My friend says this has been slow for months.
Now she is having trouble accessing the internet.
Sometimes it is VERY slow.
When I turned it on, I thought it didn't see my keyboard or mouse. When I came back 10 minutes later with USB ones to try, it still was not responding. But just before I yanked them off, voila, it responded to my first keyboard commands. Yay.
I spent the next 20 minutes trying to see what it was so busy doing and
I saw ComcastAntiSpy.exe was using 99% of the CPU.
Still very sluggish, I eventually did Task Manager>Processes> End Process to ComcastAntiSpy.exe.
It behaved much better then.
I haven't done anything with it although I have a MVPS Hosts file at the ready.
I didn't much like the looks of what I saw there. Current Hosts file will be posted.
She said her biggest problems were trying to see the internet. I deliberately did NOT hook it up to the internet but I will test that if you ask me to.
She actually pays bills on this and the kids play on it too.
Her other computer is doing the same thing and probably picked up the same stuff the same way.
Is ComcastAntiSpy.exe an actual legit, OK, Safe program ? I have never heard of it (and I have Comcast).
How should I take Viewpoint off?
How many File sharing programs, shady toolbars and other unsafe or system hogging programs are on here that I can clean up while I'm here ?
Let me know if you notice any things that need updating.
Let me know of any free things that you might recommend for protection etc for the future. (I'm thinking WinPatrol and perhaps an AutoUpdater)
Where shall I start ?
Feel free to give me a whole list of things to do at once before I report back.
I have a collection of fresh goodies on a thumb drive at the ready and want to do it all in the right order as I'm a bit rusty.
Thanks sooo much in advance.
Logs to follow ...
Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee Security Scan Plus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Java version out of date!
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.10) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
- ~ - ~ - ~ - ~ - ~ - ~
Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2012-02-28 00:46:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (12%) free of 76 GB
Total RAM: 254 MB (30% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\DriverCure.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5665E1B6-7DDF-4D4C-AB06-19EFBA88366E}.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4aevjlz0.default
prefs.js - "browser.startup.homepage" - "http://search.bearshare.com/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10"
prefs.js - "keyword.URL" - "http://search.bearshare.com/web?src=ffb&systemid=2&q="
"Hotbar@Hotbar.com"=C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=13]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0]
"Description"=Rhapsody Control
"Path"=C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP]
"Description"=Viewpoint Media Player for Mozilla
"Path"=C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Mozilla Firefox\extensions\
mp3tubetoolbar@mp3tubetoolbar.com
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npqtplugin8.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
BearShareWebSearch.xml
creativecommons.xml
eBay.xml
google.xml
Mp3Tube.xml
wikipedia.xml
yahoo.xml
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4aevjlz0.default\extensions\
plugin@yontoo.com
{635abd67-4fe9-1b23-4f01-e679fa7484c1}
{E84D42CA-64EB-11DE-A65F-8C3656D89593}
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4aevjlz0.default\searchplugins\
BearShareWebSearch.xml
Mp3Tube.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
MediaBar - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll [2009-12-20 87480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}]
Dell Toolbar - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10 253952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467013BB-D67E-45BE-A7D7-C29E3CCA8AAD}]
DealScout - C:\Program Files\DealScout\dealscout.dll [2011-08-15 900096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
UrlHelper Class - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll [2010-10-19 585136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79CEEA4E-C231-4614-9E3B-53B2A02F39B7}]
Comcast Toolbar - C:\Program Files\comcasttb\comcastdx.dll [2009-05-25 91608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-03-23 1025584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-03 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-27 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-04 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-04 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ea6905c1-afe7-44a8-b5cf-5a41c3fdf685}]
Oryte Games 1.13 Toolbar - C:\Program Files\Oryte_Games_1.13\prxtbOry0.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo Layers - C:\Program Files\Yontoo Layers\YontooIEClient.dll [2011-05-25 194848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-03-23 1025584]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]
{79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - Comcast Toolbar - C:\Program Files\comcasttb\comcastdx.dll [2009-05-25 91608]
{09B71986-2AC5-482d-B6CB-42EA34F4F85B} - Dell Toolbar - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10 253952]
{ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - Oryte Games 1.13 Toolbar - C:\Program Files\Oryte_Games_1.13\prxtbOry0.dll [2011-01-17 175912]
{0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll [2009-12-20 87480]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{46897C77-E7A6-4c33-BFFB-E9C2E2718942} - Mp3Tube Toolbar - C:\Program Files\Mp3Tube Toolbar\mp3tubetb.dll [2011-04-29 1070592]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-04-07 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-04-07 114688]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]
"RoxioDragToDisc"=C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [2004-01-27 1179648]
"SM1BG"=C:\WINDOWS\SM1BG.EXE [2003-08-27 94208]
"Dell AIO Printer A920"=C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe [2003-05-12 270336]
"HostManager"=C:\Program Files\Common Files\AOL\1189459425\ee\AOLSoftware.exe [2008-06-24 41824]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
""= []
"dleamon.exe"=C:\Program Files\Dell V310-V510 Series\dleamon.exe [2009-07-10 766632]
"EzPrint"=C:\Program Files\Dell V310-V510 Series\ezprint.exe [2009-07-10 139944]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2010-04-01 26112]
"USB Storage Toolbox"=C:\WINDOWS\UMStor\Res.EXE [2005-09-14 65536]
"DATAMNGR"=C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE [2010-10-19 983480]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-10-06 59240]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-01-16 421736]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]
"ComcastAntispyClient"=C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe [2009-08-19 1589208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpeedItUpEX"=C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-07 68856]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2011-07-29 3077528]
"Download"=C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft\ddoctorv2\Owner\ssGet.exe [2012-01-11 987648]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=4294967295
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\WINDOWS\system32\dleacoms.exe"="C:\WINDOWS\system32\dleacoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\SG Interactive\Grand Chase\main.exe"="C:\SG Interactive\Grand Chase\main.exe:*:Enabled:GrandChase"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"vidc.iv41"=ir41_32.ax
"msacm.iac2"=iac25_32.ax
"vidc.iv50"=ir50_32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.reg - edit -
.reg - open - c:\Winnt\Regedit.exe %1
======List of files/folders created in the last 1 month======
2012-02-28 00:46:24 ----D---- C:\rsit
2012-02-28 00:42:56 ----D---- C:\Program Files\Trend Micro
2012-02-27 23:54:13 ----D---- C:\2012-AVMaintenenceFolder-Carol
2012-02-27 23:38:18 ----D---- C:\WINDOWS\LastGood
2012-02-16 16:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 16:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 04:22:27 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 month======
2012-02-28 00:42:57 ----SHD---- C:\WINDOWS\Installer
2012-02-28 00:42:56 ----RD---- C:\Program Files
2012-02-28 00:40:15 ----D---- C:\WINDOWS\system32\drivers\etc
2012-02-28 00:33:59 ----D---- C:\WINDOWS\Temp
2012-02-28 00:33:59 ----D---- C:\WINDOWS\system32\drivers
2012-02-27 23:55:50 ----D---- C:\WINDOWS\Prefetch
2012-02-27 23:38:18 ----D---- C:\WINDOWS
2012-02-27 23:32:08 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-27 23:30:38 ----SD---- C:\WINDOWS\Tasks
2012-02-27 09:44:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-27 09:31:22 ----D---- C:\WINDOWS\system32
2012-02-27 08:53:46 ----HD---- C:\WINDOWS\inf
2012-02-22 16:10:18 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2012-02-18 03:28:48 ----D---- C:\Documents and Settings\All Users\Application Data\DriverCure
2012-02-16 17:26:06 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-16 17:08:44 ----RSD---- C:\WINDOWS\assembly
2012-02-16 17:04:15 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-16 16:35:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-16 16:34:23 ----D---- C:\WINDOWS\WinSxS
2012-02-16 16:29:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-16 16:27:44 ----A---- C:\WINDOWS\imsins.BAK
2012-02-16 16:25:59 ----D---- C:\Program Files\Internet Explorer
2012-02-16 16:25:13 ----D---- C:\WINDOWS\ie8updates
2012-02-16 16:24:17 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2003-07-30 17168]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-01-27 43008]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-01-27 24576]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-01-27 284928]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2004-01-27 140416]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-01-27 117248]
R1 UDFReadr;UDFReadr; C:\WINDOWS\system32\drivers\UDFReadr.sys [2004-01-27 197632]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2010-04-01 8552]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\System32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-01-27 23680]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 dsiarhwprog;dsiarhwprog; C:\WINDOWS\System32\Drivers\dsiarhwprog.sys [2007-02-08 29184]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 dump_wmimmc;dump_wmimmc; \??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-01-27 23680]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\System32\DRIVERS\gan_adapter.sys [2006-09-27 10664]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2010-06-18 4096]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\System32\DDMI2.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiSpywareService;Comcast AntiSpyware; C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 dlea_device;dlea_device; C:\WINDOWS\system32\dleacoms.exe [2009-07-01 602792]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe [2009-07-01 98984]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2007-09-26 283912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-06-02 303104]
R2 Mp3Tube Toolbar Service;Mp3Tube Toolbar Updater Service; C:\Program Files\Mp3Tube Toolbar\Mp3TubeSvc.exe [2011-04-29 227840]
R2 QuestScan Service;QuestScan Service; C:\Program Files\QuestScan\questscan.exe [2011-10-01 36352]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
S2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2007-04-13 83504]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2009-01-27 398336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-05-03 4116984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.09 2012-02-28 00:46:35
======Uninstall list======
-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}
Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}
Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Action Replay DSi Code Manager-->"C:\Program Files\Datel\Action Replay DSi Code Manager\unins000.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10q_Plugin.exe -maintain plugin
Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Coach Version 1.0(Build:20030807.3)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}
Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Ares 2.1.7-->"C:\Program Files\Ares\uninstall.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bone (remove only)-->"C:\Program Files\TellTale Games\Bone\Uninstall.exe"
Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}
Broadcom 440x 10/100 Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Program\..\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\..\PhotoRecord\Program\uninstdll.dll"
Canon RAW Image Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon Utilities File Viewer Utility 1.3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Comcast Desktop Software (v1.2.0.9)-->MsiExec.exe /I{CEF7211D-CE3A-44C4-B321-D84A2099AE94}
Comcast Toolbar 3.0-->C:\Program Files\comcasttb\uninstall.exe
Conduit Engine -->C:\Program Files\ConduitEngine\ConduitEngineUninstall.exe engine
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Cypress USB Mass Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DealScout for Internet Explorer-->C:\Program Files\DealScout\uninstall.exe
Dell AIO Printer A920-->C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Toolbar-->regsvr32.exe /s /u "C:\Program Files\Dell Printable Web\toolband.dll"
Dell V310-V510 Series-->C:\Program Files\Dell V310-V510 Series\Install\x86\instgui.exe /u
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
eGames Master's Edition 151-->C:\PROGRA~1\eGames\EGAMES~1\UNWISE.EXE C:\PROGRA~1\eGames\EGAMES~1\INSTALL.LOG
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Homepage Protection Service-->C:\Program Files\Mp3Tube Toolbar\uninstall.exe hpp /S
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Interactive Math Journey-->C:\WINDOWS\uninst.exe -fC:\tlcwin\imj\uninstal\DeIsL1.isu
IspAssistant-Mp3Tube-->C:\Program Files\Mp3Tube Toolbar\uninstall.exe bho /S
iTunes-->MsiExec.exe /I{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}
IZArc 4.1.2-->"C:\Program Files\IZArc\unins000.exe"
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Kombat Kars Special Edition-->C:\PROGRA~1\eGames\KOMBAT~1\UNWISE.EXE C:\PROGRA~1\eGames\KOMBAT~1\INSTALL.LOG
Learn to Speak Spanish 7.0-->C:\PROGRA~1\LSSE7\UNWISE.EXE C:\PROGRA~1\LSSE7\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{24EEF6D7-A7B6-4AA9-AFD9-407185A7769F}
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
MediaBar-->C:\Program Files\BearShare Applications\MediaBar\uninstall.exe
Memory Key Boot Utility-->MsiExec.exe /X{D3943D0B-C281-4BF7-9FFB-2A4497986BF9}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.6.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3Tube Toolbar-->C:\Program Files\Mp3Tube Toolbar\uninstall.exe tb
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Oryte Games 1.13 Toolbar-->C:\Program Files\Oryte_Games_1.13\uninstall.exe
OverDrive Media Console-->MsiExec.exe /I{16D9439B-DF3D-43D1-A727-4B335300D07A}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
QuestScan 1.0 build 193-->C:\Program Files\QuestScan\uninstall.exe _?=C:\Program Files\QuestScan
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic-->"C:\Program Files\Registry Mechanic\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Burn Engine-->MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
Roxio Easy Media Creator 7-->MsiExec.exe /I{CB4544EA-C189-41FE-9E3A-76591DDB852B}
Safari-->MsiExec.exe /I{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Sibelius Scorch (ActiveX Only)-->MsiExec.exe /I{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}
SimpleOCR 3.1-->C:\PROGRA~1\SIMPLE~1\UNWISE.EXE C:\PROGRA~1\SIMPLE~1\INSTALL.LOG
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Time to Play Pet Shop-->C:\Program Files\The Learning Company\Time to Play Pet Shop\uninstal.exe
Tux of Math Command (remove only)-->"C:\Program Files\TuxMath\uninstall.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"
Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe"
Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"
Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB Disk Win98 Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF5EE349-90CD-4422-A43B-661778180173}\Setup.exe"
USB Storage Adapter FX (SM1)-->SM1UN.EXE SM1FX_AT
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}
WebIQ Technology Engine-->C:\WINDOWS\System32\WebIQEngineSetup.exe u
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wizard101-->"C:\Program Files\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe" -runfromtemp -l0x0009 -removeonly
Yontoo Layers Runtime 1.10.01-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe /remove /q0
======Hosts File======
######
66.115.143.14 google.com
66.115.143.14 www.google.com
66.115.143.14 google.co.uk
66.115.143.14 www.google.co.uk
66.115.143.14 4chan.org
66.115.143.14 www.4chan.org
66.115.143.14 www.cheatsguru.com
66.115.143.14 cheatsguru.com
66.115.143.14 www.dragonfable.com
======System event log======
Computer Name: SUZANNE2003
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.1.102 on the
Network Card with network address 000D560E81F8.
Record Number: 59190
Source Name: Dhcp
Time Written: 20111207065310.000000-300
Event Type: error
User:
Computer Name: SUZANNE2003
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000D560E81F8. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 59189
Source Name: Dhcp
Time Written: 20111207065310.000000-300
Event Type: warning
User:
Computer Name: SUZANNE2003
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
Record Number: 59165
Source Name: Service Control Manager
Time Written: 20111205072235.000000-300
Event Type: error
User:
Computer Name: SUZANNE2003
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 59109
Source Name: W32Time
Time Written: 20111203041425.000000-300
Event Type: warning
User:
Computer Name: SUZANNE2003
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000D560E81F8. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 59077
Source Name: Dhcp
Time Written: 20111202072749.000000-300
Event Type: warning
User:
=====Application event log=====
Computer Name: SUZANNE2003
Event Code: 1002
Message: Hanging application Safari.exe, version 5.34.50.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 21846
Source Name: Application Hang
Time Written: 20110829165229.000000-240
Event Type: error
User:
Computer Name: SUZANNE2003
Event Code: 1002
Message: Hanging application Safari.exe, version 5.34.50.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 21845
Source Name: Application Hang
Time Written: 20110829165228.000000-240
Event Type: error
User:
Computer Name: SUZANNE2003
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 21830
Source Name: Application Hang
Time Written: 20110829085811.000000-240
Event Type: error
User:
Computer Name: SUZANNE2003
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 21829
Source Name: Application Hang
Time Written: 20110829082401.000000-240
Event Type: error
User:
Computer Name: SUZANNE2003
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 21828
Source Name: Application Hang
Time Written: 20110829082124.000000-240
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
######
66.115.143.14 google.com
66.115.143.14 www.google.com
66.115.143.14 google.co.uk
66.115.143.14 www.google.co.uk
66.115.143.14 4chan.org
66.115.143.14 www.4chan.org
66.115.143.14 www.cheatsguru.com
66.115.143.14 cheatsguru.com
66.115.143.14 www.dragonfable.com
66.115.143.14 dragonfable.com
66.115.143.14 www.aqworlds.com
66.115.143.14 aqworlds.com
66.115.143.14 gamespot.com
66.115.143.14 www.gamespot.com
66.115.143.14 www.comcast.net
66.115.143.14 comcast.net
66.115.143.14 www.yahoo.com
66.115.143.14 yahoo.com
66.115.143.14 about.com
66.115.143.14 www.about.com
66.115.143.14 www.ebay.com
66.115.143.14 ebay.com
66.115.143.14 www.wikipedia.org
66.115.143.14 wikipedia.org
66.115.143.14 hotmail.com
66.115.143.14 www.hotmail.com
66.115.143.14 www.pokemon.com
66.115.143.14 pokemon.com
66.115.143.14 www.amazon.com
66.115.143.14 amazon.com
66.115.143.14 Craigslist.org
66.115.143.14 www.Craigslist.org
66.115.143.14 www.weather.com
66.115.143.14 weather.com
66.115.143.14 imdb.com
66.115.143.14 www.imdb.com
66.115.143.14 www.proxy.org
66.115.143.14 proxy.org
66.115.143.14 www.hidemyass.com
66.115.143.14 hidemyass.com
66.115.143.14 ask.com
66.115.143.14 www.ask.com
66.115.143.14 bing.com
66.115.143.14 www.bing.com
66.115.143.14 www.fmylife.com
66.115.143.14 fmylife.com
66.115.143.14 www.fmylife.com
66.115.143.14 www.adobe.com
66.115.143.14 www.0catch.com
66.115.143.14 www.bungie.net
- ~ - ~ - ~ - ~ - ~ - ~
- ~ - ~ - ~ - ~ - ~ - ~
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:43:49 AM, on 2/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dleaserv.exe
C:\WINDOWS\system32\dleacoms.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mp3Tube Toolbar\Mp3TubeSvc.exe
C:\Program Files\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe
C:\Program Files\QuestScan\questscan.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\AOL\1189459425\ee\AOLSoftware.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Dell V310-V510 Series\dleamon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Dell V310-V510 Series\ezprint.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\UMStor\Res.EXE
C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\QuestScan\questscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Oryte Games 1.13 Toolbar - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - C:\Program Files\Oryte_Games_1.13\prxtbOry0.dll
O1 - Hosts: 66.115.143.14 google.com
O1 - Hosts: 66.115.143.14 www.google.com
O1 - Hosts: 66.115.143.14 google.co.uk
O1 - Hosts: 66.115.143.14 www.google.co.uk
O1 - Hosts: 66.115.143.14 4chan.org
O1 - Hosts: 66.115.143.14 www.4chan.org
O1 - Hosts: 66.115.143.14 www.cheatsguru.com
O1 - Hosts: 66.115.143.14 cheatsguru.com
O1 - Hosts: 66.115.143.14 www.dragonfable.com
O1 - Hosts: 66.115.143.14 dragonfable.com
O1 - Hosts: 66.115.143.14 www.aqworlds.com
O1 - Hosts: 66.115.143.14 aqworlds.com
O1 - Hosts: 66.115.143.14 gamespot.com
O1 - Hosts: 66.115.143.14 www.gamespot.com
O1 - Hosts: 66.115.143.14 www.comcast.net
O1 - Hosts: 66.115.143.14 comcast.net
O1 - Hosts: 66.115.143.14 www.yahoo.com
O1 - Hosts: 66.115.143.14 yahoo.com
O1 - Hosts: 66.115.143.14 about.com
O1 - Hosts: 66.115.143.14 www.about.com
O1 - Hosts: 66.115.143.14 www.ebay.com
O1 - Hosts: 66.115.143.14 ebay.com
O1 - Hosts: 66.115.143.14 www.wikipedia.org
O1 - Hosts: 66.115.143.14 wikipedia.org
O1 - Hosts: 66.115.143.14 hotmail.com
O1 - Hosts: 66.115.143.14 www.hotmail.com
O1 - Hosts: 66.115.143.14 www.pokemon.com
O1 - Hosts: 66.115.143.14 pokemon.com
O1 - Hosts: 66.115.143.14 www.amazon.com
O1 - Hosts: 66.115.143.14 amazon.com
O1 - Hosts: 66.115.143.14 Craigslist.org
O1 - Hosts: 66.115.143.14 www.Craigslist.org
O1 - Hosts: 66.115.143.14 www.weather.com
O1 - Hosts: 66.115.143.14 weather.com
O1 - Hosts: 66.115.143.14 imdb.com
O1 - Hosts: 66.115.143.14 www.imdb.com
O1 - Hosts: 66.115.143.14 www.proxy.org
O1 - Hosts: 66.115.143.14 proxy.org
O1 - Hosts: 66.115.143.14 www.hidemyass.com
O1 - Hosts: 66.115.143.14 hidemyass.com
O1 - Hosts: 66.115.143.14 ask.com
O1 - Hosts: 66.115.143.14 www.ask.com
O1 - Hosts: 66.115.143.14 bing.com
O1 - Hosts: 66.115.143.14 www.bing.com
O1 - Hosts: 66.115.143.14 www.fmylife.com
O1 - Hosts: 66.115.143.14 fmylife.com
O1 - Hosts: 66.115.143.14 www.fmylife.com
O1 - Hosts: 66.115.143.14 www.adobe.com
O1 - Hosts: 66.115.143.14 www.0catch.com
O1 - Hosts: 66.115.143.14 www.bungie.net
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: DealScout - {467013BB-D67E-45BE-A7D7-C29E3CCA8AAD} - C:\Program Files\DealScout\dealscout.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Oryte Games 1.13 - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - C:\Program Files\Oryte_Games_1.13\prxtbOry0.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O3 - Toolbar: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O3 - Toolbar: Oryte Games 1.13 Toolbar - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - C:\Program Files\Oryte_Games_1.13\prxtbOry0.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Mp3Tube Toolbar - {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - "C:\Program Files\Mp3Tube Toolbar\mp3tubetb.dll" (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1189459425\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [dleamon.exe] "C:\Program Files\Dell V310-V510 Series\dleamon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Dell V310-V510 Series\ezprint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Download] "C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft\ddoctorv2\Owner\ssGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://65.61.160.5/staff/ScriptX/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263416898812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263416871609
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe
O23 - Service: dlea_device - - C:\WINDOWS\system32\dleacoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mp3Tube Toolbar Updater Service (Mp3Tube Toolbar Service) - Mp3Tube - C:\Program Files\Mp3Tube Toolbar\Mp3TubeSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: QuestScan Service - Unknown owner - C:\Program Files\QuestScan\questscan.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 15622 bytes
Hi, Blue55.
The computer does not have a lot of RAM so will be slow compared to what you are accustomed to. However, I think we can help give it a bit more pep. Hold off on installing the MVPS Hosts File until cleanup is completed.
Let's flush your DNS cache and restore the HOSTS file:
Please copy/paste the lines in bold below to Notepad:
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0Save as flush.bat to your desktop.
Double-click flush.bat file to run it. Your computer will reboot.
Note: For Windows Vista or Windows 7, right-click flush.bat and select "Run as Administrator".
As to ComcastAntiSpy, yes, it is legitimate. However, in researching it, I see that it is provided by CA Associates. Having personal experience with CA Associates, it does indeed slow down the computer. According to this topic at the Comcast Help and Support Forums, others have also experienced high CPU usage with it. What is ComcastAntiSpy.exe? (http://forums.comcast.com/t5/Security-and-Anti-Virus/What-is-ComcastAntiSpy-exe/td-p/862043). I've included it in the uninstall list.
It appears that your friend used AOL at one time for Internet service before switching to Comcast. The very old AOL software can be uninstalled.
Also included in the uninstall list are a number of toolbars and similar add-ons which have trackware/adware functionality.
Uninstall list:
AOL Coach Version 1.0(Build:20030807.3)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
AOL Uninstaller
Audacity 1.2.6
CA Pest Patrol Realtime Protection
Comcast Toolbar 3.0
Homepage Protection Service
J2SE Runtime Environment 5.0
McAfee Security Scan Plus
MediaBar
Oryte Games 1.13 Toolbar
QuestScan 1.0 build 193
Registry Mechanic
Viewpoint Media Player
Yontoo Layers Runtime 1.10.01
Updates:
McAfee Security Scan Plus (http://us.mcafee.com/en-us/affiliates/adobe/landingpages/np681.asp?cid=72563) is not a regular antivirus software. I suspect it was downloaded with an Adobe update. Thus, an antivirus software is needed. As this is an old computer, I suggest Microsoft Security Essentials (http://www.microsoft.com/security_essentials/default.aspx)
Download
TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please download
JavaRa (http://thewebatom.net/software/javara/javara-download/) and unzip it to your desktop.
- Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
- Click on Remove Older Versions to remove older versions of Java.
- A logfile will pop up. Please save it to a convenient location.
Then download and install
Java SE Runtime Environment 6u31 (http://java.com/en/download/index.jsp).
Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
Adobe Flash Player needs to be updated for IE and alternate browsers (Firefox, also outdated, and Safari). Fo11owing are direct downloads from the FTP server:
IE 32-Bit: http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_active_x_32bit.exe
Non-IE 32-Bit (Opera, Firefox etc): http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe
Adobe Reader is also outdated. Either updated it from the FTP download site ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.2/ with no risk of add-ons or uninstall it and switch to an alternate PDF reader, such as Sumatra PDF (http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html).
The newest version of Shockwave Player 11.6.4.634 is available here: http://get.adobe.com/shockwave/. Be sure to uncheck any unwanted add-ons, including the McAfee Security Scan Plus.
Logs:
Since MBAM is installed, please do the following:
- Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
- Once the update has been installed and the program has loaded, select Quick scan
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FMBAM_SR.png&hash=38adbab18bc0003ecf543fafb564e34dadece253)
- Click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Please post contents of that file in your next reply.
** Note **
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
In addition to the MBAM results, please provide a fresh RSIT log and let me know how the computer is now.
I got to the 'Check for updates' on Malwarebytes and it says it isn't set up to access the internet. (I had just hopped online just for the Java and this and was clearly online)
It hasn't updated since 2008.
Where do I go to permit Malwarebytes to access the internet ?
That is a very old version of Malwarebytes! Since there have been so many program updates over the past four years, it would be faster and easier to uninstall that version and download a fresh copy. After uninstalling, follow these new instructions:
Please download
Malwarebytes' Anti-Malware (http://www.malwarebytes.org/products/malwarebytes_free) to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware and
Launch Malwarebytes' Anti-Malware - Click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, be sure Quick scan is selected, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FMBAM_SR.png&hash=38adbab18bc0003ecf543fafb564e34dadece253) - Click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Please post contents of that file in your next reply.
** Note **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click
OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Removed, Replaced, updated and quick scanned Malwarebytes. 166 items found / restart required.
I didn't put MSE or MVPS Hosts file on yet.
The JavaRa link that you had didn't work but I got it from http :// singularlabs . com /software /javara/
I'm running a full scan of Malwarebytes overnight just for the heck of it.
It's still soooo slow.
iTunes opened up on me and refused to close or stop what it was doing.
It was processing some artist or something and using 99% on my processor.
It really ticked me off and I had to stop it with control panel.
Is iTunes supposed to do this ?
I plugged it in the internet when absolutely necessary but otherwise moved programs to and logs off
with my otherwise empty thumbdrive which gets scanned each time I put it in old faithful.
I went through the list here.
(and along the way I'm generating my own post-cleanup list
... Set a system restore point & kill any sick ones, add WOT and a few other Firefox safety add ons, Defrag as I took a bunch of junk off and it's probably never been done, Hosts & set it to read only, MSE, & an Autoupdater{What's a good one?} ..any other ideas? )
The Malwarebytes full scan is NOT comming up clean but it's barely started.
What shall I do next ?
Fresh MBAM & RSIT to follow...
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.29.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: SUZANNE2003 [administrator]
2/29/2012 8:58:44 PM
mbam-log-2012-02-29 (20-58-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 177506
Time elapsed: 7 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 32
HKCR\CLSID\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA} (Adware.Softomate) -> Quarantined and deleted successfully.
HKCR\CLSID\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKCR\HotbarWeather.WeatherController.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKCR\HotbarWeather.WeatherController (Adware.Softomate) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCR\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and deleted successfully.
HKCR\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKCR\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined and deleted successfully.
HKCR\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKCR\HbCoreSrv.DynamicProp (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCR\HbCoreSrv.DynamicProp.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCR\HotbarAx.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCR\HotbarAx.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCR\HotbarAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCR\HotbarAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKCU\Software\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCU\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\StimulProfit (Adware.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IspAssistant-Mp3Tube (Adware.Adware.MP3TubeToolBar) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|Hotbar@Hotbar.com (Adware.Hotbar) -> Data: C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 17
C:\Documents and Settings\All Users\Application Data\224412512 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\224412512\Languages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Mp3Tube Toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather (Adware.Mp3Tube) -> Quarantined and deleted successfully.
Files Detected: 114
C:\Program Files\Mp3Tube Toolbar\mp3tubetb.dll (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\QuestScan\questscan193.exe (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\yabeh.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\QuestScan\questscan188.exe (Adware.QuestScan) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\224412512\config.udb (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\224412512\init.udb (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\224412512\Languages\English.lng (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\224412512\Languages\German.lng (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\224412512\Languages\Spanish.lng (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\history (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\SearchWeather.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherDPA\Links (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherDPA\radar-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherDPA\radar-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherDPA\satellite-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherDPA\satellite-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherDPA\WeatherPreferences (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Display (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Loading (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\screen2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\screen3 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\Weather_XML\Default (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\Weather_XML\Genera1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Hotbar\Weather\Weather_XML\General (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_hpk.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Mp3Tube Toolbar\ffmpeg.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mp3Tube Toolbar\Mp3TubeSvc.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mp3Tube Toolbar\ShowMsg.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mp3Tube Toolbar\uninstall.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome.manifest (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\install.rdf (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\constants.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideo.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\events.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\tbcore.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\toolbar.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weather.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherLoc.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherLoc.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow-grey.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow_partner.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow_small.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\bg.jpg (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\feeditem.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\logo.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\news_refresh.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\popupSearchMp3.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\popupWindow.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\SaveMp3_bg_hover.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\SaveMp3_bg_normal.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\savetomp3PopUp.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\Thumbs.db (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\toolbar.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3_disabled.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\arrow.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\arrow_big.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\btn_close.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\dailyhotdeals.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\divider.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\facebook.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\games.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\icon-RSS.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\news.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\plainbutton.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3popup-musicicon.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3popup.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\saveyoutubevideos.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\screensaver.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\search.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\searchbar-grey-250.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\searchbox.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\separator_line.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\shopping.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\Thumbs.db (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\watermark.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\youtube.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_rain.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_snow.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_storm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_tstorm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\cloudy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\flurries.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\hazy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mist.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mostly_cloudy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mostly_sunny.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\rain.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\sleet.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\snow.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\storm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\sunny.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\Thumbs.db (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\thunderstorm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\weatherbug.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\windy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
(end)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2012-02-29 22:51:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (28%) free of 76 GB
Total RAM: 254 MB (31% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\DriverCure.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5665E1B6-7DDF-4D4C-AB06-19EFBA88366E}.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4aevjlz0.default
prefs.js - "browser.startup.homepage" - "http://search.bearshare.com/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10"
prefs.js - "keyword.URL" - "http://search.bearshare.com/web?src=ffb&systemid=2&q="
prefs.js - "browser.startup.homepage" - "http://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ff&clid=66410b0a34624e1b9257f1011b3fdc75&subid="
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=13]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0]
"Description"=Rhapsody Control
"Path"=C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
BearShareWebSearch.xml
creativecommons.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4aevjlz0.default\extensions\
{635abd67-4fe9-1b23-4f01-e679fa7484c1}
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4aevjlz0.default\searchplugins\
BearShareWebSearch.xml
Mp3Tube.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
MediaBar - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}]
Dell Toolbar - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10 253952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467013BB-D67E-45BE-A7D7-C29E3CCA8AAD}]
DealScout - C:\Program Files\DealScout\dealscout.dll [2011-08-15 900096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-02-29 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-03 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-27 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-02-29 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-29 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]
{09B71986-2AC5-482d-B6CB-42EA34F4F85B} - Dell Toolbar - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10 253952]
{0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-04-07 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-04-07 114688]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]
"RoxioDragToDisc"=C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [2004-01-27 1179648]
"SM1BG"=C:\WINDOWS\SM1BG.EXE [2003-08-27 94208]
"Dell AIO Printer A920"=C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe [2003-05-12 270336]
"HostManager"=C:\Program Files\Common Files\AOL\1189459425\ee\AOLSoftware.exe [2008-06-24 41824]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
""= []
"dleamon.exe"=C:\Program Files\Dell V310-V510 Series\dleamon.exe [2009-07-10 766632]
"EzPrint"=C:\Program Files\Dell V310-V510 Series\ezprint.exe [2009-07-10 139944]
"USB Storage Toolbox"=C:\WINDOWS\UMStor\Res.EXE [2005-09-14 65536]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-10-06 59240]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-01-16 421736]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpeedItUpEX"=C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-07 68856]
"Download"=C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft\ddoctorv2\Owner\ssGet.exe [2012-01-11 987648]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=4294967295
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\WINDOWS\system32\dleacoms.exe"="C:\WINDOWS\system32\dleacoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\SG Interactive\Grand Chase\main.exe"="C:\SG Interactive\Grand Chase\main.exe:*:Enabled:GrandChase"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"vidc.iv41"=ir41_32.ax
"msacm.iac2"=iac25_32.ax
"vidc.iv50"=ir50_32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.reg - edit -
.reg - open - c:\Winnt\Regedit.exe %1
======List of files/folders created in the last 1 month======
2012-02-29 22:50:40 ----D---- C:\58edb3a759216eba24
2012-02-29 22:41:23 ----D---- C:\Documents and Settings\Owner\Application Data\SumatraPDF
2012-02-29 22:41:17 ----D---- C:\Program Files\SumatraPDF
2012-02-29 20:53:39 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2012-02-29 20:53:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware - installed 2012
2012-02-29 20:53:14 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-02-29 20:38:16 ----D---- C:\WINDOWS\system32\Adobe
2012-02-29 09:00:20 ----A---- C:\WINDOWS\system32\javaws.exe
2012-02-29 09:00:20 ----A---- C:\WINDOWS\system32\javaw.exe
2012-02-29 09:00:20 ----A---- C:\WINDOWS\system32\java.exe
2012-02-28 22:04:35 ----D---- C:\Program Files\CCleaner
2012-02-28 21:39:18 ----D---- C:\Documents and Settings\Owner\Application Data\comcasttb
2012-02-28 00:46:24 ----D---- C:\rsit
2012-02-28 00:42:56 ----D---- C:\Program Files\Trend Micro
2012-02-27 23:54:13 ----D---- C:\2012-AVMaintenenceFolder-Carol
2012-02-16 16:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 16:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 04:22:27 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 month======
2012-02-29 22:51:22 ----D---- C:\WINDOWS\Prefetch
2012-02-29 22:50:51 ----D---- C:\WINDOWS\Temp
2012-02-29 22:50:51 ----D---- C:\WINDOWS\Debug
2012-02-29 22:41:17 ----RD---- C:\Program Files
2012-02-29 22:26:01 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-29 22:25:22 ----SD---- C:\WINDOWS\Tasks
2012-02-29 22:25:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-29 22:24:50 ----D---- C:\WINDOWS\system32\drivers
2012-02-29 22:22:52 ----D---- C:\Documents and Settings\All Users\Application Data\QuestScan
2012-02-29 22:16:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2012-02-29 20:38:30 ----SHD---- C:\WINDOWS\Installer
2012-02-29 20:38:16 ----D---- C:\WINDOWS\system32
2012-02-29 20:32:37 ----D---- C:\Program Files\Common Files\Real
2012-02-29 20:32:33 ----D---- C:\Program Files\Real
2012-02-29 09:07:23 ----D---- C:\WINDOWS\Registration
2012-02-29 08:59:54 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-02-28 22:19:59 ----D---- C:\WINDOWS
2012-02-28 22:16:31 ----D---- C:\Program Files\Ares
2012-02-28 22:10:33 ----D---- C:\WINDOWS\Minidump
2012-02-28 22:02:33 ----A---- C:\WINDOWS\win.ini
2012-02-28 21:54:42 ----D---- C:\Program Files\BearShare Applications
2012-02-28 21:46:05 ----D---- C:\Program Files\Pando Networks
2012-02-28 21:41:02 ----D---- C:\Program Files\Java
2012-02-28 21:41:02 ----D---- C:\Program Files\Common Files\Java
2012-02-28 21:37:16 ----D---- C:\Program Files\AOL
2012-02-28 21:36:42 ----D---- C:\Program Files\Common Files\aolshare
2012-02-28 21:36:42 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2012-02-28 21:36:25 ----D---- C:\WINDOWS\system32\Macromed
2012-02-28 21:36:20 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2012-02-28 21:36:19 ----HD---- C:\WINDOWS\inf
2012-02-28 21:34:41 ----D---- C:\Program Files\Common Files\Adobe
2012-02-28 21:34:41 ----D---- C:\Program Files\Adobe
2012-02-28 21:34:40 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-02-28 00:40:15 ----D---- C:\WINDOWS\system32\drivers\etc
2012-02-18 03:28:48 ----D---- C:\Documents and Settings\All Users\Application Data\DriverCure
2012-02-16 17:26:06 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-16 17:08:44 ----RSD---- C:\WINDOWS\assembly
2012-02-16 17:04:15 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-16 16:35:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-16 16:34:23 ----D---- C:\WINDOWS\WinSxS
2012-02-16 16:29:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-16 16:25:59 ----D---- C:\Program Files\Internet Explorer
2012-02-16 16:25:13 ----D---- C:\WINDOWS\ie8updates
2012-02-16 16:24:17 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2003-07-30 17168]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-01-27 43008]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-01-27 24576]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-01-27 284928]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2004-01-27 140416]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-01-27 117248]
R1 UDFReadr;UDFReadr; C:\WINDOWS\system32\drivers\UDFReadr.sys [2004-01-27 197632]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\System32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-01-27 23680]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 dsiarhwprog;dsiarhwprog; C:\WINDOWS\System32\Drivers\dsiarhwprog.sys [2007-02-08 29184]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 dump_wmimmc;dump_wmimmc; \??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-01-27 23680]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\System32\DRIVERS\gan_adapter.sys [2006-09-27 10664]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2010-06-18 4096]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\System32\DDMI2.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 dlea_device;dlea_device; C:\WINDOWS\system32\dleacoms.exe [2009-07-01 602792]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe [2009-07-01 98984]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-02-29 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-06-02 303104]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]
S2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2007-04-13 83504]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-05-03 4116984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Here is the Malwarebytes full scan log I just did.
Right AFTER I saved the log, Malwarebytes asked for a restart
so I don't know how clean it thinks it is After the restart.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.29.07
Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Owner :: SUZANNE2003 [administrator]
2/29/2012 11:09:26 PM
mbam-log-2012-02-29 (23-09-26).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266906
Time elapsed: 47 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\System Volume Information\_restore{1FB45D71-A412-4771-9CD0-2BC64912A8EF}\RP2024\A0345810.dll (Adware.Agent.ZGen) -> No action taken.
C:\System Volume Information\_restore{1FB45D71-A412-4771-9CD0-2BC64912A8EF}\RP2024\A0345811.exe (Adware.Agent.ZGen) -> No action taken.
C:\Documents and Settings\Owner\My Documents\SetupPlaySushi.exe (PUP.PlaySushi) -> Quarantined and deleted successfully.
(end)
Hi, Blue55.
I've never used iTunes. However, I wouldn't be surprised if the problem is related to the mp3tube showing up in the logs. Secunia PSI identifies security updates for installed programs but let's deal with that later.
Although most of what MBAM found was adware, there was detection of a fake/rogue on the computer. Thus, please do the following.
Please follow these instructions carefully.Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
!!! IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html).
- If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
- Double-click ComboFix.exe on your desktop and follow the prompts.
- As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC1.png&hash=29e6fe1eb864e58b4b66611caa7d7b6be84a47f8)
- After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC2.png&hash=e111f6aa2d657579d44cabc5fb4258fd1dce26eb)
- Click "Yes" to continue scanning for malware.
- When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
ComboFix took over an hour ans complained about lack of virtual memory.
ComboFix and Fresh HJT Logs Follow:
ComboFix 12-03-01.02 - Owner 03/01/2012 20:57:45.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.9 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
c:\documents and settings\All Users\Application Data\QuestScan
c:\documents and settings\All Users\SPL59.tmp
c:\documents and settings\All Users\SPL76.tmp
c:\documents and settings\All Users\SPL7F.tmp
c:\documents and settings\All Users\SPLD.tmp
c:\documents and settings\All Users\SPLE1.tmp
c:\documents and settings\Owner\Application Data\PriceGong
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner\WINDOWS
c:\program files\DealScout
c:\program files\DealScout\dealscout.dll
c:\program files\DealScout\installer.ico
c:\program files\DealScout\uninstall.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\934366B3C4.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 00:39 . 2012-03-02 00:39 -------- d-----w- c:\windows\LastGood
2012-03-01 03:41 . 2012-03-01 03:42 -------- d-----w- c:\documents and settings\Owner\Application Data\SumatraPDF
2012-03-01 03:41 . 2012-03-01 03:41 -------- d-----w- c:\program files\SumatraPDF
2012-03-01 01:53 . 2012-03-01 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware - installed 2012
2012-03-01 01:53 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 01:38 . 2012-03-01 01:38 -------- d-----w- c:\windows\system32\Adobe
2012-02-29 03:04 . 2012-02-29 03:04 -------- d-----w- c:\program files\CCleaner
2012-02-29 02:39 . 2012-02-29 02:39 -------- d-----w- c:\documents and settings\Owner\Application Data\comcasttb
2012-02-28 05:46 . 2012-02-28 05:46 -------- d-----w- C:\rsit
2012-02-28 05:42 . 2012-02-28 05:42 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-28 05:42 . 2012-02-28 05:42 -------- d-----w- c:\program files\Trend Micro
2012-02-28 05:40 . 2012-02-28 05:40 -------- d-----w- c:\windows\system32\drivers\etc\Outgoing
2012-02-28 04:54 . 2012-02-28 05:41 -------- d-----w- C:\2012-AVMaintenenceFolder-Carol
2012-02-15 09:22 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 09:22 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:05 . 2012-02-14 17:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 01:31 . 2011-05-21 16:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 13:59 . 2011-09-13 22:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-29 13:59 . 2010-10-14 21:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2003-07-16 20:51 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-06-23 16:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2003-08-27 19:19 . 2006-01-08 23:15 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2003-07-16 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2003-07-16 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2003-07-16 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2003-07-16 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2003-07-16 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414_0$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 07:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2003-07-16 . 6A1CF14D0E7D0B2241F552223769C8A7 . 221696 . . [6.2.2600.1106] . . c:\windows\$NtUninstallKB842773$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2GDR\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2003-07-16 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB902400_0$\rpcss.dll
.
[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
[-] 2003-07-16 . 1C4802409CFD4A7051F458B744CFCAA5 . 57984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB911280_0$\ipsec.sys
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2GDR\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
[-] 2003-07-16 20:27 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\$NtUninstallKB902400_0$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2003-07-16 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725_0$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2003-07-16 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2003-07-16 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll
.
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2003-07-16 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756_0$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2003-07-16 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB890859_0$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2006-05-19 . 3748E0FC8C1B6ADA49F98C8E69A4228C . 70656 . . [5.1.2600.1847] . . c:\windows\$NtUninstallKB922819_0$\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2003-07-16 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB914388_0$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2002-12-12 05:14 . 15914E0BF4DDA56CF797993DCCB637D1 . 4096 . . [5.3.0000000.900 built by: DIRECTX] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
[-] 2003-07-16 . 1C4802409CFD4A7051F458B744CFCAA5 . 57984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB911280_0$\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2003-07-16 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2004-07-09 09:27 . 033A45AB696EEF481707C2808C806E1A . 381952 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2004-07-09 09:27 . 90114704C17A581DA1BAE029F20932BE . 292864 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 07:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-04 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2GDR\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-04 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
[-] 2003-07-16 . C5ABBBD9C7307679B4FBA203213A6FD4 . 6144 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB920683_0$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-08 68856]
"Download"="c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft\ddoctorv2\Owner\ssGet.exe" [2012-01-11 987648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-01-27 1179648]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]
"HostManager"="c:\program files\Common Files\AOL\1189459425\ee\AOLSoftware.exe" [2008-06-24 41824]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2009-07-10 766632]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2009-07-10 139944]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-1-30 225280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dleacoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56240:TCP"= 56240:TCP:Pando Media Booster
"56240:UDP"= 56240:UDP:Pando Media Booster
.
R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [2/11/2010 7:21 PM 98984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2010 8:25 PM 136176]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [4/14/2010 4:52 PM 29184]
S3 dump_wmimmc;dump_wmimmc;\??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys --> c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2010 8:25 PM 136176]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 4:12 PM 10664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-02-19 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28]
.
2012-03-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-08 02:10]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 01:25]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 01:25]
.
2012-03-02 c:\windows\Tasks\User_Feed_Synchronization-{5665E1B6-7DDF-4D4C-AB06-19EFBA88366E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://my.screenname.aol.com/_cqr/login/login.psp?authLev=0&lang=en&locale=us&sitedomain=startpage.aol.com&siteState=OrigUrl%3dhttp%3a%2f%2fwww%2eaol%2ecom%2fmain%2eadp
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4aevjlz0.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ff&clid=66410b0a34624e1b9257f1011b3fdc75&subid=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO-{467013BB-D67E-45BE-A7D7-C29E3CCA8AAD} - c:\program files\DealScout\dealscout.dll
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
HKCU-Run-SpeedItUpEX - c:\program files\Speeditup Free\SpeedItUp.exe
AddRemove-DealScout - c:\program files\DealScout\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-01 21:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2012-03-01 21:24:40
ComboFix-quarantined-files.txt 2012-03-02 02:24
.
Pre-Run: 22,706,618,368 bytes free
Post-Run: 22,651,740,160 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 095127E156F56D72A60F8B09B885A9CF
XXXXXXXXXXXXXXXXXXXXXXX
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:27:49 PM, on 3/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dleaserv.exe
C:\WINDOWS\system32\dleacoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\AOL\1189459425\ee\AOLSoftware.exe
C:\Program Files\Dell V310-V510 Series\dleamon.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/login.psp?authLev=0&lang=en&locale=us&sitedomain=startpage.aol.com&siteState=OrigUrl=http://www.aol.com/main.adp (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1189459425\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [dleamon.exe] "C:\Program Files\Dell V310-V510 Series\dleamon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Dell V310-V510 Series\ezprint.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Download] "C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft\ddoctorv2\Owner\ssGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://65.61.160.5/staff/ScriptX/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263416898812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263416871609
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe
O23 - Service: dlea_device - - C:\WINDOWS\system32\dleacoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8580 bytes
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
Hi, Blue55.
I'm not surprised that ComboFix complained about virtual memory. Remember, this machine only has 254 MB.
Since it is late for me, I need to have fresh eyes to look more closely at the log. In the meantime, however, even though it took an hour the last run, I'd like you to do the following:
1) Please run Microsoft Fix it 50528 from http://support.microsoft.com/kb/822798. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard. Alternatively, you can save it to your computer and transfer it to your friend's computer to run.
2) Please run ComboFix again so I can see if the Fix it solution solved the cryptographic services issue. No script at this time. Just disable antivirus software and double-click ComboFix.exe on your desktop and follow the prompts. Post the log as a reply.
Thanks!
Virtual memory was set to 300-500. I set it to 2048-4096. I was hoping that would help.
Combofix still took ages to run again. It was still running when I went to bed.
ComboFix 12-03-01.02 - Owner 03/02/2012 1:15.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.123 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 04:38 . 2012-03-02 06:27 -------- d-----w- c:\windows\system32\CatRoot2
2012-03-01 03:41 . 2012-03-01 03:42 -------- d-----w- c:\documents and settings\Owner\Application Data\SumatraPDF
2012-03-01 03:41 . 2012-03-01 03:41 -------- d-----w- c:\program files\SumatraPDF
2012-03-01 01:53 . 2012-03-01 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware - installed 2012
2012-03-01 01:53 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 01:38 . 2012-03-01 01:38 -------- d-----w- c:\windows\system32\Adobe
2012-02-29 03:04 . 2012-02-29 03:04 -------- d-----w- c:\program files\CCleaner
2012-02-29 02:39 . 2012-02-29 02:39 -------- d-----w- c:\documents and settings\Owner\Application Data\comcasttb
2012-02-28 05:46 . 2012-02-28 05:46 -------- d-----w- C:\rsit
2012-02-28 05:42 . 2012-02-28 05:42 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-28 05:42 . 2012-02-28 05:42 -------- d-----w- c:\program files\Trend Micro
2012-02-28 05:40 . 2012-02-28 05:40 -------- d-----w- c:\windows\system32\drivers\etc\Outgoing
2012-02-28 04:54 . 2012-02-28 05:41 -------- d-----w- C:\2012-AVMaintenenceFolder-Carol
2012-02-15 09:22 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 09:22 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:05 . 2012-02-14 17:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 01:31 . 2011-05-21 16:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 13:59 . 2011-09-13 22:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-29 13:59 . 2010-10-14 21:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2003-07-16 20:51 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-06-23 16:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2003-08-27 19:19 . 2006-01-08 23:15 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-02_02.15.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-02 04:45 . 2012-03-02 04:45 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-08 68856]
"Download"="c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft\ddoctorv2\Owner\ssGet.exe" [2012-01-11 987648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-01-27 1179648]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]
"HostManager"="c:\program files\Common Files\AOL\1189459425\ee\AOLSoftware.exe" [2008-06-24 41824]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2009-07-10 766632]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2009-07-10 139944]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-1-30 225280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dleacoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56240:TCP"= 56240:TCP:Pando Media Booster
"56240:UDP"= 56240:UDP:Pando Media Booster
.
R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [2/11/2010 7:21 PM 98984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2010 8:25 PM 136176]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [4/14/2010 4:52 PM 29184]
S3 dump_wmimmc;dump_wmimmc;\??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys --> c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2010 8:25 PM 136176]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 4:12 PM 10664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-02-19 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28]
.
2012-03-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-08 02:10]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 01:25]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 01:25]
.
2012-03-02 c:\windows\Tasks\User_Feed_Synchronization-{5665E1B6-7DDF-4D4C-AB06-19EFBA88366E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://my.screenname.aol.com/_cqr/login/login.psp?authLev=0&lang=en&locale=us&sitedomain=startpage.aol.com&siteState=OrigUrl%3dhttp%3a%2f%2fwww%2eaol%2ecom%2fmain%2eadp
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4aevjlz0.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ff&clid=66410b0a34624e1b9257f1011b3fdc75&subid=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 01:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2708)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-03-02 01:39:06
ComboFix-quarantined-files.txt 2012-03-02 06:39
ComboFix2.txt 2012-03-02 02:24
.
Pre-Run: 20,912,291,840 bytes free
Post-Run: 20,882,649,088 bytes free
.
- - End Of File - - 0FFEC59C5C8AF4491245CC03B469E37C
Hi, blue55.
That's great -- the Microsoft Fix it solution fixed the issue. It could have been disastrous if not fixed and SFC or similar were run.
Custom CFScript
Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
- Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4aevjlz0.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ff&clid=66410b0a34624e1b9257f1011b3fdc75&subid=
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Save this as CFScript.txt and place it on your desktop.
- Close any open browsers.
- Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_CFScript.gif&hash=19cdd291c9ded999b7ed69b7a82ebed7c9d0ab01)
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
This computer is going to need an antivirus program installed. Considering it is likely getting on in years, you may want to recommend Microsoft Security Essentials (http://www.microsoft.com/security_essentials/default.aspx) as it is not resource intensive.
Is the computer running better now?
Corrine,
I ran the custom script in Combofix.
Combofix took over 3 hours, up from 1.5hrs
(The mouse was moved bit but I don't think it was double clicked)
That worries me a bit.
There is a folder in C called Qoobox
Shall I clean this up ?
There is a folder called d9966e5f50c0838ebd71
which has dozens of folders in it
each with a HotFixInstallerUI and a EULA in it.
What's all this ?
I don't know if she uses AOL but I see 9.0 there.
Is 9.0 the latest one ?
Should I update or replace it ?
It's running sluggish, often with a screen rewrite sometimes taking 8 or 10 seconds but I know it doesn't have much RAM under the hood.
Sluggish might be how it is on a good day. I don't know.
Also I just installed MSE (after the Combofix) and it is running a first full scan overnight.
...but it isn't freezing or anything.
When I look at Task Manager Performance, it isn't pegged at 100% anymore.
How does the log look ?
Thanks
Carol
ComboFix 12-03-01.02 - Owner 03/03/2012 16:35:55.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.124 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-02 14:33 . 2012-03-02 14:35 -------- d-----w- C:\CarolCarol
2012-03-02 04:38 . 2012-03-03 17:52 -------- d-----w- c:\windows\system32\CatRoot2
2012-03-01 03:41 . 2012-03-01 03:42 -------- d-----w- c:\documents and settings\Owner\Application Data\SumatraPDF
2012-03-01 03:41 . 2012-03-01 03:41 -------- d-----w- c:\program files\SumatraPDF
2012-03-01 01:53 . 2012-03-01 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware - installed 2012
2012-03-01 01:53 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 01:38 . 2012-03-01 01:38 -------- d-----w- c:\windows\system32\Adobe
2012-02-29 03:04 . 2012-02-29 03:04 -------- d-----w- c:\program files\CCleaner
2012-02-29 02:39 . 2012-02-29 02:39 -------- d-----w- c:\documents and settings\Owner\Application Data\comcasttb
2012-02-28 05:46 . 2012-02-28 05:46 -------- d-----w- C:\rsit
2012-02-28 05:42 . 2012-02-28 05:42 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-28 05:42 . 2012-02-28 05:42 -------- d-----w- c:\program files\Trend Micro
2012-02-28 05:40 . 2012-02-28 05:40 -------- d-----w- c:\windows\system32\drivers\etc\Outgoing
2012-02-28 04:54 . 2012-02-28 05:41 -------- d-----w- C:\2012-AVMaintenenceFolder-Carol
2012-02-15 09:22 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 09:22 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:05 . 2012-02-14 17:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 01:31 . 2011-05-21 16:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 13:59 . 2011-09-13 22:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-29 13:59 . 2010-10-14 21:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2003-07-16 20:51 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-06-23 16:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2003-08-27 19:19 . 2006-01-08 23:15 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-02_02.15.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-03 17:29 . 2012-03-03 17:29 16384 c:\windows\Temp\Perflib_Perfdata_620.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Download"="c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft\ddoctorv2\Owner\ssGet.exe" [2012-01-11 987648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-01-27 1179648]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]
"HostManager"="c:\program files\Common Files\AOL\1189459425\ee\AOLSoftware.exe" [2008-06-24 41824]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2009-07-10 766632]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2009-07-10 139944]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-1-30 225280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dleacoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56240:TCP"= 56240:TCP:Pando Media Booster
"56240:UDP"= 56240:UDP:Pando Media Booster
.
R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [2/11/2010 7:21 PM 98984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2010 8:25 PM 136176]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [4/14/2010 4:52 PM 29184]
S3 dump_wmimmc;dump_wmimmc;\??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys --> c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2010 8:25 PM 136176]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 4:12 PM 10664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-02-19 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 01:25]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-07 01:25]
.
2012-03-03 c:\windows\Tasks\User_Feed_Synchronization-{5665E1B6-7DDF-4D4C-AB06-19EFBA88366E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.altavista.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4aevjlz0.default\
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ff&clid=66410b0a34624e1b9257f1011b3fdc75&subid=
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-03 16:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3504)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-03-03 17:00:35
ComboFix-quarantined-files.txt 2012-03-03 22:00
ComboFix2.txt 2012-03-02 06:39
ComboFix3.txt 2012-03-02 02:24
.
Pre-Run: 20,860,866,560 bytes free
Post-Run: 20,847,271,936 bytes free
.
- - End Of File - - 98D8CF7C40F147819ADDCB82AC9171E6
Hi, Blue55.
You're correct. With a computer with so little RAM compared to what modern computers have, there isn't much else that can be done beyond keeping temp files cleaned, uninstalling unused programs, controlling programs at start-up and an occasional defrag.
As to AOL, if she uses AOL, then leave it, please. Please leave the Qoobox folder. We'll take care of that in a minute. The gobble-de-gook folder is a dynamic index. Leave it as well.
You can delete Security Check from the desktop and then do the following to implement cleanup procedures and also to reset System Restore points:
Click Start > Run and copy/paste the following bold text into the Run box and click OK:
ComboFix /Uninstall Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=combofix%40live%2ecom&item_name=ComboFix&no_shipping=0&no_note=1&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8).
To check if the system is missing security updates or has insecure applications, install Secunia Personal Software Inspector (http://secunia.com/vulnerability_scanning/personal/) or, alternatively, visit http://secunia.com/software_inspector/ . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:
- Detects insecure versions of applications installed
- Verifies that all Microsoft patches are applied
- Assists you in updating your system and applications
Install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html
My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html. If you have questions about WinPatrol, we have a forum here at LzD: WinPatrol Help & Information (http://www.landzdown.com/winpatrol-help-information/).
Please let me know if you have any additional questions.
I am also posting the results from MSE. It found 4 things
- - - - - MicrosoftSecurityEssentials results 1:35am – 4:38am 4 found
TrojanDownloader:ASX/Wimad.DI -Severe -Removed
Category: Trojan Downloader
Description: This program is dangerous and downloads other programs.
Recommended action: Remove this software immediately.
Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.
Items:
containerfile:C:\Documents and Settings\Owner\Desktop\vin's folder\kattie perry calaforna girls (good).wma
file:C:\Documents and Settings\Owner\Desktop\vin's folder\kattie perry calaforna girls (good).wma->(ASF_Script_Commands)
- ~ - ~ - ~ - ~ - ~ - ~ - ~ - ~ - ~ - ~
BrowserModifier:Win32/Zwangi -Medium -Quarantined
Category: Browser Modifier
Description: This program changes various Web browser settings without adequate consent.
Recommended action: Permit this detected item only if you trust the program or the software publisher.
Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.
Items:
file:C:\System Volume Information\_restore{1FB45D71-A412-4771-9CD0-2BC64912A8EF}\RP2024\A0345810.dll
file:C:\System Volume Information\_restore{1FB45D71-A412-4771-9CD0-2BC64912A8EF}\RP2024\A0345811.exe
- ~ - ~ - ~ - ~ - ~ - ~ - ~ - ~ - ~ - ~
Program:Win32/Starware -Low -Quarantined
Recommended action: Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.
Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.
Items:
containerfile:C:\Program Files\Dell\recipes.exe
file:C:\Program Files\Dell\recipes.exe->(nsis-6-"Starware.dll")
- ~ - ~ - ~ - ~ - ~ - ~ - ~ - ~ - ~ - ~
Program:Win32/PowerRegScheduler -Medium -Quarantined
Category: Potentially Unwanted Software
Description: This program has potentially unwanted behavior.
Recommended action: Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.
Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.
Items:
containerfile:C:\Program Files\Sonic\RecordNow!\LeaderReg.EXE
file:c:\documents and settings\owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
file:C:\Program Files\Sonic\RecordNow!\LeaderReg.EXE->[RSRCEmb]
startup:c:\documents and settings\owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
- ~ - ~ - ~ end - ~ - ~ - ~ -
Corrine,
Did MSE get it all of what it found off ?
What does it mean by
"Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions." ?
Should I be worried about WMA/ Windows Media Audio items there ?
Ooops, I deleted Combofix from the desktop.
I put a copy back on the desktop, then ran the uninstall.
It looked like it was actually running but then said it was uninstalled so I don't think I screwed it up to bad, ... Yes?
And now this is really important, how to I change LandZDown so it isn't tagging all posts as an hour off ?
(Where do I say that I'm Eastern time zone?)
Thank you sooo much for your help again.
She said that her laptop is doing the same stuff so as soon as I swap her for this, I'll be back.
Carol
Hi, Blue55.
The uninstall process of ComboFix takes care of removing old System Restore points, so any old restore points have been cleaned -- including anything MSE found.
The full system scan of MSE should have taken care of anything that wasn't visible in the logs.
See you in a new topic for the laptop!
Quote from: Blue55 on March 04, 2012, 04:20:44 PM
And now this is really important, how to I change LandZDown so it isn't tagging all posts as an hour off ?
(Where do I say that I'm Eastern time zone?)
Go to your profile: http://www.landzdown.com/profile/?u=101
Click on "Modify Profile", then "Look and Layout". Where you see the "time offset" you can manually set it to -4, or you can click "auto detect"
Thanks, Winchester73. :hug: I forgot about that question.