Advertisement
Advertisement
 Search | |
| |
11-Jul-2012, 09:26 AM
#31 | ||||||
| Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.11.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 user 1 :: YOUR-U10IXI0ANW [administrator] 7/11/2012 8:32:57 AM mbam-log-2012-07-11 (08-32-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 247898 Time elapsed: 43 minute(s), 23 second(s) Memory Processes Detected: 1 C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1308 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 38 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully. HKCR\CLSID\{1948934a-1c68-4b2b-9a1f-d12e2a062a1a} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{d7ce22af-ccb3-423f-84d5-4d77152181f3} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.ToolbarPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.ToolbarPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{1f0a2185-da7e-4614-91c0-dd5f4a76cb1b} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{79583de9-d0c2-44ef-ae0d-cbfa16c2a785} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{23b38049-323f-443d-9732-f454e5b15b72} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{3276e8a8-a233-449b-a7eb-fcee21246018} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{cf9d6d4e-5496-438e-ba24-5a580a59f5a3} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCU\SOFTWARE\I WANT THIS (PUP.GamesPlayLab) -> Quarantined and deleted successfully. HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&SEARCH (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclm lieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\CouponAlert_2pService (PUP.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKCU\Software\I Want This|HelperRunningVersion (PUP.GamesPlayLab) -> Data: 149 -> Quarantined and deleted successfully. HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search| (PUP.MyWebSearch) -> Data: http://tbedits.couponalert.com/one-t...F&n=2012031319 -> Quarantined and deleted successfully. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|2pffxtbr@CouponAlert_2p.com (PUP.MyWebSearch) -> Data: C:\Program Files\CouponAlert_2p\bar\1.bin -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\Documents and Settings\user 1\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully. C:\Documents and Settings\user 1\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully. Files Detected: 2 C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Delete on reboot. C:\Documents and Settings\user 1\Local Settings\Temporary Internet Files\Content.IE5\AZRH8HVT\VAX9_Free[1].exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully. |
11-Jul-2012, 09:51 AM
#32 | ||||||
| Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.04.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 user 1 :: YOUR-U10IXI0ANW [administrator] 6/30/2012 10:48:56 AM mbam-log-2012-06-30 (10-48-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 224510 Time elapsed: 41 minute(s), 7 second(s) Memory Processes Detected: 1 C:\Windows Restore\20110920\20110920.exe (Trojan.Agent.Gen) -> 2752 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 125 HKLM\SYSTEM\CurrentControlSet\Services\CouponAlert_2pService (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{1948934a-1c68-4b2b-9a1f-d12e2a062a1a} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{d7ce22af-ccb3-423f-84d5-4d77152181f3} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.ToolbarPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\CouponAlert_2p.ToolbarPlugin (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{1f0a2185-da7e-4614-91c0-dd5f4a76cb1b} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{16fe2505-f2a0-4782-b035-af0e5188c02c} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{79583de9-d0c2-44ef-ae0d-cbfa16c2a785} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{23b38049-323f-443d-9732-f454e5b15b72} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{4d8eacbc-e293-4462-b91e-42ea5b54b743} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{3276e8a8-a233-449b-a7eb-fcee21246018} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{cf9d6d4e-5496-438e-ba24-5a580a59f5a3} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&SEARCH (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{c2df3856-676c-41dc-a73b-facbdf8e81e9} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{8542e415-0e53-4261-8be4-0d1598229d90} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{411b1946-3277-4a7f-9f60-745266360613} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{ebaf2b4f-510a-47c7-86ba-e7d94d1162f6} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{84576f6e-0660-4b4f-8918-bc6c975044d4} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{60fc9013-4a5a-4306-9695-fce0a6617f22} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{86d02bcf-0e0e-444f-8a8d-2d5c4a9e6578} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{2d205adf-c992-4eda-99c3-096e13f38ab4} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{20bcce5a-c687-46ff-8dd2-ad8235f5f2b4} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{0bdf6c42-132c-45f5-92de-dc13f40c6dab} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{a4116f8c-a634-4536-b9ef-6b9ebcc5bae1} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{65D8E17B-312E-4E12-913B-A841A8631143} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{457a4cb8-0391-409d-98b4-c4ccb2849670} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{7924fd2b-877c-4395-a063-a88ab887ea6d} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{def07acd-bcea-4269-933a-4087d20842bb} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{ebbc4e43-292a-40df-88e3-3262b7521460} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{8867ac9b-4426-44a2-a693-c95850d3405c} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{53ca18e7-5223-4358-9fd9-97c62c66c5bd} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{23b0ae65-17d2-4491-98e5-b1aa6228dda2} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{eb2479f3-f362-4d42-800a-e323c8029d20} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken. HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> No action taken. HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> No action taken. HKCR\CrossriderApp0002258.BHO.1 (PUP.GamePlayLab) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken. HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully. HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully. HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CouponAlert_2p.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\Software\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\I WANT THIS (Adware.GamePlayLab) -> Quarantined and deleted successfully. Registry Values Detected: 9 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CouponAlert_2p Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\COUPON~2\bar\1.bin\2pbrmon.exe -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Data: -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Data: -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Data: -> No action taken. HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search| (PUP.MyWebSearch) -> Data: http://tbedits.couponalert.com/one-t...F&n=2012031319 -> No action taken. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|2pffxtbr@CouponAlert_2p.com (PUP.MyWebSearch) -> Data: C:\Program Files\CouponAlert_2p\bar\1.bin -> No action taken. HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 541370074171df0bd09632253e91ca53 -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 14 C:\Windows Restore (Trojan.Agent.Gen) -> Delete on reboot. C:\Windows Restore\20110920 (Trojan.Agent.Gen) -> Delete on reboot. C:\Program Files\CouponAlert_2p (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\CouponAlert_2p\bar (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\CouponAlert_2p\bar\1.bin (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\CouponAlert_2p\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\IE9Mesg (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\setups (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully. Files Detected: 81 C:\Program Files\I Want This\I Want This.dll (PUP.GamePlayLab) -> No action taken. C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrstub.dll (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe (PUP.MyWebSearch) -> Delete on reboot. C:\Program Files\CouponAlert_2p\bar\1.bin\2pbarsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\user 1\Start Menu\Programs\Startup\20110920.lnk (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Windows Restore\num.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Windows Restore\20110920\20110920.exe (Trojan.Agent.Gen) -> Delete on reboot. C:\Documents and Settings\user 1\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pmsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pdatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pdlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pdyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pfeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2phighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2phtml.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2phtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2phttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pmedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pmlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pscript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2pskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2ptpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\2puabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\NP2pStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\T8FFTBPR.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\T8PATCH.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\T8UNPAT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\000E3A36.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\00136D05.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\0017781E.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001AC843 (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001AFDE9.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B1A3B.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B465C.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B48CD.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B4BDA.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B4EB9.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B50EB.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B52EF.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B54D3.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B5689.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B58AB.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B5A80.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B5BF7 (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001B64B2.jhtml (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\001C2D51 (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Cache\files.ini (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\History\search3 (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\IE9Mesg\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Message\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Settings\prevcfg2.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Settings\setting3.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Settings\setting3.htm.bak (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Settings\s_w1.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Settings\s_w1.dat.bak (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Settings\s_w2.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\bar\Settings\s_w2.dat.bak (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache\CouponAlertBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache\CouponAlertNewDealsBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache\GrouponBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache\PopupProperties201502211.html (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache\PopupProperties201502216.html (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache\Radio.html (PUP.MyWebSearch) -> Quarantined and deleted successfully. (end) |
11-Jul-2012, 10:14 AM
#33 | |||||||
| You submitted Malwarebytes scan logs for July 11th and June 30th. All that's needed is the scan log for July 11th. I'll be waiting to see the SUPERAntiSpyware scan log for July 11th. ---------------------------------------------------------- |
11-Jul-2012, 10:59 PM
#34 | ||||||
| I got a message form superanti-spyware that they encountered an unexpected error and that an error report was being put together to be sent to microsoft. I don't know how long this is going to take. |
12-Jul-2012, 10:07 AM
#36 | |||||||
| You should've declined to send the error report, especially since you're using 56K dial-up. Where is the SUPERAntiSpyware scan log? Besides needing to add more RAM to that old computer, you need to think about doing a hard drive format and clean reinstall of Windows XP and getting a fresh start. -------------------------------------------------------- |
14-Jul-2012, 04:51 PM
#37 | ||||||
| Superantispyware won't open. I double clicked and even right clicked, but nothing happened. After the sign appeared it put a yellow bug in the taskbar. After that nothing. The sign for the spyware appears but that's all that happens. As far as I can tell, it is downloaded the right way. I had told you earlier that there was an error. What do you suggest that I do know? Should I uninstall it and try to reinstall? |
14-Jul-2012, 06:39 PM
#38 | |||||||
| SUPERAntiSpyware has been properly installed if: 1. The yellow bug icon is in the taskbar. 2. It's startup entry is listed in Start - Run - MSCONFIG - OK - "Startup" tab. 3. It's listed in Control Panel - Add Or Remove Programs. ------------------------------------------------------ Restart the computer, then try starting it again and running a quick scan. ------------------------------------------------------ |
15-Jul-2012, 11:38 PM
#39 | ||||||
| SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/15/2012 at 04:11 PM Application Version : 5.5.1012 Core Rules Database Version : 8902 Trace Rules Database Version: 6714 Scan type : Quick Scan Total Scan Time : 00:12:44 Operating System Information Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 465 Memory threats detected : 0 Registry items scanned : 17643 Registry threats detected : 1 File items scanned : 7526 File threats detected : 31 Adware.IEPlugin C:\WINDOWS\lu.dat Adware.IST/ISTBar (Slotch Bar) HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest Adware.Tracking Cookie C:\Documents and Settings\user 1\Cookies\7TW2P8RI.txt [ /kontera.com ] C:\Documents and Settings\user 1\Cookies\DSGQUNMV.txt [ /tracking.dsmmadvantage.com ] C:\Documents and Settings\user 1\Cookies\281O9MMG.txt [ /ru4.com ] C:\Documents and Settings\user 1\Cookies\EFT1J0WV.txt [ /imrworldwide.com ] C:\Documents and Settings\user 1\Cookies\WY6EIOYQ.txt [ /at.atwola.com ] C:\Documents and Settings\user 1\Cookies\OFU26ASM.txt [ /www.googleadservices.com ] C:\Documents and Settings\user 1\Cookies\75FYB3T3.txt [ /realmedia.com ] C:\Documents and Settings\user 1\Cookies\BLL0P851.txt [ /www.googleadservices.com ] C:\Documents and Settings\user 1\Cookies\3P4IQAT5.txt [ /bs.serving-sys.com ] C:\Documents and Settings\user 1\Cookies\J43OGEXE.txt [ /fastclick.net ] C:\Documents and Settings\user 1\Cookies\509Y4W26.txt [ /www.googleadservices.com ] C:\Documents and Settings\user 1\Cookies\6Z9FJ887.txt [ /serving-sys.com ] C:\Documents and Settings\user 1\Cookies\IEON1W1S.txt [ /www.googleadservices.com ] C:\Documents and Settings\user 1\Cookies\MUWKY9UW.txt [ /apmebf.com ] C:\Documents and Settings\user 1\Cookies\727LIMA3.txt [ /network.realmedia.com ] C:\Documents and Settings\user 1\Cookies\GNFVN1XW.txt [ /www.googleadservices.com ] C:\Documents and Settings\user 1\Cookies\VSZ6CSO6.txt [ /ad.yieldmanager.com ] C:\Documents and Settings\user 1\Cookies\2ZQR2NW4.txt [ /revsci.net ] C:\Documents and Settings\user 1\Cookies\SZ0M01T7.txt [ /invitemedia.com ] C:\Documents and Settings\user 1\Cookies\P08XPMZT.txt [ /zedo.com ] C:\Documents and Settings\user 1\Cookies\W9NRIP4S.txt [ /adserver.adtechus.com ] C:\Documents and Settings\user 1\Cookies\5B612W1D.txt [ /chitika.net ] C:\Documents and Settings\user 1\Cookies\I0NUXL8P.txt [ /a1.interclick.com ] C:\Documents and Settings\user 1\Cookies\G85G3JAT.txt [ /avgtechnologies.112.2o7.net ] C:\Documents and Settings\user 1\Cookies\1BBHKF2D.txt [ /specificclick.net ] C:\Documents and Settings\user 1\Cookies\GJT84UJA.txt [ /www.googleadservices.com ] C:\Documents and Settings\user 1\Cookies\5UM38O3O.txt [ /www.googleadservices.com ] C:\Documents and Settings\user 1\Cookies\LWMWGL9R.txt [ /interclick.com ] C:\Documents and Settings\user 1\Cookies\8OKOYQCR.txt [ /mm.chitika.net ] C:\DOCUMENTS AND SETTINGS\USER 1\Cookies\VIYG3NSU.txt [ Cookie:user 1@adsonar.com/adserving ] |
15-Jul-2012, 11:40 PM
#40 | ||||||
| SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/15/2012 at 05:01 PM Application Version : 5.5.1012 Core Rules Database Version : 8902 Trace Rules Database Version: 6714 Scan type : Quick Scan Total Scan Time : 00:15:21 Operating System Information Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 461 Memory threats detected : 0 Registry items scanned : 17643 Registry threats detected : 0 File items scanned : 7541 File threats detected : 7 Adware.Tracking Cookie C:\Documents and Settings\user 1\Cookies\84OC307N.txt [ /at.atwola.com ] C:\Documents and Settings\user 1\Cookies\UL9YIXR7.txt [ /ad.yieldmanager.com ] C:\Documents and Settings\user 1\Cookies\KZCA69A1.txt [ /invitemedia.com ] C:\Documents and Settings\user 1\Cookies\Z1XXOQ5P.txt [ /zedo.com ] C:\Documents and Settings\user 1\Cookies\ITL6QA9T.txt [ /a1.interclick.com ] C:\Documents and Settings\user 1\Cookies\WHWB5D7R.txt [ /interclick.com ] C:\DOCUMENTS AND SETTINGS\USER 1\Cookies\VS99K0TF.txt [ Cookie:user 1@adsonar.com/adserving ] |
16-Jul-2012, 07:08 AM
#41 | |||||||
| Go to Start - Run - MSCONFIG - OK - "Startup" tab. Write down only the names in the "Startup Item" column that have a checkmark next to them. If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column. Submit those names here in a vertical list. Make sure to spell them exactly as you see them there. ------------------------------------------------------------------ Start HiJackThis, then click "Do a system scan and save a log file". Save the new log that appears, then copy-and-paste the entire log here. ------------------------------------------------------------------ |
16-Jul-2012, 09:23 AM
#42 | ||||||
| MoneyAgent AOLFastStart TaskMonitor SystemTray LoadPowerProfile SynTPLpr SynTPEnh CPQEASYACC EACLEAN CPQInet ServiceConnection OEMCLEANUP WildTangentCDA WUSB11B.exe RealTray HostManager AOLDialer LoadPowerProfil SchedulingAgent AolAcsDaemon1 AOLTopSpeedMonitor Calremindershortcut |
16-Jul-2012, 10:17 AM
#44 | ||||||
| Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:07:05 AM, on 7/16/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\imapi.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\VISION~1\ONETOU~2.EXE C:\Program Files\Common Files\AOL\1327122861\ee\AOLSoftware.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AOL Desktop 9.7\waol.exe C:\WINDOWS\system32\ctfmon.exe c:\program files\common files\aol\1327122861\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe C:\Program Files\AOL Desktop 9.7\shellmon.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\AOL\1327122861\ee\aolsoftware.exe C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe C:\Documents and Settings\user 1\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109930...00000000000053 45000000 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1327122861\ee\AOLSoftware.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-21-1371315241-2355909145-3359896355-1005\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" (User '?') O4 - HKUS\S-1-5-21-1371315241-2355909145-3359896355-1005\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU" (User '?') O4 - HKUS\S-1-5-21-1371315241-2355909145-3359896355-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1371315241-2355909145-3359896355-1005\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe (User '?') O4 - HKUS\S-1-5-21-1371315241-2355909145-3359896355-1005\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User '?') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - S-1-5-21-1371315241-2355909145-3359896355-1005 Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe (User '?') O4 - S-1-5-18 Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe (User '?') O4 - .DEFAULT Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe (User 'Default user') O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://www.ctk-web.com/iNotes.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...ol_v1-0-3-48.c ab O17 - HKLM\System\CCS\Services\Tcpip\..\{E4687239-9932-480C-BB79-2976FB803F60}: NameServer = 205.188.146.145 O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bprote~1\22453~1.59\protec~1.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8749 bytes |
16-Jul-2012, 04:45 PM
#45 | |||||||
| The startup list that you submitted in post #42 does NOT agree with your HiJackThis log in post #44. It also contains these startup entries that are very common in Windows 95 and Windows 98 and Windows Millennium, but are NOT common at all in Windows XP: TaskMonitor SystemTray LoadPowerProfile LoadPowerProfile SchedulingAgent I'm a bit confused at this point. -------------------------------------------------- |
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
