Thread: [Resolved] Slow Computer
View Single Post
  #1 (permalink)  
Old 27-06-2009, 09:58 PM
townsbg's Avatar
townsbg townsbg is offline
Dedicated Member
Loyal Contributor
  
Join Date: Apr 2005
Posts: 1,612
townsbg is quite a big dealtownsbg is quite a big dealtownsbg is quite a big dealtownsbg is quite a big dealtownsbg is quite a big dealtownsbg is quite a big dealtownsbg is quite a big dealtownsbg is quite a big dealtownsbg is quite a big dealtownsbg is quite a big dealtownsbg is quite a big deal
[Resolved] Slow Computer
I've been working on a computer reported by the owner as being slow for the past month and half. First thing I did was to install CC Cleaner and delete over a gig of temporary files. This is a computer used by numerous personnel with out any user control so I also had to uninstall some games and it had a suspicious entry on add/remove panel called something related to coupons which I removed. Once I was done cleaning it up and stopping unneeded programs from running I started scanning the computer. AVG [v 8.x] is set to run daily & recent logs showed nothing. First I ran Spybot and got 20 or so threats and I got most of the way through scanning before I had to stop. I removed the threats but I couldn't find the log. SuperAntiSpyware found almost 200 threats. I then installed MBAM and it found some more. Completing a scan of Spybot found 1 more threat called WildTangant. I am pasting the SuperAntiSpyware, MBAM, uninstall_list, & HijackThis logs. I have also updated Java which I believe was at v. 6 update 11 but I don't remember for sure. What I need to know is if this is now "clean" which I'm guessing isn't. The computer is performing better considering it's specs.

HijackThis
Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:49 PM, on 6/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sandboxer.com/redirect.as...3KQ4MT%40C%23W
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G 1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Eaut] "C:\PROGRA~1\COMMON~1\CURITY~1\explorer.exe" -vt ndrv (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Eaut] "C:\PROGRA~1\COMMON~1\CURITY~1\explorer.exe" -vt ndrv (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 6166 bytes
uninstall_list
Quote:
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
56Kbps Internal Modem
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
AVG Free 8.5
BigFix
Canon i550
CCleaner (remove only)
CD Burning 4
CleanUp!
CompuServe
EPSON Printer Software
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB952287)
IE Host
Indeo® software
Intel Application Accelerator
Intel(R) Extreme Graphics Driver Software
Intel(R) PRO Network Adapters and Drivers
Java(TM) 6 Update 13
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Keyboard Driver Ver1.1
My Web Search (Outlook and Outlook Express)
Notification Utility
Notification Utility
p2pnetworks
PowerDVD
RealPlayer Basic
Realtek AC'97 Audio
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
System Requirements Lab
Uninstall Tool
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Service Pack 3
XMLinst
Yahoo! Software Update
Yahoo! Toolbar
mbam
Quote:
Malwarebytes' Anti-Malware 1.38
Database version: 2343
Windows 5.1.2600 Service Pack 3

6/27/2009 2:13:06 PM
mbam-log-2009-06-27 (14-13-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 161991
Time elapsed: 51 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\downloaded program files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
SUPERAntiSpyware Scan Log
Quote:
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 06/25/2009 at 05:55 PM

Application Version : 4.26.1006

Core Rules Database Version : 3952
Trace Rules Database Version: 1894

Scan type : Complete Scan
Total Scan Time : 01:11:25

Memory items scanned : 371
Memory threats detected : 0
Registry items scanned : 5925
Registry threats detected : 76
File items scanned : 19793
File threats detected : 100

Adware.Lycos/SideSearch
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}

ESyndicate BHO
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{CC378B83-9577-44D0-B4F8-0DD965E176FC}
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{CC378B83-9577-44D0-B4F8-0DD965E176FC}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{CC378B83-9577-44D0-B4F8-0DD965E176FC}

Adware.WildMedia/Midaddle
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841}
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841}
C:\WINDOWS\UNINSTALLER.EXE

ZSERV.DLL BHO
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000000-C1EC-0345-6EC2-4D0300000000}

Adware.IncrediFind
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{0026AD90-C86F-4269-97F3-DAB4897C6D06}

MultiMPPObj Class BHO
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{002EB272-2590-4693-B166-FBD5D9B6FEA6}

Adware.Apropos Media/CxtPls
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9}

Adware.IE Plugin Variant
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}

Adware.EliteBar
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{28CAEFF3-0F18-4036-B504-51D73BD81ABC}
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{825CF5BD-8862-4430-B771-0C15C5CA8DEF}
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{825CF5BD-8862-4430-B771-0C15C5CA8DEF}

Unknown BHO (LMF32V.DLL)
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{6A6E50DC-BFA8-4B40-AB1B-159E03E829FD}

AdRoar Module Toolbar
HKU\S-1-5-21-2108299385-3034611472-3672641707-1007\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}

Adware.MovieLand/MediaPipe
HKLM\Software\ITBILL
HKLM\Software\ITBILL#PROV
HKLM\Software\ITBILL#Product
HKLM\Software\ITBILL#ProductFamily
HKLM\Software\ITBILL#TRAFFIC_TYPE
HKLM\Software\ITBILL#InstallTime
HKLM\Software\ITBILL#GUID
HKLM\Software\ITBILL#METADATA
HKLM\Software\ITBILL\CONFIG
HKLM\Software\ITBILL\FSUPPORT
HKLM\Software\ITBILL\FSUPPORT#install_date
HKLM\Software\ITBILL\FSUPPORT#install_time
HKLM\Software\ITBILL\FSUPPORT#ip_addr
HKLM\Software\ITBILL\FSUPPORT#user_country
HKLM\Software\ITBILL\FSUPPORT#dir_country
HKLM\Software\ITBILL\FSUPPORT#userid
HKLM\Software\ITBILL\FSUPPORT#cid
HKLM\Software\ITBILL\FSUPPORT#guid
HKLM\Software\ITBILL\FSUPPORT#ts
HKLM\Software\ITBILL\FSUPPORT#tss
HKLM\Software\ITBILL\FSUPPORT#idelta
HKLM\Software\ITBILL\FSUPPORT#traffic_type
HKLM\Software\ITBILL\FSUPPORT#altpay
HKLM\Software\ITBILL\FSUPPORT#product
HKLM\Software\ITBILL\UPDATE
HKLM\Software\ITBILL\UPDATE#Module
HKLM\Software\ITBILL\UPDATE#Config
HKLM\Software\MediaPipe
HKLM\Software\MediaPipe\Prefs
HKLM\Software\MediaPipe\Prefs#version
HKLM\Software\MediaPipe\Prefs#AltPayments
HKLM\Software\MediaPipe\Prefs#ProductFamily
HKLM\Software\MediaPipe\Prefs#Country
HKLM\Software\MediaPipe\Prefs#Provider
HKLM\Software\MediaPipe\Prefs#TRAFFIC_COUNTRY
HKLM\Software\MediaPipe\Prefs#TRAFFIC_PROGRAM
HKLM\Software\MediaPipe\Prefs#TRAFFIC_SOURCE
HKLM\Software\MediaPipe\Prefs#TRAFFIC_SUBSOURCE
HKLM\Software\MediaPipe\Prefs#JOIN_FORM_ID
HKLM\Software\MediaPipe\Prefs#modem
HKLM\Software\MediaPipe\Prefs#GUID
HKLM\Software\MediaPipe\Prefs#Filename
HKLM\Software\MediaPipe\Prefs\altpayments
HKLM\Software\MediaPipe\Prefs\altpayments#Provider
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR
C:\Program Files\ItBill
C:\Program Files\MediaPipe\Agent.dll
C:\Program Files\MediaPipe\altpayments_terms.txt
C:\Program Files\MediaPipe\install.log
C:\Program Files\MediaPipe\MediaPipe.ini
C:\Program Files\MediaPipe
C:\PROGRAM FILES\FSUPPORT\NOTIFIER.EXE
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid32
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib#Version

Adware.IEPlugin
HKCR\Remove

Adware.MyWebSearch/FunWebProducts
HKU\PE_C_JOHNNY GENTRY\SOFTWARE\FunWebProducts

Adware.Tracking Cookie
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@belnk[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@order.jamster[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@adrevolver[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ads.monster[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ehg-randomhouse.hitbox[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ehg-foxinteractive.hitbox[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@adopt.specificclick[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@server.iad.liveperson[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@www.drivecleaner[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@onlinerewardcenter[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@nextag[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@coolsavings[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@tripod[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@as.casalemedia[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@rotator.adjuggler[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@adinterax[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@sales.liveperson[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@try.starware[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@twci.coremetrics[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@maxserving[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@qnsr[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@serving.rpowermedia[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@videoegg.adbureau[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@eztracks.aavalue[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@adecn[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@adopt.hbmediapro[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@partner2profit[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@clickshift[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@adultactioncam[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@stats.espinthebottle[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@apmebf[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@stat.onestat[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ads.addynamix[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@stats[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@data.coremetrics[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@atwola[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@reduxads.valuead[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@azoogleads[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ads.hi5[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@media303[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@www.xctrk[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@metacafe.122.2o7[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@teensforcash[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@a.as-us.falkag[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ads.cnn[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@login.tracking101[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@anad.tacoda[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@www.adultactioncam[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ads.realtechnetwork[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@adknowledge[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ads.pointroll[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@adserver[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@as-us.falkag[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@jumps.ez-tracks[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ads.bridgetrack[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@insightexpressai[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@bluestreak[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@roiservice[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@tracker.myspacemaps[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@interclick[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ad.yieldmanager[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ad.yieldmanager[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ez-tracks[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@h.starware[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@drivecleaner[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@media.snapvine[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@jamster[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@dist.belnk[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@counter.hitslink[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ads.glispa[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@lynxtrack[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@stats1.reliablestats[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@edge.ru4[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@ads.ecrush[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@cochranfirm.122.2o7[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@statcounter[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@adserve.webtoolcafe[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@offers.intermediainteractive[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@a.websponsors[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@aff.primaryads[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@cbs.112.2o7[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@stats.drivecleaner[2].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@countrymusic.about[1].txt
C:\Documents and Settings\Johnny Gentry\Cookies\johnny gentry@www.burstbeacon[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@server.cpmstar[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@adknowledge[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@hits.clickandtrack[1].txt

Trojan.BitSprX2/System
C:\WINDOWS\SYSTEM32\BITSPRX2.EXE

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\WNSTSTR.EXE
Reply With Quote