google Update Helper
SUPERAntiSpyware

----

Also, these ones are up to you:

PDF24 Creator 5.4.0 - To create PDF's http://en.pdf24.org/
BCL easyConverter Desktop - Another pdf converter http://www.pdfonline.com/easyconverter/
Adolix Split and Merge PDF v1.7 - split/merge pdf http://www.adolix.com/split-merge-pdf/
A-PDF Split 2.4 - pdf split - http://www.winnovative-software.com/PDF-Split.aspx

Ken Ward's Makeup 0.901 - reduce jpg's, only site I can find http://ken-ward-s-makeup.sharewarejunction.com/

----

Not Sure, need to check deeper, leave for now:

MindMaster
XP Tools Pro 9.98.18


----------



## goingcrazy123 (Dec 14, 2013)

Eddie:

Here's the new OTL scan log (attached). It's another long one. What do you see?

Larry


----------



## eddie5659 (Mar 19, 2001)

Hi

I can see what you've done by mistake on the below fix:

http://forums.techguy.org/8839436-post65.html

You need to press *Run Fix* otherwise it won't work. Pressing Run Scan just scans, so nothing is being removed.

Also, I see a few things that seem to be still there from the original fixes I posted, so will remove them in a fix here.

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following


```
:Commands
[CREATERESTOREPOINT] 
:OTL
IE - HKU\S-1-5-21-1214440339-1592454029-839522115-1003\..\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF: "URL" = http://blekko.com/ws/?source=5f97ddbe&amp;tbp=rbox&amp;u=34762793000000000000000e35ae6694$amp;q={searchTerms}
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-1592454029-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
[2013/05/20 10:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\IObit
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF]
[-HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF]
[-HKEY_CURRENT_USER\Software\HOW Inc.\Free YouTube Downloader]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Free YouTube Downloader]
[-HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\HOW Inc.\Free YouTube Downloader]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\34B66CF356D744245B0C8EDE24AC03DC]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\62F013B2CCF0DEE4EB7CB83D7A21280C]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\8740C21CF79D2514E94A247F4DEFE091]
"00000000000000000000000000000000"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\E83F13912F1FBF64390A163E8464B6C7]
"00000000000000000000000000000000"=-
:Commands
[emptytemp]
[emptyjava]
[EMPTYFLASH]
[purity]
```

Then click the *Run Fix* button at the top 
Click OK.
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.

It will be a very short log, compared to the previous one


----------



## goingcrazy123 (Dec 14, 2013)

Thanks, Eddie.

Oops. Okay, so in doing the first scan I didn't fix anything. Shouldn't I redo the first scan? 

Or, do one scan, combining all the things you want me to paste in the Custom box?

Or do two separate scans. Wha...? Sorry if this seems a stupid question! 

Larry

So, should I do TWO OTL scan


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie,

Both the Just.Cloud and Hide My IP were PAID services, and both are busted now, won't work. Not complaining; just can't afford to lose these programs.

Could you try to find out what we must have deleted/quarantined that can explain my program Hide My IP won't work now??

I think we're almost done now, if you can just help me get back the things I've paid for. I'm still working on JustCloud. I haven't checked the website, but I did try to restoring it from AdwCleaner, but it still doesn't work.

Will post the one -- two? -- OTL scans shortly.

Thanks.

Larry


----------



## goingcrazy123 (Dec 14, 2013)

Okay, now Hide My IP is working. Never mind that. Sorry. It's Just Cloud I still have to resuscitate.


----------



## goingcrazy123 (Dec 14, 2013)

Hi Eddie.

Wrong again. I cannot get my Hide My IP program to work. Could you please help me restore it? I only just paid
for it a couple of months ago, and I really need it. They won't believe me if I ask for a refund.

I checked the quarantine in AdwCleaner, but apparently that version has expired, so I cannot access the quarantine anymore. This really sucks. I hope you can help. Thanks a lot.

Larry


----------



## eddie5659 (Mar 19, 2001)

With regards to OTL, I think that you may have pressed Run Scan, not Run Fix, as the logs you posted are complete. The fix is normally only a few lines long.

But, lets get these others back first.

Can you see if this file is there for the cloud:

C:\Program Files\JustCloud\BackupStack.exe


----------



## goingcrazy123 (Dec 14, 2013)

Yes, I see that file there, but I am still unable to back up my computer on the Cloud. I keep getting this sign that
my license has expired and that I have to buy a new subscription. How can we fix this?

In the meantime, can I go ahead and run the OTL fixes as separate jobs, or combine them as one job/fix?

But we have to be careful about disabling things. The Hide My IP is also disabled. How do we get it back? Thanks for
your help. I'm awaiting your instructions.


----------



## goingcrazy123 (Dec 14, 2013)

Awaiting your instructions......


----------



## goingcrazy123 (Dec 14, 2013)

Hello? Are you there?


----------



## eddie5659 (Mar 19, 2001)

Sorry, had connections issues last night. Let me re-read and see where we are


----------



## eddie5659 (Mar 19, 2001)

Okay, had a look through and I can't see why the HideMyIp isn't working, as we didn't remove or disable anything related to it 

As for the cloud, one of the tools removed the service, but as you have told me, the file is still there.

So, lets see if the service is still there, as it may not be running.

Go to Control Panel and then click on Administrative Tools. In there, open up the Services program.

Now, scroll through it and see if you can *BackupStack*

If its there, what is the Status and Startup Type?

Also, did you try this:

http://support.justcloud.com/faq?q=license+has+expired

-----------

As for the OTL part, lets do the latest one:

http://forums.techguy.org/8840740-post68.html

-----------

Is it HideMyIp or MaskMyIP? Its just I see the latter in your OTL logs.

When you try and start it, what error (if any) does it say?

Can you run this in SystemLook, so we can see what there is:


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
*HideMyIp*.*
*HMIP*.*
*MaskMyIP*.*
*MMIP*.*
:folderfind
*HideMyIp*
*MaskMyIP*
:regfind
HideMyIp
MaskMyIP
BackupStack
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## goingcrazy123 (Dec 14, 2013)

You wrote: "Go to Control Panel and then click on Administrative Tools. In there, open up the Services program. Now, scroll through it and see if you can *BackupStack* If its there, what is the Status and Startup Type?"

No, it's not there. I'll try contacting the Cloud.

Solved the Hide my IP thing  Not sure how, but that's not an issue now. Just need to get Cloud back and do a last check to clean the computer. Thanks. I'll do the OTL scan and System Look.


----------



## goingcrazy123 (Dec 14, 2013)

Eddie:

It just occurred to me why I hit "run scan" on the OTL instead of "run fix":

It is perhaps because you always to refer to it as the "OTL scan" as in "run the OTL scan", etc. So I keep hearing
that word "scan" and then hit "run scan."

Just thought I would share that insight. You might want to say "run the OTL FIX" 

Also, for the OTL initial "speech" instead of this:

*Download **OTL** to your Desktop

*
*Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.*
*When the window appears, underneath Output at the top change it to Standard Output.*
*Select 
All Users
LOP Check
Purity Check*
*Under the Standard Registry box change it to All*
*Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:*

To make it super-clear, you might want to edit it like so:

*Download **OTL** to your Desktop

*
*Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.*
*When the window appears, underneath Output at the top change it to Standard Output.*

*At the top, check the box entitled "Scan All Users"*

*Toward the bottom, check
*
*LOP Check
Purity Check*
*Under the Standard Registry box change it to All*
*Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL*

Oops! I forgot to check "all" under standard registry. Here is the log after I did the OTL fix (with "use safelist" checked under standard registry). Looks like we got rid of some more bad stuff. Should I do another OTL fix with "all" checked under standard registry??

Thanks for your help.

Larry

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Folder C:\Documents and Settings\Larry\Application Data\IObit\ not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\12C2CFC3-ACF8-42E1-9772-78F9929F2DCF\ not found.
Registry key HKEY_CURRENT_USER\Software\HOW Inc.\Free YouTube Downloader\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Free YouTube Downloader\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\HOW Inc.\Free YouTube Downloader\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\34B66CF356D744245B0C8EDE24AC03DC not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\62F013B2CCF0DEE4EB7CB83D7A21280C not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\8740C21CF79D2514E94A247F4DEFE091 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\E83F13912F1FBF64390A163E8464B6C7 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Larry
->Temp folder emptied: 124122027 bytes
->Temporary Internet Files folder emptied: 1172776 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39912304 bytes
->Flash cache emptied: 836 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 354952 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 20782430 bytes

Total Files Cleaned = 178.00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: Larry
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Larry
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01182014_135048

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## goingcrazy123 (Dec 14, 2013)

*
Eddie:

Here's the new System Look log. See below.

Question:

Looking through the "Add or Remove Programs" list in the Control Panel, I notice that I have multiple versions
of Microsoft NET frameworks, with a slew of "security updates" for each version installed. Every one of them is several megabytes. Do I REALLY need all these? Or can I safely uninstall the older versions?

---Microsoft .NET framework 2, service pack 2 + several security updates
---**Microsoft .NET framework 3, service pack 2 + several security updates
---**Microsoft .NET framework 3.5, service pack 1 + several security updates
*---M*icrosoft .NET framework 4, client profile + several security updates
**---Microsoft .NET framework 4, extended

*
SystemLook 30.07.11 by jpshortstuff
Log created at 14:32 on 18/01/2014 by Larry
Administrator - Elevation successful

========== filefind ==========

Searching for "*HideMyIp*.*"
C:\Documents and Settings\Larry\My Documents\Downloads\hidemyip.exe--a---- 2808288 bytes [23:21 13/01/2014] [23:22 13/01/2014] BFDD6C26DD83230B064B481AB1F835D9
C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\hidemyip.exe--a---- 2552104 bytes [15:27 24/08/2011] [15:27 24/08/2011] CEADD02F290C4A1693ABA6C200F4AD8B
C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIP.exe --a---- 950896 bytes [15:13 13/10/2013] [14:16 19/06/2013] 2EF50A0DF3E020D34AFD958A6E127776
C:\Documents and Settings\Larry\My Documents\My Data Sources\Hide My IP\Hide My IP\HideMyIpSrv.exe --a---- 3616880 bytes [10:54 14/10/2013] [14:16 19/06/2013] 1C3412DFE79DA04CACCFDC481AC2A0D1
C:\Program Files\Hide My IP\HideMyIP.exe --a---- 950896 bytes [23:35 13/01/2014] [15:16 19/06/2013] 2EF50A0DF3E020D34AFD958A6E127776
C:\Program Files\Hide My IP\HideMyIpSrv.exe --a---- 3616880 bytes [23:35 13/01/2014] [15:16 19/06/2013] 1C3412DFE79DA04CACCFDC481AC2A0D1
C:\WINDOWS\Prefetch\HIDEMYIP.EXE-1D58CFD5.pf --a---- 62176 bytes [16:27 16/01/2014] [16:27 16/01/2014] 979D7D29F384772751BE2280A35A298C
C:\WINDOWS\Prefetch\HIDEMYIPSRV.EXE-18AD5A98.pf --a---- 25242 bytes [16:27 16/01/2014] [12:10 18/01/2014] BB68BE441184A2663989E426FB44D07F
C:\WINDOWS\system32\HideMyIpSRV.ini --a---- 4112 bytes [15:22 13/10/2013] [17:01 16/01/2014] A3BC4E8BEF8F0E58FBF90FBBBC2704DD
C:\WINDOWS\system32\HideMyIpSRVOff.ini --a---- 2240 bytes [15:22 13/10/2013] [17:01 16/01/2014] 86E5024C1A986BE6837FAB7A89FF5280
C:\WINDOWS\temp\HideMyIpSRV.log --a---- 758 bytes [12:09 18/01/2014] [12:09 18/01/2014] B6865E1788348C9B8024398DEB10D6B5
C:\WINDOWS\temp\HideMyIpSRVr.log --a---- 480 bytes [12:09 18/01/2014] [12:09 18/01/2014] 9BC0AA0E0BD0E386E8E5F324AE1A69A5

Searching for "*HMIP*.*"
C:\Program Files\Hide My IP\hmip.sys --a---- 25448 bytes [23:35 13/01/2014] [15:26 19/06/2013] EA8FD4A29C542C0214682967021E703D
C:\Program Files\Hide My IP\hmip64.sys --a---- 30056 bytes [23:35 13/01/2014] [15:26 19/06/2013] D32A664F2F0F396511D0403142C4C80B
C:\Program Files\Hide My IP\HMIPCore.dll --a---- 342640 bytes [23:35 13/01/2014] [15:16 19/06/2013] 763659D56905EA35A771E50E1B2206CE
C:\Program Files\Hide My IP\HMIPCore64.dll --a---- 442480 bytes [23:35 13/01/2014] [15:16 19/06/2013] 2CC59CD7508B12D3DCD8E9B0918DA23D
C:\Program Files\Hide My IP\hmip_installer.exe --a---- 135280 bytes [23:35 13/01/2014] [15:16 19/06/2013] 3C004F04214B6124595E8F6BB7495813
C:\WINDOWS\Prefetch\HMIP_INSTALLER.EXE-1C21A5E6.pf --a---- 6048 bytes [16:28 16/01/2014] [16:28 16/01/2014] F2E5571B7666E56377128F895EDC6750
C:\WINDOWS\system32\HMIPCore.dll --a---- 342640 bytes [20:01 18/12/2012] [15:16 19/06/2013] 763659D56905EA35A771E50E1B2206CE

Searching for "*MaskMyIP*.*"
No files found.

Searching for "*MMIP*.*"
No files found.

========== folderfind ==========

Searching for "*HideMyIp*"
No folders found.

Searching for "*MaskMyIP*"
C:\Documents and Settings\All Users\Application Data\MaskMyIP d------ [10:34 07/10/2013]
C:\Documents and Settings\Larry\Application Data\MaskMyIP d------ [10:34 07/10/2013]

========== regfind ==========

Searching for "HideMyIp"
[HKEY_CURRENT_USER\Software\HideMyIP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\HIDEMYIPSRV.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4f77-802C-5B295919C205}]
"LocalService"="HideMyIpSRV"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32]
@="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32]
@="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32]
@="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32]
@="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32]
@="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32]
@="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}\LocalServer32]
@="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32]
@="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32]
@="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32]
@="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]
@="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HMIP50_is1]
"DisplayIcon"="C:\Program Files\Hide My IP\HideMyIP.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\HideMyIpSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HIDEMYIPSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HIDEMYIPSRV\0000]
"Service"="HideMyIpSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HIDEMYIPSRV\0000]
"DeviceDesc"="HideMyIpSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HIDEMYIPSRV\0000\Control]
"ActiveService"="HideMyIpSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HideMyIpSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HideMyIpSRV]
"ImagePath"="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HideMyIpSRV]
"DisplayName"="HideMyIpSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HideMyIpSRV]
"Description"="HideMyIpSRV's Redirector service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HideMyIpSRV\Enum]
"0"="Root\LEGACY_HIDEMYIPSRV\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\HideMyIpSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HIDEMYIPSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HIDEMYIPSRV\0000]
"Service"="HideMyIpSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HIDEMYIPSRV\0000]
"DeviceDesc"="HideMyIpSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HideMyIpSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HideMyIpSRV]
"ImagePath"="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HideMyIpSRV]
"DisplayName"="HideMyIpSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HideMyIpSRV]
"Description"="HideMyIpSRV's Redirector service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HideMyIpSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HIDEMYIPSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HIDEMYIPSRV\0000]
"Service"="HideMyIpSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HIDEMYIPSRV\0000]
"DeviceDesc"="HideMyIpSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HIDEMYIPSRV\0000\Control]
"ActiveService"="HideMyIpSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HideMyIpSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HideMyIpSRV]
"ImagePath"="C:\Program Files\Hide My IP\HideMyIpSrv.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HideMyIpSRV]
"DisplayName"="HideMyIpSRV"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HideMyIpSRV]
"Description"="HideMyIpSRV's Redirector service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HideMyIpSRV\Enum]
"0"="Root\LEGACY_HIDEMYIPSRV\0000"
[HKEY_USERS\S-1-5-21-1214440339-1592454029-839522115-1003\Software\HideMyIP]

Searching for "MaskMyIP"
No data found.

Searching for "BackupStack"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\JustCloud]
@="C:\Program Files\JustCloud\BackupStack.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BACKUPSTACK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BACKUPSTACK\0000]
"Service"="BackupStack"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BACKUPSTACK\0000\Control]
"ActiveService"="BackupStack"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BackupStack]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BackupStack]
"ImagePath"="C:\Program Files\JustCloud\BackupStack.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BackupStack\Enum]
"0"="Root\LEGACY_BACKUPSTACK\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BACKUPSTACK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BACKUPSTACK\0000]
"Service"="BackupStack"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BackupStack]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BackupStack]
"ImagePath"="C:\Program Files\JustCloud\BackupStack.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BACKUPSTACK]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BACKUPSTACK\0000]
"Service"="BackupStack"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BACKUPSTACK\0000\Control]
"ActiveService"="BackupStack"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupStack]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupStack]
"ImagePath"="C:\Program Files\JustCloud\BackupStack.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupStack\Enum]
"0"="Root\LEGACY_BACKUPSTACK\0000"

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Hi



> Solved the Hide my IP thing  Not sure how, but that's not an issue now. Just need to get Cloud back and do a last check to clean the computer. Thanks. I'll do the OTL scan and System Look


I've been asking a few people about the Cloud thing, so will reply about that in a min. Just reading what you posted 

Thanks for the feedback on the OTL, I'll start to mention that now, just added it to my speech now. Sometimes having a different perspective is a good thing :up:

Good to hear that the HideMyIP is working okay, I'll come back to you about the .Net stuff, as I need to double-check some things.

For the cloud, the Services key is there in the registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupStack]

Having said that, it looks like the additional computer license key to enter to enable backups from your computer was removed, due to that tool we used. Can you re-install the App, as that should register the cloud again. You will probably have to get the additional computer license from your friend, so that you can reactivate the program. Data loss shouldn't be a problem because everything is on the cloud.


----------



## eddie5659 (Mar 19, 2001)

Okay, looking at what the .NET is, its advisable to keep all. Programs often look for a specific version of .NET so it is best if you keep them all. Removing any one could cause a program to act up.

Did you have a look at the list I made of what you have installed?


----------



## goingcrazy123 (Dec 14, 2013)

Thank you, Eddie, for your patient help. I reinstalled the Cloud app, so everything's good. No more malware. We
can mark this thread "Problem Solved" now. 

Thank you again. You're the best. Have a great year!

Larry


----------



## eddie5659 (Mar 19, 2001)

That's good to hear :up:

I always stick with a thread, amd try to solve as much as I can 

Did you remove the tools we've used? I'll post my normal close out speech for you, just in case 

Hope you get more things published, and that this year is your year 
-----

Firstly, lets uninstall the tools we've used:

*Follow these steps to uninstall Combofix and tools used in the removal of malware*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

*ComboFix /Uninstall *

This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
When it has finished you will see a dialog box stating that "ComboFix has been uninstalled".
After that, you can delete the ComboFix.exe program from your computer (Desktop).

Then, run this:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

======================
Uninstall *SUPERAntiSpyware* from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:

*
JRT
AdwCleaner
RogueKiller
SystemLook
TDSSKiller
*

==============================

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

*Create Restore Point (Win XP)*

(Windows XP) 
1. Turn off System Restore. 
On the Desktop, right-click My Computer. 
Click Properties. 
Click the System Restore tab. 
Check Turn off System Restore. 
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore. 
On the Desktop, right-click My Computer. 
Click Properties. 
Click the System Restore tab. 
UN-Check *Turn off System Restore*. 
Click Apply, and then click OK.

Set Explorer to hide Hidden Files and Folders:

Right-click your Start button and go to "Explore".
Select Tools from the menu
Select Folder Options
Select the View tab
Click on Don't Show all Files and Folders
Select *Apply to All Folders *| *Yes* | *Apply* |* OK*.

*Making Internet Explorer More Secure*

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Click once on the *Custom Level* button.
 Change the *Download signed ActiveX controls* to *Prompt*.
 Change the *Download unsigned ActiveX controls* to *Disable*.
 Change the *Initialise and script ActiveX controls not marked as safe* to *Disable.*
 Change the *Installation of desktop items* to *Prompt.*
 Change the *Launching programs and files in an IFRAME* to *Prompt.*
 When all these settings have been made, click on the *OK* button.
 If it prompts you as to whether or not you want to save the settings, press the *Yes* button. 
 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

To keep your operating system up to date:


*CryptoPrevent* install this programme to lock down and prevent crypto ransome ware (download link at bottom of page)










*All security updates released by Microsoft must be* *Automatically Installed.*

Click *Start* and in the search box type *windows update* and press *ENTER. *
Click *Change Settings* and make sure the *Install updates automatically (recommended)* option is selected, if not select it and click *O.K* to save settings.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------

