1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows xp opens very slowly

Discussion in 'Windows XP' started by lumina1, Jun 15, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. lumina1

    lumina1 Thread Starter

    Joined:
    Jun 15, 2012
    Messages:
    50
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.07.11.05
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    user 1 :: YOUR-U10IXI0ANW [administrator]
    7/11/2012 8:32:57 AM
    mbam-log-2012-07-11 (08-32-57).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 247898
    Time elapsed: 43 minute(s), 23 second(s)
    Memory Processes Detected: 1
    C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1308 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 38
    HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
    HKCR\CLSID\{1948934a-1c68-4b2b-9a1f-d12e2a062a1a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{d7ce22af-ccb3-423f-84d5-4d77152181f3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.ToolbarPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.ToolbarPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{1f0a2185-da7e-4614-91c0-dd5f4a76cb1b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{79583de9-d0c2-44ef-ae0d-cbfa16c2a785} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{23b38049-323f-443d-9732-f454e5b15b72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{3276e8a8-a233-449b-a7eb-fcee21246018} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{cf9d6d4e-5496-438e-ba24-5a580a59f5a3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\I WANT THIS (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&SEARCH (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\CouponAlert_2pService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Detected: 3
    HKCU\Software\I Want This|HelperRunningVersion (PUP.GamesPlayLab) -> Data: 149 -> Quarantined and deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search| (PUP.MyWebSearch) -> Data: http://tbedits.couponalert.com/one-...0785-52CD-4F76-8761-175A9587A99F&n=2012031319 -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|2pffxtbr@CouponAlert_2p.com (PUP.MyWebSearch) -> Data: C:\Program Files\CouponAlert_2p\bar\1.bin -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 2
    C:\Documents and Settings\user 1\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Documents and Settings\user 1\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    Files Detected: 2
    C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Delete on reboot.
    C:\Documents and Settings\user 1\Local Settings\Temporary Internet Files\Content.IE5\AZRH8HVT\VAX9_Free[1].exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
     
  2. lumina1

    lumina1 Thread Starter

    Joined:
    Jun 15, 2012
    Messages:
    50
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.04.04.08
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    user 1 :: YOUR-U10IXI0ANW [administrator]
    6/30/2012 10:48:56 AM
    mbam-log-2012-06-30 (10-48-56).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224510
    Time elapsed: 41 minute(s), 7 second(s)
    Memory Processes Detected: 1
    C:\Windows Restore\20110920\20110920.exe (Trojan.Agent.Gen) -> 2752 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 125
    HKLM\SYSTEM\CurrentControlSet\Services\CouponAlert_2pService (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{1948934a-1c68-4b2b-9a1f-d12e2a062a1a} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{d7ce22af-ccb3-423f-84d5-4d77152181f3} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} (PUP.MyWebSearch) -> No action taken.
    HKCR\CouponAlert_2p.ToolbarPlugin.1 (PUP.MyWebSearch) -> No action taken.
    HKCR\CouponAlert_2p.ToolbarPlugin (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{1f0a2185-da7e-4614-91c0-dd5f4a76cb1b} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{16fe2505-f2a0-4782-b035-af0e5188c02c} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{79583de9-d0c2-44ef-ae0d-cbfa16c2a785} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{23b38049-323f-443d-9732-f454e5b15b72} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{4d8eacbc-e293-4462-b91e-42ea5b54b743} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{3276e8a8-a233-449b-a7eb-fcee21246018} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{cf9d6d4e-5496-438e-ba24-5a580a59f5a3} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
    HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&SEARCH (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{c2df3856-676c-41dc-a73b-facbdf8e81e9} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{8542e415-0e53-4261-8be4-0d1598229d90} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{411b1946-3277-4a7f-9f60-745266360613} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{ebaf2b4f-510a-47c7-86ba-e7d94d1162f6} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{84576f6e-0660-4b4f-8918-bc6c975044d4} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{60fc9013-4a5a-4306-9695-fce0a6617f22} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{86d02bcf-0e0e-444f-8a8d-2d5c4a9e6578} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{2d205adf-c992-4eda-99c3-096e13f38ab4} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{20bcce5a-c687-46ff-8dd2-ad8235f5f2b4} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{0bdf6c42-132c-45f5-92de-dc13f40c6dab} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{a4116f8c-a634-4536-b9ef-6b9ebcc5bae1} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{65D8E17B-312E-4E12-913B-A841A8631143} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{457a4cb8-0391-409d-98b4-c4ccb2849670} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{7924fd2b-877c-4395-a063-a88ab887ea6d} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{def07acd-bcea-4269-933a-4087d20842bb} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{ebbc4e43-292a-40df-88e3-3262b7521460} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{8867ac9b-4426-44a2-a693-c95850d3405c} (PUP.MyWebSearch) -> No action taken.
    HKCR\TypeLib\{53ca18e7-5223-4358-9fd9-97c62c66c5bd} (PUP.MyWebSearch) -> No action taken.
    HKCR\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{23b0ae65-17d2-4491-98e5-b1aa6228dda2} (PUP.MyWebSearch) -> No action taken.
    HKCR\CLSID\{eb2479f3-f362-4d42-800a-e323c8029d20} (PUP.MyWebSearch) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
    HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> No action taken.
    HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> No action taken.
    HKCR\CrossriderApp0002258.BHO.1 (PUP.GamePlayLab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
    HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CouponAlert_2p.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\Software\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\I WANT THIS (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    Registry Values Detected: 9
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CouponAlert_2p Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\COUPON~2\bar\1.bin\2pbrmon.exe -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Data: -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Data: -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Data: -> No action taken.
    HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search| (PUP.MyWebSearch) -> Data: http://tbedits.couponalert.com/one-...0785-52CD-4F76-8761-175A9587A99F&n=2012031319 -> No action taken.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|2pffxtbr@CouponAlert_2p.com (PUP.MyWebSearch) -> Data: C:\Program Files\CouponAlert_2p\bar\1.bin -> No action taken.
    HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 541370074171df0bd09632253e91ca53 -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.
    Registry Data Items Detected: 2
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    Folders Detected: 14
    C:\Windows Restore (Trojan.Agent.Gen) -> Delete on reboot.
    C:\Windows Restore\20110920 (Trojan.Agent.Gen) -> Delete on reboot.
    C:\Program Files\CouponAlert_2p (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\CouponAlert_2p\bar (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\CouponAlert_2p\bar\1.bin (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\CouponAlert_2p\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\IE9Mesg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\setups (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    Files Detected: 81
    C:\Program Files\I Want This\I Want This.dll (PUP.GamePlayLab) -> No action taken.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pbarsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\user 1\Start Menu\Programs\Startup\20110920.lnk (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\Windows Restore\num.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Windows Restore\20110920\20110920.exe (Trojan.Agent.Gen) -> Delete on reboot.
    C:\Documents and Settings\user 1\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pmsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pdatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pdlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pdyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pfeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2phighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2phtml.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2phtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2phttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pmedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pmlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pscript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2ptpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\2puabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\NP2pStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\T8FFTBPR.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\T8PATCH.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\T8UNPAT.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\000E3A36.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\00136D05.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\0017781E.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001AC843 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001AFDE9.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B1A3B.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B465C.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B48CD.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B4BDA.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B4EB9.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B50EB.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B52EF.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B54D3.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B5689.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B58AB.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B5A80.bmp (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B5BF7 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001B64B2.jhtml (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\001C2D51 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Cache\files.ini (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\History\search3 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\IE9Mesg\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Message\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Settings\prevcfg2.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Settings\setting3.htm (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Settings\setting3.htm.bak (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Settings\s_w1.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Settings\s_w1.dat.bak (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Settings\s_w2.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\bar\Settings\s_w2.dat.bak (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache\CouponAlertBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache\CouponAlertNewDealsBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache\GrouponBtn.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache\PopupProperties201502211.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache\PopupProperties201502216.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\CouponAlert_2p\CouponAlert_2p\Cache\Radio.html (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    (end)
     
  3. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,579
    You submitted Malwarebytes scan logs for July 11th and June 30th.

    All that's needed is the scan log for July 11th.

    I'll be waiting to see the SUPERAntiSpyware scan log for July 11th.

    ----------------------------------------------------------
     
  4. lumina1

    lumina1 Thread Starter

    Joined:
    Jun 15, 2012
    Messages:
    50
    I got a message form superanti-spyware that they encountered an unexpected error and that an error report was being put together to be sent to microsoft. I don't know how long this is going to take.
     
  5. lumina1

    lumina1 Thread Starter

    Joined:
    Jun 15, 2012
    Messages:
    50
    Another thing. After deleting all the malware, my computer is working slower than ever.
     
  6. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,579
    You should've declined to send the error report, especially since you're using 56K dial-up.

    Where is the SUPERAntiSpyware scan log?

    Besides needing to add more RAM to that old computer, you need to think about doing a hard drive format and clean reinstall of Windows XP and getting a fresh start.

    --------------------------------------------------------
     
  7. lumina1

    lumina1 Thread Starter

    Joined:
    Jun 15, 2012
    Messages:
    50
    Superantispyware won't open. I double clicked and even right clicked, but nothing happened. After the sign appeared it put a yellow bug in the taskbar. After that nothing. The sign for the spyware appears but that's all that happens. As far as I can tell, it is downloaded the right way. I had told you earlier that there was an error. What do you suggest that I do know? Should I uninstall it and try to reinstall?
     
  8. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,579
    SUPERAntiSpyware has been properly installed if:

    1. The yellow bug icon is in the taskbar.

    2. It's startup entry is listed in Start - Run - MSCONFIG - OK - "Startup" tab.

    3. It's listed in Control Panel - Add Or Remove Programs.

    ------------------------------------------------------

    Restart the computer, then try starting it again and running a quick scan.

    ------------------------------------------------------
     
  9. lumina1

    lumina1 Thread Starter

    Joined:
    Jun 15, 2012
    Messages:
    50
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 07/15/2012 at 04:11 PM
    Application Version : 5.5.1012
    Core Rules Database Version : 8902
    Trace Rules Database Version: 6714
    Scan type : Quick Scan
    Total Scan Time : 00:12:44
    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator
    Memory items scanned : 465
    Memory threats detected : 0
    Registry items scanned : 17643
    Registry threats detected : 1
    File items scanned : 7526
    File threats detected : 31
    Adware.IEPlugin
    C:\WINDOWS\lu.dat
    Adware.IST/ISTBar (Slotch Bar)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest
    Adware.Tracking Cookie
    C:\Documents and Settings\user 1\Cookies\7TW2P8RI.txt [ /kontera.com ]
    C:\Documents and Settings\user 1\Cookies\DSGQUNMV.txt [ /tracking.dsmmadvantage.com ]
    C:\Documents and Settings\user 1\Cookies\281O9MMG.txt [ /ru4.com ]
    C:\Documents and Settings\user 1\Cookies\EFT1J0WV.txt [ /imrworldwide.com ]
    C:\Documents and Settings\user 1\Cookies\WY6EIOYQ.txt [ /at.atwola.com ]
    C:\Documents and Settings\user 1\Cookies\OFU26ASM.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\user 1\Cookies\75FYB3T3.txt [ /realmedia.com ]
    C:\Documents and Settings\user 1\Cookies\BLL0P851.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\user 1\Cookies\3P4IQAT5.txt [ /bs.serving-sys.com ]
    C:\Documents and Settings\user 1\Cookies\J43OGEXE.txt [ /fastclick.net ]
    C:\Documents and Settings\user 1\Cookies\509Y4W26.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\user 1\Cookies\6Z9FJ887.txt [ /serving-sys.com ]
    C:\Documents and Settings\user 1\Cookies\IEON1W1S.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\user 1\Cookies\MUWKY9UW.txt [ /apmebf.com ]
    C:\Documents and Settings\user 1\Cookies\727LIMA3.txt [ /network.realmedia.com ]
    C:\Documents and Settings\user 1\Cookies\GNFVN1XW.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\user 1\Cookies\VSZ6CSO6.txt [ /ad.yieldmanager.com ]
    C:\Documents and Settings\user 1\Cookies\2ZQR2NW4.txt [ /revsci.net ]
    C:\Documents and Settings\user 1\Cookies\SZ0M01T7.txt [ /invitemedia.com ]
    C:\Documents and Settings\user 1\Cookies\P08XPMZT.txt [ /zedo.com ]
    C:\Documents and Settings\user 1\Cookies\W9NRIP4S.txt [ /adserver.adtechus.com ]
    C:\Documents and Settings\user 1\Cookies\5B612W1D.txt [ /chitika.net ]
    C:\Documents and Settings\user 1\Cookies\I0NUXL8P.txt [ /a1.interclick.com ]
    C:\Documents and Settings\user 1\Cookies\G85G3JAT.txt [ /avgtechnologies.112.2o7.net ]
    C:\Documents and Settings\user 1\Cookies\1BBHKF2D.txt [ /specificclick.net ]
    C:\Documents and Settings\user 1\Cookies\GJT84UJA.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\user 1\Cookies\5UM38O3O.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\user 1\Cookies\LWMWGL9R.txt [ /interclick.com ]
    C:\Documents and Settings\user 1\Cookies\8OKOYQCR.txt [ /mm.chitika.net ]
    C:\DOCUMENTS AND SETTINGS\USER 1\Cookies\VIYG3NSU.txt [ Cookie:user [email protected]/adserving ]
     
  10. lumina1

    lumina1 Thread Starter

    Joined:
    Jun 15, 2012
    Messages:
    50
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 07/15/2012 at 05:01 PM
    Application Version : 5.5.1012
    Core Rules Database Version : 8902
    Trace Rules Database Version: 6714
    Scan type : Quick Scan
    Total Scan Time : 00:15:21
    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator
    Memory items scanned : 461
    Memory threats detected : 0
    Registry items scanned : 17643
    Registry threats detected : 0
    File items scanned : 7541
    File threats detected : 7
    Adware.Tracking Cookie
    C:\Documents and Settings\user 1\Cookies\84OC307N.txt [ /at.atwola.com ]
    C:\Documents and Settings\user 1\Cookies\UL9YIXR7.txt [ /ad.yieldmanager.com ]
    C:\Documents and Settings\user 1\Cookies\KZCA69A1.txt [ /invitemedia.com ]
    C:\Documents and Settings\user 1\Cookies\Z1XXOQ5P.txt [ /zedo.com ]
    C:\Documents and Settings\user 1\Cookies\ITL6QA9T.txt [ /a1.interclick.com ]
    C:\Documents and Settings\user 1\Cookies\WHWB5D7R.txt [ /interclick.com ]
    C:\DOCUMENTS AND SETTINGS\USER 1\Cookies\VS99K0TF.txt [ Cookie:user [email protected]/adserving ]
     
  11. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,579
    Go to Start - Run - MSCONFIG - OK - "Startup" tab.

    Write down only the names in the "Startup Item" column that have a checkmark next to them.

    If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

    Submit those names here in a vertical list.

    Make sure to spell them exactly as you see them there.

    ------------------------------------------------------------------

    Start HiJackThis, then click "Do a system scan and save a log file".

    Save the new log that appears, then copy-and-paste the entire log here.

    ------------------------------------------------------------------
     
  12. lumina1

    lumina1 Thread Starter

    Joined:
    Jun 15, 2012
    Messages:
    50
    MoneyAgent
    AOLFastStart
    TaskMonitor
    SystemTray
    LoadPowerProfile
    SynTPLpr
    SynTPEnh
    CPQEASYACC
    EACLEAN
    CPQInet
    ServiceConnection
    OEMCLEANUP
    WildTangentCDA
    WUSB11B.exe
    RealTray
    HostManager
    AOLDialer
    LoadPowerProfil
    SchedulingAgent
    AolAcsDaemon1
    AOLTopSpeedMonitor
    Calremindershortcut
     
  13. lumina1

    lumina1 Thread Starter

    Joined:
    Jun 15, 2012
    Messages:
    50
    The LoadPowerProfil, 5 up from the bottom should have an e at the end. Sorry
     
  14. lumina1

    lumina1 Thread Starter

    Joined:
    Jun 15, 2012
    Messages:
    50
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:07:05 AM, on 7/16/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\imapi.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    C:\Program Files\Common Files\AOL\1327122861\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AOL Desktop 9.7\waol.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\program files\common
    files\aol\1327122861\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
    C:\Program Files\AOL Desktop 9.7\shellmon.exe
    C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
    C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\AOL\1327122861\ee\aolsoftware.exe
    C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
    C:\Documents and Settings\user 1\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.yahoo.com/?fr=fp-yie8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://search.babylon.com/?AF=109930&babsrc=HP_ss&mntrId=b40300050000000000000053
    45000000
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://my.juno.com/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program
    Files\AOL Toolbar\welcome.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows
    Internet Explorer provided by Yahoo!
    O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program
    Files\PriceGong\2.6.4\PriceGongIE.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9}
    - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
    C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64
    Series" /O6 "USB002" /M "Stylus C64"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
    SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
    Files\AOL\1327122861\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java
    Update\jusched.exe"
    O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application
    Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money
    Express.exe"
    O4 - HKCU\..\Run: [EPSON Stylus C64 Series]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64
    Series" /M "Stylus C64" /EF "HKCU"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
    Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-21-1371315241-2355909145-3359896355-1005\..\Run: [MoneyAgent]
    "C:\Program Files\Microsoft Money\System\Money Express.exe" (User '?')
    O4 - HKUS\S-1-5-21-1371315241-2355909145-3359896355-1005\..\Run: [EPSON Stylus
    C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON
    Stylus C64 Series" /M "Stylus C64" /EF "HKCU" (User '?')
    O4 - HKUS\S-1-5-21-1371315241-2355909145-3359896355-1005\..\Run: [ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-1371315241-2355909145-3359896355-1005\..\Run: [PPWebCap]
    C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe (User '?')
    O4 - HKUS\S-1-5-21-1371315241-2355909145-3359896355-1005\..\Run:
    [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User
    '?')
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program
    Files\Symantec\LiveUpdate\ALUNotify.exe (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program
    Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - S-1-5-21-1371315241-2355909145-3359896355-1005 Startup: Check for OneTouch
    Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe (User '?')
    O4 - S-1-5-18 Startup: Check for OneTouch Updates.lnk = C:\Program
    Files\Visioneer OneTouch\WiseUpdt.exe (User '?')
    O4 - .DEFAULT Startup: Check for OneTouch Updates.lnk = C:\Program
    Files\Visioneer OneTouch\WiseUpdt.exe (User 'Default user')
    O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer
    OneTouch\WiseUpdt.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
    Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com/start.html
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
    http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
    http://www.ctk-web.com/iNotes.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
    http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.c
    ab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E4687239-9932-480C-BB79-2976FB803F60}:
    NameServer = 205.188.146.145
    O20 - AppInit_DLLs:
    c:\docume~1\alluse~1\applic~1\bprote~1\22453~1.59\protec~1.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program
    Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader -
    {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon -
    {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program
    Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC -
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -
    C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner
    - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\Documents
    and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,
    Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online,
    Inc. - C:\WINDOWS\wanmpsvc.exe
    --
    End of file - 8749 bytes
     
  15. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,579
    The startup list that you submitted in post #42 does NOT agree with your HiJackThis log in post #44.

    It also contains these startup entries that are very common in Windows 95 and Windows 98 and Windows Millennium, but are NOT common at all in Windows XP:

    TaskMonitor
    SystemTray
    LoadPowerProfile
    LoadPowerProfile
    SchedulingAgent


    I'm a bit confused at this point.

    --------------------------------------------------
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1057228