XP Malware Problem

**roger.f** · 2012-06-09, 04:08

Hi, I need some help getting an XP computer cleansed. I have attempted to cleanse the machine using spybot and malwareByets anti-malware. Current symptoms is slow running and it seems like every time I run spybot, it finds the following:
AdResolver
Adviva
BlueStreak
BurstMedia
CoreMetrics
DoubleClick
FastClick
MediaPlex
RIghtMedia
Tradedoubler

Spybot thinks it removes these items, but when I run spybot again, they are still there.

1. Registery backed up with Erunt
2. Spybot tea timer is off
3. DDS log follows and attach.txt is attacked.

Thank you so much…

DDS (Ver_10-03-17.01) - NTFSx86
Run by WandaS at 18:51:13.75 on Fri 06/08/2012
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.648 [GMT -7:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gamesbar\SearchEngineProtection.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Documents and Settings\WandaS\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DoNotTrackPlus\IE\DNTPService.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\WandaS\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Do Not Track Plus: {6e45f3e8-2683-4824-a6be-08108022fb36} - c:\program files\donottrackplus\ie\DNTPAddon.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SearchEngineProtection] c:\program files\gamesbar\SearchEngineProtection.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\docume~1\wandas\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\wandas\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ie\DNTPAddon.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://rap.mgmmirage.com/Citrix/ICAWEB/en/ica32/wficat.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://las.mlxchange.com/5.5.08.25119/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wandas\applic~1\mozilla\firefox\profiles\az4zki3k.default\
FF - prefs.js: browser.search.selectedEngine - bing
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6f881&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-29 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-29 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-29 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-29 44768]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-4-6 25824]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-11-3 8704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-29 136176]
S3 B-Service;B-Service;c:\documents and settings\wandas\local settings\temporary internet files\content.ie5\is1fxw44\b-service.exe --> c:\documents and settings\wandas\local settings\temporary internet files\content.ie5\is1fxw44\B-Service.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-29 136176]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2008-9-18 24944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2012-05-24 18:10:19 0 d-----w- c:\program files\common files\xing shared
2012-05-24 17:57:05 0 d-----w- c:\program files\DoNotTrackPlus
2012-05-24 17:02:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-24 17:02:38 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

==================== Find3M ====================

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 18:09:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-05-24 18:09:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-24 18:07:12 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-24 17:02:23 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 08:29:58 871936 ----a-w- c:\windows\system32\GeacView.dll
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 18:51:54.06 ===============

**ken545** · 2012-06-16, 14:57

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR

What Spybot is finding are just tracking cookies and can be deleted on a regular basis.
Gamesbar is not malicious but does bring you adds via the tracking cookies

Open up Malwarebytes and go to the Logs tab, open the last log and copy and paste it into this thread for me to see

Nothing earth shattering on your DDS log

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

**roger.f** · 2012-06-18, 07:22

Actions requested are complete. See requested information below.
Is there any way to immunize from the tracking cookies? I installed Do Not Track Plus. But I think it is causing trouble with some of my applications. The tracking cookies keep coming back almost instantly after they are removed and they slowdown the computer.

is it ok to remove gamesbar through the control panel?

Thank you so much...

Roger

------------- Info -----------------------------------------

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3945

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/2/2010 7:41:15 PM
mbam-log-2010-04-02 (19-41-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 199729
Time elapsed: 37 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-17 21:52:12
-----------------------------
21:52:12.105 OS Version: Windows 5.1.2600 Service Pack 3
21:52:12.105 Number of processors: 2 586 0x6B02
21:52:12.105 ComputerName: WANDAS UserName: WandaS
21:52:13.652 Initialize success
21:52:13.902 AVAST engine defs: 12061701
21:52:24.636 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:52:24.636 Disk 0 Vendor: ST3250410AS 3.AAF Size: 238474MB BusType: 3
21:52:24.652 Disk 0 MBR read successfully
21:52:24.652 Disk 0 MBR scan
21:52:24.652 Disk 0 Windows XP default MBR code
21:52:24.652 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
21:52:24.652 Disk 0 scanning sectors +488376000
21:52:24.714 Disk 0 scanning C:\WINDOWS\system32\drivers
21:52:31.245 Service scanning
21:52:44.245 Modules scanning
21:52:49.480 Disk 0 trace - called modules:
21:52:49.511 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:52:49.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d29ab8]
21:52:49.527 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000062[0x89d06f18]
21:52:49.527 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d2b940]
21:52:50.511 AVAST engine scan C:\WINDOWS
21:52:58.136 AVAST engine scan C:\WINDOWS\system32
21:55:28.417 AVAST engine scan C:\WINDOWS\system32\drivers
21:55:49.636 AVAST engine scan C:\Documents and Settings\WandaS
22:08:46.370 AVAST engine scan C:\Documents and Settings\All Users
22:09:52.355 Scan finished successfully
22:16:13.527 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\WandaS\Desktop\MBR.dat"
22:16:13.527 The log file has been saved successfully to "C:\Documents and Settings\WandaS\Desktop\aswMBR.txt"

**ken545** · 2012-06-18, 09:49

Good Morning,

Yes you can uninstall Gamesbar via Add Remove Programs in the Control Panel, you also have Avast Anti Virus installed and I am looking at the AVG Toolbar, AVG can go also.

Do Not Track Plus <-- I am not familiar with this program but any program that you feel is giving you problems you should unintall.

Tracking cookies can be removed manually about once a week, cookies are funny, if you block them all there are some sites that you wont be able to access.

Open Internet Explorer and go to Tools > Internet Options > Privacy Tab and make sure the slider bar is at least set to Medium, you can make it stronger if you wish and see how that works, you can always reset it back if your unhappy with that setting

aswMBR checks for rootkit activity and your log was fine

Run this program and it will flush them all out

Please download SuperAntiSpyware Free
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log

It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply

Then lets take a deeper look into your system

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**roger.f** · 2012-06-19, 06:13

I removed the Gamesbar. But could not figure out how to remove the AVG Toolbar. I previously removed AVG through the control panel/add-remove programs option. At this point it does not show up in the list of candidate programs to remove. I checked the Internet Explorer add-on's as well as Firefox and could not find the AVG toolbar.

Internet Explorer, Tools > Internet Options > Privacy Tab was already set to Medium.

Requested information is posted below and the overflow in the next post.

Thanks so much.... Roger

---------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/18/2012 at 02:30 AM

Application Version : 5.1.1002

Core Rules Database Version : 8750
Trace Rules Database Version: 6562

Scan type : Complete Scan
Total Scan Time : 01:16:59

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 602
Memory threats detected : 0
Registry items scanned : 38224
Registry threats detected : 0
File items scanned : 56265
File threats detected : 123

Adware.Tracking Cookie
C:\Documents and Settings\WandaS\Cookies\wandas@winzip.122.2o7[1].txt [ /winzip.122.2o7 ]
C:\Documents and Settings\WandaS\Cookies\FDA9MX7B.txt [ /pointroll.com ]
C:\Documents and Settings\WandaS\Cookies\DVOJJO57.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\WandaS\Cookies\Z64DUG6R.txt [ /ad.wsod.com ]
C:\Documents and Settings\WandaS\Cookies\DED51D3G.txt [ /ads.webkinz.com ]
C:\Documents and Settings\WandaS\Cookies\3TZET375.txt [ /ads.m4internet.com ]
C:\Documents and Settings\WandaS\Cookies\YWU7UW21.txt [ /accounts.youtube.com ]
C:\Documents and Settings\WandaS\Cookies\QIINLGFJ.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\WandaS\Cookies\2KY9TWZ5.txt [ /ads.pointroll.com ]
C:\Documents and Settings\WandaS\Cookies\H538P4GK.txt [ /collective-media.net ]
C:\Documents and Settings\WandaS\Cookies\HASXRUZM.txt [ /accounts.google.com ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@specificclick[2].txt [ Cookie:larry@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@dynamic.media.adrevolver[2].txt [ Cookie:larry@dynamic.media.adrevolver.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@2o7[1].txt [ Cookie:larry@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@ads.pointroll[1].txt [ Cookie:larry@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@interclick[1].txt [ Cookie:larry@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@clicksmartaffiliates[2].txt [ Cookie:larry@clicksmartaffiliates.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@imrworldwide[2].txt [ Cookie:larry@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@specificmedia[1].txt [ Cookie:larry@specificmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@ads.bridgetrack[1].txt [ Cookie:larry@ads.bridgetrack.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@nextag[1].txt [ Cookie:larry@nextag.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@login.tracking101[2].txt [ Cookie:larry@login.tracking101.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@atwola[1].txt [ Cookie:larry@atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@richmedia.yahoo[1].txt [ Cookie:larry@richmedia.yahoo.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@edge.ru4[1].txt [ Cookie:larry@edge.ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@insightexpressai[1].txt [ Cookie:larry@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@adinterax[1].txt [ Cookie:larry@adinterax.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@adopt.specificclick[2].txt [ Cookie:larry@adopt.specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@adultfriendfinder[1].txt [ Cookie:larry@adultfriendfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@invitemedia[2].txt [ Cookie:larry@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@adserver.adtechus[1].txt [ Cookie:larry@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@network.realmedia[2].txt [ Cookie:larry@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@atwola[2].txt [ Cookie:roger@atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@adopt.specificclick[1].txt [ Cookie:roger@adopt.specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@microsoftwga.112.2o7[1].txt [ Cookie:roger@microsoftwga.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@nextag[2].txt [ Cookie:roger@nextag.com/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@dynamic.media.adrevolver[2].txt [ Cookie:roger@dynamic.media.adrevolver.com/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@server.iad.liveperson[3].txt [ Cookie:roger@server.iad.liveperson.net/hc/16241656 ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@revsci[1].txt [ Cookie:roger@revsci.net/adserver ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@www.googleadservices[1].txt [ Cookie:roger@www.googleadservices.com/pagead/conversion/1072501689/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@imrworldwide[2].txt [ Cookie:roger@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@apmebf[2].txt [ Cookie:roger@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@microsoftoffice.112.2o7[1].txt [ Cookie:roger@microsoftoffice.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@mediaonenetwork[1].txt [ Cookie:roger@mediaonenetwork.net/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@google[5].txt [ Cookie:roger@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@media6degrees[1].txt [ Cookie:roger@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@specificmedia[1].txt [ Cookie:roger@specificmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@collective-media[1].txt [ Cookie:roger@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@media.adrevolver[3].txt [ Cookie:roger@media.adrevolver.com/adrevolver/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@specificclick[1].txt [ Cookie:roger@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@adinterax[1].txt [ Cookie:roger@adinterax.com/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@server.iad.liveperson[1].txt [ Cookie:roger@server.iad.liveperson.net/ ]
C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@ads.pointroll[2].txt [ Cookie:roger@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\WANDAS\Cookies\1DIHZO99.txt [ Cookie:wandas@google.com/accounts/ ]
C:\DOCUMENTS AND SETTINGS\WANDAS\Cookies\2TZ54IF2.txt [ Cookie:wandas@www.google.com/accounts ]
ads1.msn.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCFY6K38 ]
interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCFY6K38 ]
.msnportal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.specificmedia.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.akamai.interclickproxy.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
acvs.mediaonenetwork.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YF5JSKWZ ]
interclick.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YF5JSKWZ ]
m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YF5JSKWZ ]
findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
.a.findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
.a.findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
.findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
webtrack.bestsoftware.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
.chitika.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
.cgm.adbureau.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
adserv.legitreviews.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
.adopt.specificclick.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
.adopt.specificclick.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
.msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
.winzip.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\WANDAS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\WANDAS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\WANDAS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\WANDAS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\WANDAS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZXCQ9DM3 ]

Adware.ArcadeWeb
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
C:\DOCUMENTS AND SETTINGS\DEFAULT USER\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\EXTENSIONS\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\EXTENSIONS\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
C:\DOCUMENTS AND SETTINGS\WANDAS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HGAILGALDCHAJPKKMBJDLBIMHDNMMGLD\ARCADEWEBCHROME.DLL
C:\DOCUMENTS AND SETTINGS\WANDAS\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
C:\DOCUMENTS AND SETTINGS\WANDAS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AZ4ZKI3K.DEFAULT\EXTENSIONS\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL

Trojan.Agent/Gen-Gamevance
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9FFFE46-438A-4449-BEE1-6467BEA8B10E}\RP1362\A0099704.EXE
---------------------------
OTL logfile created on: 6/18/2012 8:51:30 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\WandaS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 61.03% Memory free
3.72 Gb Paging File | 2.86 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 185.68 Gb Free Space | 79.74% Space Free | Partition Type: NTFS
Drive X: | 1863.01 Gb Total Space | 1742.12 Gb Free Space | 93.51% Space Free | Partition Type: NTFS
Drive Y: | 1863.01 Gb Total Space | 1742.12 Gb Free Space | 93.51% Space Free | Partition Type: NTFS
Drive Z: | 1863.01 Gb Total Space | 1742.12 Gb Free Space | 93.51% Space Free | Partition Type: NTFS

Computer Name: WANDAS | User Name: WandaS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\WandaS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\WandaS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo)
PRC - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
PRC - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe ()
PRC - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12061802\algo.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll ()
MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll ()
MOD - C:\Program Files\Memeo\AutoBackup\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Memeo\ProfMan.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()

========== Win32 Services (SafeList) ==========

SRV - (B-Service) -- C:\Documents and Settings\WandaS\Local Settings\Temporary Internet Files\Content.IE5\IS1FXW44\B-Service.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (GVTDrv) -- C:\WINDOWS\system32\drivers\GVTDrv.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{79B0CD5F-1A71-4579-85BB-EE4150B9B542}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADBR_en
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{A4FD28B7-2EB8-4116-8FDC-2B33F161908D}: "URL" = http://ws.infospace.com/playsushi_tb...?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "bing"
FF - prefs.js..browser.search.selectedEngine: "bing"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems:

:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..extensions.enabledItems:

:2.2.0.514
FF - prefs.js..extensions.enabledItems: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc6f881&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/13 12:00:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/24 11:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/24 11:10:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/24 11:10:41 | 000,000,000 | ---D | M]

[2008/10/18 23:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Extensions
[2012/06/17 21:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Firefox\Profiles\az4zki3k.default\extensions
[2010/10/11 14:24:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Firefox\Profiles\az4zki3k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/24 10:53:38 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Firefox\Profiles\az4zki3k.default\extensions\donottrackplus@abine.com
[2011/12/09 18:33:27 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Firefox\Profiles\az4zki3k.default\extensions\text_links@arcadeweb.com
[2012/06/17 21:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/24 10:02:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/05/24 11:10:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/05/24 10:02:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/05/24 11:09:56 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/12/09 18:58:21 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober628642703.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: ArcadeWeb Plugin (Enabled) = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: ArcadeWeb = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\
CHR - Extension: avast! WebRep = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/07 14:32:17 | 000,442,934 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15221 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\WandaS\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\WandaS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Do Not Track Plus (c) Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://rap.mgmmirage.com/Citrix/ICA...a32/wficat.cab (Citrix ICA Client)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://las.mlxchange.com/5.5.08.2511...l/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D8A7F33-8A32-4614-8F48-88FAE933315A}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\WandaS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WandaS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/17 11:18:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/18 20:47:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WandaS\Desktop\OTL.exe
[2012/06/18 11:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\corys resume 2012
[2012/06/18 01:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Application Data\SUPERAntiSpyware.com
[2012/06/18 01:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/06/18 01:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/06/18 01:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/18 01:11:09 | 017,902,896 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\WandaS\Desktop\SUPERAntiSpyware.exe
[2012/06/17 21:50:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\WandaS\Desktop\aswMBR.exe
[2012/06/12 08:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Temp
[2012/06/08 18:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Reports
[2012/06/08 18:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Wanda
[2012/06/08 18:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Macy
[2012/06/08 18:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/06/08 18:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/06/08 18:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Malware CleanUp
[2012/05/24 11:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/05/24 11:10:05 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/05/24 11:09:52 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/05/24 11:09:52 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/05/24 11:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/05/24 10:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Local Settings\Application Data\DoNotTrackPlus
[2012/05/24 10:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\DoNotTrackPlus
[2012/05/24 10:49:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WandaS\Recent
[2012/05/24 10:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/24 10:02:38 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/05/24 10:02:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/05/24 10:02:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/05/24 10:02:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/05/24 10:02:38 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/05/24 10:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/18 20:47:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WandaS\Desktop\OTL.exe
[2012/06/18 13:02:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd060a84673b90.job
[2012/06/18 07:54:44 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1604221776-682003330-1005.job
[2012/06/18 07:54:44 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1604221776-682003330-1006.job
[2012/06/18 06:43:16 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/18 06:43:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/18 01:12:09 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/18 01:11:16 | 017,902,896 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\WandaS\Desktop\SUPERAntiSpyware.exe
[2012/06/17 22:16:13 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\WandaS\Desktop\MBR.dat
[2012/06/17 21:50:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\WandaS\Desktop\aswMBR.exe
[2012/06/16 09:49:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1604221776-682003330-1006.job
[2012/06/14 15:10:47 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\WandaS\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/06/14 11:11:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1604221776-682003330-1005.job
[2012/06/12 19:32:46 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/06/08 18:53:33 | 000,004,901 | ---- | M] () -- C:\Documents and Settings\WandaS\Desktop\Attach.zip
[2012/05/31 06:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/24 11:10:05 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/05/24 11:09:52 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/05/24 11:09:52 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/05/24 11:09:51 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/05/24 11:07:12 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/24 11:07:12 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/24 10:02:24 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/05/24 10:02:24 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/05/24 10:02:24 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/05/24 10:02:24 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/05/24 10:02:23 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/05/24 10:02:23 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/18 01:12:09 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/17 22:16:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\WandaS\Desktop\MBR.dat
[2012/06/08 18:53:33 | 000,004,901 | ---- | C] () -- C:\Documents and Settings\WandaS\Desktop\Attach.zip
[2012/04/07 11:24:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\WandaS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/19 16:09:15 | 000,408,902 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1659004503-1604221776-682003330-1005-0.dat
[2012/02/29 02:32:08 | 000,408,902 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 17:34:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/15 17:20:42 | 000,000,077 | ---- | C] () -- C:\WINDOWS\webica.ini

========== LOP Check ==========

[2008/09/18 23:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2011/07/29 11:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/12/16 14:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2012/04/13 23:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2011/02/16 10:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/09 20:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2008/09/18 19:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/12/09 20:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/01/07 16:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/09/23 18:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/21 00:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\ACT
[2012/04/13 23:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Seagate
[2008/09/18 22:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roger\Application Data\ACT
[2008/09/18 22:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roger\Application Data\IsolatedStorage
[2008/09/18 19:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roger\Application Data\ScanSoft
[2008/09/19 10:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\ACT
[2012/06/18 07:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\Dropbox
[2011/09/15 17:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\ICAClient
[2008/09/21 22:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\IsolatedStorage
[2012/04/13 23:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\Memeo
[2012/06/18 01:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\Oberon Media
[2010/03/27 00:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\Research In Motion
[2009/04/22 12:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\ScanSoft
[2012/04/13 23:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\Seagate
[2009/11/12 11:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\SmartDraw

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:C64C2839

< End of report >

**roger.f** · 2012-06-19, 06:17

Overflow data from the previous post follows....

Thanks again...

------------------------
OTL Extras logfile created on: 6/18/2012 8:51:30 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\WandaS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 61.03% Memory free
3.72 Gb Paging File | 2.86 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 185.68 Gb Free Space | 79.74% Space Free | Partition Type: NTFS
Drive X: | 1863.01 Gb Total Space | 1742.12 Gb Free Space | 93.51% Space Free | Partition Type: NTFS
Drive Y: | 1863.01 Gb Total Space | 1742.12 Gb Free Space | 93.51% Space Free | Partition Type: NTFS
Drive Z: | 1863.01 Gb Total Space | 1742.12 Gb Free Space | 93.51% Space Free | Partition Type: NTFS

Computer Name: WANDAS | User Name: WandaS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Documents and Settings\WandaS\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\WandaS\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe" = C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe:*:Enabled:SeagateHipServAgent -- (Axentra Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{04A8C405-7DCC-4D12-9A69-02C063CC80D6}" = Aurigma Image Uploader 6.5 Redistributable
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{12BA4B30-873F-4F14-BB3A-2C0EF8C3A6C7}" = BlackBerry Device Software v4.6.0 for the BlackBerry 8220 smartphone
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39822393-2324-4705-9010-1AB76DA144A2}" = BlackBerry Desktop Software 4.6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F04B272-E0DD-47E7-8B55-D97483DB0EBD}" = hp LaserJet 1160/1320 series
"{8410B358-107A-4FB7-AB2B-6FD952F15A8F}" = Nero 8 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B5E602-1867-449D-86FD-FC9DEA4434BF}" = HP Software Update
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB3DF81F-5E70-4722-9D99-C1FC3EEF4DE1}" = Roxio Media Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BlackBerry_{39822393-2324-4705-9010-1AB76DA144A2}" = BlackBerry Desktop Software 4.6
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix ICA Web Client
"Do Not Track Plus Add-on_is1" = Do Not Track Plus Add-on 2.2.0.514
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars.net" = PokerStars.net
"PUBLISHERR" = Microsoft Office Publisher 2007
"RealPlayer 15.0" = RealPlayer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.1.0.873
"SmartDraw 2010" = SmartDraw 2010

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2012 2:46:37 AM | Computer Name = WANDAS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2012 12:38:03 PM | Computer Name = WANDAS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/16/2012 4:51:04 AM | Computer Name = WANDAS | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 5/31/2012 8:01:56 PM | Computer Name = WANDAS | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.5.1.283, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/2/2012 12:18:50 AM | Computer Name = WANDAS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2012 11:11:18 PM | Computer Name = WANDAS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19222, fault address 0x000b9e68.

Error - 6/12/2012 12:27:20 AM | Computer Name = WANDAS | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.5.1.283, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/18/2012 4:08:27 AM | Computer Name = WANDAS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/18/2012 4:08:27 AM | Computer Name = WANDAS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/18/2012 3:58:31 PM | Computer Name = WANDAS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/17/2012 8:46:09 PM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANIDELL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
is being forced.

Error - 6/17/2012 9:54:07 PM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANIDELL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
is being forced.

Error - 6/17/2012 10:57:45 PM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANIDELL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
is being forced.

Error - 6/18/2012 12:06:00 AM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANIDELL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
is being forced.

Error - 6/18/2012 1:06:02 AM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANIDELL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
is being forced.

Error - 6/18/2012 3:15:22 AM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANIDELL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
is being forced.

Error - 6/18/2012 9:43:15 AM | Computer Name = WANDAS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.123 for the Network Card with network
address 001FD05E4C01 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/18/2012 9:46:13 AM | Computer Name = WANDAS | Source = Service Control Manager | ID = 7009
Description = Timeout (120000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/18/2012 4:08:03 PM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANIDELL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
is being forced.

Error - 6/18/2012 11:06:55 PM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANIDELL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
is being forced.

< End of report >

Thread: XP Malware Problem

Thread Tools

Display

Hybrid View

XP Malware Problem

Posting Permissions