Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
The old multiple dllhost.exe again
Message
<blockquote data-quote="TheDaver" data-source="post: 333154" data-attributes="member: 33002"><p>ZOEK results are below: I am running ComboFix after I send this and will post those results next.</p><p>Zoek.exe v5.0.0.0 Updated 13-01-2015</p><p>Tool run by Dianne C. Greene on Tue 01/13/2015 at 13:45:19.92.</p><p>Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Documents and Settings\Dianne C. Greene\Desktop\zoek.exe [Scan all users] [Script inserted]</p><p></p><p>==== System Restore Info ======================</p><p></p><p>1/13/2015 1:46:40 PM Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Empty Folders Check ======================</p><p></p><p>C:\Program Files\CrossLoop deleted successfully</p><p>C:\Program Files\MSXML 4.0 deleted successfully</p><p>C:\Program Files\Pure Networks deleted successfully</p><p>C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP deleted successfully</p><p>C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes' Anti-Malware (portable) deleted successfully</p><p>C:\Documents and Settings\Dianne C. Greene\Application Data\AdobeUM deleted successfully</p><p>C:\Documents and Settings\Dianne C. Greene\Application Data\Malwarebytes deleted successfully</p><p>C:\Documents and Settings\Dianne C. Greene\Local Settings\Application Data\NOS deleted successfully</p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Files Recently Created / Modified ======================</p><p></p><p>====== C:\WINDOWS ====</p><p>====== C:\DOCUME~1\DIANNE~1.GRE\LOCALS~1\Temp ====</p><p>====== Java Cache =====</p><p>====== C:\WINDOWS\system32 =====</p><p>2015-01-13 00:54:14 2E8EE30A29AD149DD94283AE64C7B6F4 701616 ----a-w- C:\WINDOWS\System32\FlashPlayerApp.exe</p><p>2015-01-13 00:54:13 2EB0D3528698E825AC3E31F20FEC5FF7 71344 ----a-w- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl</p><p>====== C:\WINDOWS\system32\drivers =====</p><p>====== C:\WINDOWS\Tasks ======</p><p>====== C:\WINDOWS\Temp ======</p><p>======= C:\Program Files =====</p><p>======= C: =====</p><p>====== C:\Documents and Settings\Dianne C. Greene\Application Data ======</p><p>====== C:\Documents and Settings\Dianne C. Greene ======</p><p>2015-01-11 18:42:53 F92CE6E6B3A0AB75E48D9A6BE9DDB550 16448208 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\mbar-1.08.2.1001.exe</p><p>2015-01-09 23:33:29 BA4E79B5A1287A0522A68C0BFF73EDCA 1115648 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\FRST.exe</p><p></p><p>====== C: exe-files ==</p><p>2015-01-13 01:01:28 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\RECYCLER\S-1-5-21-3185998156-573555425-3388748354-1006\Dc70.exe</p><p>2015-01-13 01:01:05 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\RECYCLER\S-1-5-21-3185998156-573555425-3388748354-1006\Dc69.exe</p><p>2015-01-13 00:59:00 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\RECYCLER\S-1-5-21-3185998156-573555425-3388748354-1006\Dc68.exe</p><p>2015-01-13 00:54:14 2E8EE30A29AD149DD94283AE64C7B6F4 701616 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe</p><p>2015-01-11 18:51:39 FAB83053CAE661446491946824E843CC 821560 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\mbar\Plugins\fixdamage.exe</p><p>2015-01-11 18:51:39 EACCC127C05090878AC0153FA17C4E65 54072 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\mbar\mbamdor.exe</p><p>2015-01-11 18:51:39 2E65369E31EC7B7C95ABCD5516A06B5F 1216824 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\mbar\mbar.exe</p><p>2015-01-11 18:48:39 F92CE6E6B3A0AB75E48D9A6BE9DDB550 16448208 ----a-w- C:\RECYCLER\S-1-5-21-3185998156-573555425-3388748354-1006\Dc66.exe</p><p>2015-01-11 18:42:53 F92CE6E6B3A0AB75E48D9A6BE9DDB550 16448208 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\mbar-1.08.2.1001.exe</p><p>2015-01-11 18:38:55 F92CE6E6B3A0AB75E48D9A6BE9DDB550 16448208 ----a-w- C:\RECYCLER\S-1-5-21-3185998156-573555425-3388748354-1006\Dc67.exe</p><p>2015-01-09 23:33:29 BA4E79B5A1287A0522A68C0BFF73EDCA 1115648 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\FRST.exe</p><p>2015-01-09 23:33:23 05EE8B7DE7067EC38D232FE84B5BE9C1 1115648 ----a-w- C:\Documents and Settings\Dianne C. Greene\Local Settings\Temporary Internet Files\Content.IE5\5N4Y95MY\FRST[2].exe</p><p>2015-01-09 23:04:39 05EE8B7DE7067EC38D232FE84B5BE9C1 1115648 ----a-w- C:\Documents and Settings\Dianne C. Greene\Local Settings\Temporary Internet Files\Content.IE5\5N4Y95MY\FRST[1].exe</p><p>2015-01-09 22:42:18 05EE8B7DE7067EC38D232FE84B5BE9C1 1115648 ----a-w- C:\Documents and Settings\Dianne C. Greene\Local Settings\Temporary Internet Files\Content.IE5\WMHDY8UH\FRST[1].exe</p><p>2015-01-09 22:35:08 05EE8B7DE7067EC38D232FE84B5BE9C1 1115648 ----a-w- C:\Documents and Settings\Dianne C. Greene\Local Settings\Temporary Internet Files\Content.IE5\5A1GK9P2\FRST[1].exe</p><p>=== C: other files ==</p><p></p><p>==== Startup Registry Enabled ======================</p><p></p><p>[HKEY_USERS\S-1-5-21-3185998156-573555425-3388748354-1006\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"</p><p>"DellSystemDetect"="C:\Documents and Settings\Dianne C. Greene\Local Settings\Apps\2.0\T68XO419.TOJ\6EAW5B42.AOM\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe"</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe"</p><p>"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"</p><p>"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe"</p><p>"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe"</p><p>"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe"</p><p>"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"</p><p>"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"</p><p>"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall"</p><p>"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"</p><p>"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"</p><p>"Microsoft Default Manager"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume"</p><p>"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime"</p><p></p><p>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"</p><p>"DellSystemDetect"="C:\Documents and Settings\Dianne C. Greene\Local Settings\Apps\2.0\T68XO419.TOJ\6EAW5B42.AOM\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe"</p><p></p><p>==== Startup Registry Disabled ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DVDLauncher]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager]</p><p>"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"</p><p>"item"="AOLSoftware"</p><p>"hkey"="HKLM"</p><p>"command"="C:\\Program Files\\Common Files\\AOL\\1168037022\\ee\\AOLSoftware.exe"</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MimBoot]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MMTray]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updateMgr]</p><p></p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Dianne C. Greene^Start Menu^Programs^Startup^TrueAssistant.lnk]</p><p>"path"="C:\\Documents and Settings\\Dianne C. Greene\\Start Menu\\Programs\\Startup\\TrueAssistant.lnk"</p><p>"backup"="C:\\WINDOWS\\pss\\TrueAssistant.lnkStartup"</p><p>"command"="C:\\PROGRA~1\\TRUEAS~1\\TRUEAS~1.EXE "</p><p>"item"="TrueAssistant"</p><p></p><p></p><p>==== Task Scheduler Jobs ======================</p><p></p><p>C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job --a------ C:\Program Files\Windows Live Toolbar\MSNTBUP.exe [10/19/2007 11:20 AM]</p><p>C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job --a------ C:\WINDOWS\system32\xp_eos.exe [02/25/2014 05:59 PM]</p><p>C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job --a------ C:\WINDOWS\system32\xp_eos.exe [02/25/2014 05:59 PM]</p><p></p><p>==== Firefox Start and Search pages ======================</p><p></p><p>ProfilePath: C:\Documents and Settings\DIANNE~1.GRE\Application Data\Mozilla\Firefox\Profiles\youalgip.default</p><p>user_pref("browser.startup.homepage", "about:blank");</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]</p><p>"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2" [01/12/2015 08:50 AM]</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>AppDir: C:\Program Files\Mozilla Firefox</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Documents and Settings\Dianne C. Greene\Application Data\Mozilla\Firefox\Profiles\youalgip.default</p><p>424899266BA430CCE5DDB6C1B4BE1B99 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll - Shockwave Flash</p><p>A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51</p><p>9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13</p><p>AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation</p><p>28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM</p><p>5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library</p><p>8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM</p><p>8EF356DA145F60C3F11DF7EF03B97449 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat</p><p>B6737AA36FCEDE7BF9388DE6701AE9CD - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 6.5</p><p>9ED81B731902191778517F2695D62BCF - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 6.5</p><p>A4BF90BA709310BF83954495310D0F38 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 6.5</p><p>37E215BB29D9FB8558E68CF1DEF5D13B - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 6.5</p><p>F1010BDE52CB7BC4D99CBC90C41058B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 6.5</p><p>A65D93ECA146EB7017EE8297A95011E0 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 6.5</p><p>BCDFF548F7D31A2BCF1CF98DA7EB5445 - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll - MetaStream 3 Plugin</p><p></p><p></p><p>==== IE Start and Search Settings ======================</p><p></p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Search Bar"="<a href="http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE" target="_blank">http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE</a>"</p><p>"Default_Page_URL"="<a href="http://www.dell4me.com/myway" target="_blank">http://www.dell4me.com/myway</a>"</p><p>[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]</p><p>"Home_Page"="<a href="http://www.dell.com" target="_blank">http://www.dell.com</a>"</p><p>"Help_Page"="<a href="http://support.dell.com" target="_blank">http://support.dell.com</a>"</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>"DefaultScope"="{6035942D-8937-4C00-8B7B-09E975380F11}"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="<a href="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC" target="_blank">http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC</a>"</p><p>{6035942D-8937-4C00-8B7B-09E975380F11} Google Url="<a href="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" target="_blank">http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}</a>"</p><p>{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Norton Safe Search Url="<a href="http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis" target="_blank">http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis</a>"</p><p>{b0441a0e-a49a-4e16-afc1-74ecced1921f} Ask Web Search Url="<a href="http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm002^S10990^us&si=CMn87oS6icECFU1afgodOEgA5g&ptb=853FEE69-48E1-4F7D-96F8-99DC3E2D6565&ind=2014093013&n=780c9ed5&psa=&st=sb&searchfor={searchTerms}" target="_blank">http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm002^S10990^us&si=CMn87oS6icECFU1afgodOEgA5g&ptb=853FEE69-48E1-4F7D-96F8-99DC3E2D6565&ind=2014093013&n=780c9ed5&psa=&st=sb&searchfor={searchTerms}</a>"</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=0 folders=0 0 bytes)</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Deleting Files / Folders ======================</p><p></p><p>"C:\Documents and Settings\Dianne C. Greene\Application Data\Share-to-Web Upload Folder" deleted</p><p></p><p>==== EOF on Tue 01/13/2015 at 13:53:42.37 ======================</p></blockquote><p></p>
[QUOTE="TheDaver, post: 333154, member: 33002"] ZOEK results are below: I am running ComboFix after I send this and will post those results next. Zoek.exe v5.0.0.0 Updated 13-01-2015 Tool run by Dianne C. Greene on Tue 01/13/2015 at 13:45:19.92. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Dianne C. Greene\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 1/13/2015 1:46:40 PM Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\CrossLoop deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\Pure Networks deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes' Anti-Malware (portable) deleted successfully C:\Documents and Settings\Dianne C. Greene\Application Data\AdobeUM deleted successfully C:\Documents and Settings\Dianne C. Greene\Application Data\Malwarebytes deleted successfully C:\Documents and Settings\Dianne C. Greene\Local Settings\Application Data\NOS deleted successfully ==== Batch Command(s) Run By Tool====================== ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\DIANNE~1.GRE\LOCALS~1\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== 2015-01-13 00:54:14 2E8EE30A29AD149DD94283AE64C7B6F4 701616 ----a-w- C:\WINDOWS\System32\FlashPlayerApp.exe 2015-01-13 00:54:13 2EB0D3528698E825AC3E31F20FEC5FF7 71344 ----a-w- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Documents and Settings\Dianne C. Greene\Application Data ====== ====== C:\Documents and Settings\Dianne C. Greene ====== 2015-01-11 18:42:53 F92CE6E6B3A0AB75E48D9A6BE9DDB550 16448208 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\mbar-1.08.2.1001.exe 2015-01-09 23:33:29 BA4E79B5A1287A0522A68C0BFF73EDCA 1115648 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\FRST.exe ====== C: exe-files == 2015-01-13 01:01:28 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\RECYCLER\S-1-5-21-3185998156-573555425-3388748354-1006\Dc70.exe 2015-01-13 01:01:05 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\RECYCLER\S-1-5-21-3185998156-573555425-3388748354-1006\Dc69.exe 2015-01-13 00:59:00 92ABBC6E52E32F8F66684F90BF4A25CE 1295360 ----a-w- C:\RECYCLER\S-1-5-21-3185998156-573555425-3388748354-1006\Dc68.exe 2015-01-13 00:54:14 2E8EE30A29AD149DD94283AE64C7B6F4 701616 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe 2015-01-11 18:51:39 FAB83053CAE661446491946824E843CC 821560 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\mbar\Plugins\fixdamage.exe 2015-01-11 18:51:39 EACCC127C05090878AC0153FA17C4E65 54072 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\mbar\mbamdor.exe 2015-01-11 18:51:39 2E65369E31EC7B7C95ABCD5516A06B5F 1216824 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\mbar\mbar.exe 2015-01-11 18:48:39 F92CE6E6B3A0AB75E48D9A6BE9DDB550 16448208 ----a-w- C:\RECYCLER\S-1-5-21-3185998156-573555425-3388748354-1006\Dc66.exe 2015-01-11 18:42:53 F92CE6E6B3A0AB75E48D9A6BE9DDB550 16448208 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\mbar-1.08.2.1001.exe 2015-01-11 18:38:55 F92CE6E6B3A0AB75E48D9A6BE9DDB550 16448208 ----a-w- C:\RECYCLER\S-1-5-21-3185998156-573555425-3388748354-1006\Dc67.exe 2015-01-09 23:33:29 BA4E79B5A1287A0522A68C0BFF73EDCA 1115648 ----a-w- C:\Documents and Settings\Dianne C. Greene\Desktop\FRST.exe 2015-01-09 23:33:23 05EE8B7DE7067EC38D232FE84B5BE9C1 1115648 ----a-w- C:\Documents and Settings\Dianne C. Greene\Local Settings\Temporary Internet Files\Content.IE5\5N4Y95MY\FRST[2].exe 2015-01-09 23:04:39 05EE8B7DE7067EC38D232FE84B5BE9C1 1115648 ----a-w- C:\Documents and Settings\Dianne C. Greene\Local Settings\Temporary Internet Files\Content.IE5\5N4Y95MY\FRST[1].exe 2015-01-09 22:42:18 05EE8B7DE7067EC38D232FE84B5BE9C1 1115648 ----a-w- C:\Documents and Settings\Dianne C. Greene\Local Settings\Temporary Internet Files\Content.IE5\WMHDY8UH\FRST[1].exe 2015-01-09 22:35:08 05EE8B7DE7067EC38D232FE84B5BE9C1 1115648 ----a-w- C:\Documents and Settings\Dianne C. Greene\Local Settings\Temporary Internet Files\Content.IE5\5A1GK9P2\FRST[1].exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3185998156-573555425-3388748354-1006\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "DellSystemDetect"="C:\Documents and Settings\Dianne C. Greene\Local Settings\Apps\2.0\T68XO419.TOJ\6EAW5B42.AOM\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall" "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" "Microsoft Default Manager"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "DellSystemDetect"="C:\Documents and Settings\Dianne C. Greene\Local Settings\Apps\2.0\T68XO419.TOJ\6EAW5B42.AOM\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DVDLauncher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1168037022\\ee\\AOLSoftware.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MimBoot] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MMTray] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updateMgr] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Dianne C. Greene^Start Menu^Programs^Startup^TrueAssistant.lnk] "path"="C:\\Documents and Settings\\Dianne C. Greene\\Start Menu\\Programs\\Startup\\TrueAssistant.lnk" "backup"="C:\\WINDOWS\\pss\\TrueAssistant.lnkStartup" "command"="C:\\PROGRA~1\\TRUEAS~1\\TRUEAS~1.EXE " "item"="TrueAssistant" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job --a------ C:\Program Files\Windows Live Toolbar\MSNTBUP.exe [10/19/2007 11:20 AM] C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job --a------ C:\WINDOWS\system32\xp_eos.exe [02/25/2014 05:59 PM] C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job --a------ C:\WINDOWS\system32\xp_eos.exe [02/25/2014 05:59 PM] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Documents and Settings\DIANNE~1.GRE\Application Data\Mozilla\Firefox\Profiles\youalgip.default user_pref("browser.startup.homepage", "about:blank"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2" [01/12/2015 08:50 AM] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Dianne C. Greene\Application Data\Mozilla\Firefox\Profiles\youalgip.default 424899266BA430CCE5DDB6C1B4BE1B99 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll - Shockwave Flash A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51 9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13 AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library 8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 8EF356DA145F60C3F11DF7EF03B97449 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat B6737AA36FCEDE7BF9388DE6701AE9CD - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 6.5 9ED81B731902191778517F2695D62BCF - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 6.5 A4BF90BA709310BF83954495310D0F38 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 6.5 37E215BB29D9FB8558E68CF1DEF5D13B - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 6.5 F1010BDE52CB7BC4D99CBC90C41058B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 6.5 A65D93ECA146EB7017EE8297A95011E0 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 6.5 BCDFF548F7D31A2BCF1CF98DA7EB5445 - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll - MetaStream 3 Plugin ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="[url]http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE[/url]" "Default_Page_URL"="[url]http://www.dell4me.com/myway[/url]" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Home_Page"="[url]http://www.dell.com[/url]" "Help_Page"="[url]http://support.dell.com[/url]" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6035942D-8937-4C00-8B7B-09E975380F11}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="[url]http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC[/url]" {6035942D-8937-4C00-8B7B-09E975380F11} Google Url="[url]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}[/url]" {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Norton Safe Search Url="[url]http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis[/url]" {b0441a0e-a49a-4e16-afc1-74ecced1921f} Ask Web Search Url="[url]http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm002^S10990^us&si=CMn87oS6icECFU1afgodOEgA5g&ptb=853FEE69-48E1-4F7D-96F8-99DC3E2D6565&ind=2014093013&n=780c9ed5&psa=&st=sb&searchfor={searchTerms}[/url]" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== After Reboot ====================== ==== Deleting Files / Folders ====================== "C:\Documents and Settings\Dianne C. Greene\Application Data\Share-to-Web Upload Folder" deleted ==== EOF on Tue 01/13/2015 at 13:53:42.37 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top