PDA

View Full Version : Unable to remove WebTrendsLive



zennla
2012-07-30, 20:27
Hi, my Spybot S&D can't seem to remove this malware: 'WebTrendsLive'. I repeatedly run the scan, delete it, but then immediately I run the scan and it's still there! Anyway, here are my logs: Hopefully you can help. Thanks.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by JOHNKANE at 18:10:49 on 2012-07-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1986 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://startsear.ch/?aff=1&cf=287e847c-1872-11e1-a454-20cf300f42b0
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\JOHNKANE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{FD9BA7C8-2A85-4D19-A551-0CF40F8CF4F0} : NameServer = 192.168.0.1,192.168.0.99
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: IE5BarLauncherBHO Class: {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JOHNKANE\AppData\Roaming\Mozilla\Firefox\Profiles\r4bzgjnf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2927608&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/ | http://www.metoffice.gov.uk/weather/uk/se/se_forecast_weather.html
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-10-6 23208]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-10-6 3069752]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-7 365568]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-5-25 2152152]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-16 1153368]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-6-16 17152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 WRSVC;WRSVC;"C:\Program Files (x86)\Webroot\WRSA.exe" -service --> C:\Program Files (x86)\Webroot\WRSA.exe [?]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2011-10-6 66320]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-1 113120]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2011-6-30 93848]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudobex.sys --> C:\Windows\system32\DRIVERS\ssudobex.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-25 19:04:00 -------- d-----w- C:\Users\JOHNKANE\AppData\Local\Macromedia
2012-07-25 18:55:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-25 18:51:07 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-25 18:48:30 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-25 18:44:32 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
==================== Find3M ====================
.
2012-07-25 18:55:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-25 18:51:03 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-29 07:38:50 330240 ----a-w- C:\Windows\MASetupCaller.dll
2012-05-11 06:34:14 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 18:11:16.44 ===============




aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 18:15:47
-----------------------------
18:15:47.698 OS Version: Windows x64 6.1.7601 Service Pack 1
18:15:47.698 Number of processors: 4 586 0x503
18:15:47.698 ComputerName: JOHNKANE-PC UserName: JOHNKANE
18:15:48.190 Initialize success
18:16:05.777 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:16:05.782 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
18:16:05.814 Disk 0 MBR read successfully
18:16:05.820 Disk 0 MBR scan
18:16:05.825 Disk 0 Windows 7 default MBR code
18:16:05.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:16:05.851 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199899 MB offset 206848
18:16:05.870 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 700000 MB offset 409600000
18:16:05.903 Disk 0 scanning C:\Windows\system32\drivers
18:16:11.412 Service scanning
18:16:22.081 Modules scanning
18:16:22.098 Disk 0 trace - called modules:
18:16:22.114 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:16:22.119 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a2e060]
18:16:22.126 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80048f19b0]
18:16:22.132 5 ACPI.sys[fffff88000f267a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80049ac060]
18:16:22.140 Scan finished successfully
18:16:52.825 Disk 0 MBR has been saved successfully to "C:\Users\JOHNKANE\Desktop\MBR.dat"
18:16:52.830 The log file has been saved successfully to "C:\Users\JOHNKANE\Desktop\aswMBR.txt"

ken545
2012-08-04, 20:42
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR




Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

ken545
2012-08-07, 01:18
Still with us ?

zennla
2012-08-07, 03:07
Hi, I hope I followed the instructions right:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXXXX:: XXXXXX-PC [administrator]

07/08/2012 00:52:59
mbam-log-2012-08-07 (00-52-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200196
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1&cf=287e847c-1872-11e1-a454-20cf300f42b0) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.

(end)

ken545
2012-08-07, 03:19
You did fine

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

zennla
2012-08-07, 13:51
I couldn't find the extras.txt file because I can't find the OTL directory in my Programs folder. The system may need a reboot for it to appear but this hasn't been the case with the othe programs??


OTL logfile created on: 07/08/2012 11:40:58 - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\XXXXXXXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 56.52% Memory free
8.00 Gb Paging File | 6.09 Gb Available in Paging File | 76.14% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 107.14 Gb Free Space | 54.88% Space Free | Partition Type: NTFS
Drive D: | 683.59 Gb Total Space | 190.78 Gb Free Space | 27.91% Space Free | Partition Type: NTFS

Computer Name: XXXXXXXX-PC | User Name: XXXXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\XXXXXXXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\XXXXXXXX\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll ()
MOD - C:\Program Files (x86)\Pidgin\exchndl.dll ()
MOD - C:\Program Files (x86)\Pidgin\libjabber.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmsn.dll ()
MOD - C:\Program Files (x86)\Pidgin\liboscar.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libqq.dll ()
MOD - C:\Program Files (x86)\Pidgin\libymsg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libgg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsilc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmxit.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsametime.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libnovell.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libirc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\spellchk.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsimple.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\log_reader.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\themeedit.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ticker.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\winprefs.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\notify.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\convcolors.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\markerline.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\history.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\idle.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\joinpart.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libicq.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\extplacement.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\statenotify.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libaim.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\relnot.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\psychic.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\newline.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\iconaway.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\buddynote.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ssl.dll ()
MOD - C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\sqlite3.dll ()
MOD - C:\Program Files (x86)\Pidgin\libxml2-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe (SiSoftware)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (WRkrn) -- C:\Windows\SysNative\drivers\WRkrn.sys (Webroot)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (ssudobex) -- C:\Windows\SysNative\drivers\ssudobex.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\sandra.sys (SiSoftware)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (s125bus) -- C:\Windows\SysNative\drivers\s125bus.sys (MCCI Corporation)
DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{395D4B68-56C1-4BA8-9670-87A2BFCDFB70}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4F 75 32 AD D9 A9 CC 01 [binary data]
IE - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=287e847c-1872-11e1-a454-20cf300f42b0&q={searchTerms}
IE - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000\..\SearchScopes\{395D4B68-56C1-4BA8-9670-87A2BFCDFB70}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "twetvcom Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2927608&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/ | http://www.metoffice.gov.uk/weather/uk/se/se_forecast_weather.html"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/25 19:43:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/15 20:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 09:11:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 11:13:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/25 19:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/20 14:10:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/04/11 13:02:11 | 000,000,000 | ---D | M]

[2011/06/16 21:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Extensions
[2011/06/16 21:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/30 17:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\r4bzgjnf.default\extensions
[2011/06/23 22:36:47 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\r4bzgjnf.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2012/01/25 17:49:05 | 000,003,449 | ---- | M] () -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\r4bzgjnf.default\searchplugins\google-uk.xml
[2012/01/25 17:50:59 | 000,002,101 | ---- | M] () -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\r4bzgjnf.default\searchplugins\googlede.xml
[2011/06/19 16:46:25 | 000,001,504 | ---- | M] () -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\r4bzgjnf.default\searchplugins\imdb.xml
[2011/06/22 22:41:09 | 000,004,140 | ---- | M] () -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\r4bzgjnf.default\searchplugins\youtube.xml
[2012/07/25 19:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/25 13:32:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/25 19:51:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/03 09:11:41 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/03/03 13:21:02 | 000,024,747 | ---- | M] () (No name found) -- C:\USERS\XXXXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\EXTENSIONS\LINKY@GEMAL.DK.XPI
[2012/07/28 11:13:43 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012/05/01 12:44:15 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/11 23:05:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/01 12:44:15 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/01 12:44:15 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/01 12:44:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/05/01 12:44:15 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\XXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3534747703-2780070308-1272146802-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD9BA7C8-2A85-4D19-A551-0CF40F8CF4F0}: NameServer = 192.168.0.1,192.168.0.99
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 10:56:01 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\XXXXXXXX\Desktop\OTL.exe
[2012/08/07 00:52:35 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXX\AppData\Roaming\Malwarebytes
[2012/08/07 00:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/07 00:50:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/07 00:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/07 00:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/07 00:49:59 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\XXXXXXXX\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/30 18:10:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/07/30 18:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/30 18:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/07/25 20:04:00 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXX\AppData\Local\Macromedia
[2012/07/25 19:55:51 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/25 19:51:07 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/07/25 19:51:07 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/07/25 19:51:07 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/07/25 19:51:07 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/07/25 19:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/25 19:45:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/25 19:45:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/25 19:45:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/25 19:45:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/25 19:45:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/25 19:45:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/25 19:45:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/25 19:45:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/25 19:45:44 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/25 19:45:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/25 19:45:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/25 19:45:44 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/25 19:45:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/25 19:44:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/25 19:44:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/25 19:44:28 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/25 19:44:26 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/25 19:44:26 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/25 19:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/07 11:20:57 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/08/07 11:00:57 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/07 11:00:57 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/07 11:00:57 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/07 10:56:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\XXXXXXXX\Desktop\OTL.exe
[2012/08/07 08:06:58 | 103,125,647 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/07 01:10:38 | 000,010,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 01:10:38 | 000,010,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 01:03:10 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/08/07 01:03:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/07 01:03:00 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/07 00:50:36 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/07 00:50:05 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\XXXXXXXX\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/05 23:25:37 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/08/05 23:25:37 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/08/01 17:37:47 | 000,626,667 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/30 18:09:52 | 000,001,108 | ---- | M] () -- C:\Users\XXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/30 18:09:42 | 000,000,928 | ---- | M] () -- C:\Users\XXXXXXXX\Desktop\NTREGOPT.lnk
[2012/07/30 18:09:42 | 000,000,909 | ---- | M] () -- C:\Users\XXXXXXXX\Desktop\ERUNT.lnk
[2012/07/25 19:55:51 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/25 19:55:51 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/25 19:54:13 | 000,292,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/25 19:51:03 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/07/25 19:51:03 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/07/25 19:51:03 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/07/25 19:51:03 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/07/25 19:51:03 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/07 01:03:10 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/08/07 00:50:36 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 18:09:52 | 000,001,108 | ---- | C] () -- C:\Users\XXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/07/30 18:09:42 | 000,000,928 | ---- | C] () -- C:\Users\XXXXXXXX\Desktop\NTREGOPT.lnk
[2012/07/30 18:09:42 | 000,000,909 | ---- | C] () -- C:\Users\XXXXXXXX\Desktop\ERUNT.lnk
[2012/06/06 11:27:39 | 000,000,218 | ---- | C] () -- C:\Users\XXXXXXXX\.recently-used.xbel
[2012/03/25 16:57:11 | 000,008,192 | ---- | C] () -- C:\Users\XXXXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/31 02:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/31 02:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/01/31 02:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/01/31 02:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/01/31 02:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/01/28 12:44:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/09/29 20:13:57 | 000,121,448 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/30 14:13:02 | 014,860,288 | ---- | C] () -- C:\ProgramData\sandra.mda
[2011/06/27 16:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/06/25 18:52:07 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/06/25 18:52:06 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/06/25 18:52:06 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/06/21 16:30:10 | 000,007,597 | ---- | C] () -- C:\Users\XXXXXXXX\AppData\Local\Resmon.ResmonCfg
[2011/06/19 23:25:49 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/19 23:25:49 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/16 16:28:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/16 16:17:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/06/16 16:17:13 | 000,032,070 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/08/07 10:01:24 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\.purple
[2011/06/28 14:53:25 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\Acronis
[2011/10/13 17:38:55 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\AVG2012
[2011/12/23 19:11:28 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\Canon
[2011/12/15 14:19:27 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\Day 1 Studios
[2011/07/15 15:37:52 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\EurekaLog
[2012/05/31 13:08:44 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\gtk-2.0
[2012/01/17 23:07:09 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\HTML Executable
[2011/06/22 23:12:10 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\IrfanView
[2012/01/28 12:44:45 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\MinMaxGames
[2011/06/16 23:20:56 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\OpenOffice.org
[2011/11/25 13:14:22 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\Origin
[2011/10/09 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\Philipp Winterberg
[2012/03/19 14:14:18 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\PhotoScape
[2012/03/22 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\Samsung
[2012/02/14 15:00:13 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\Stardock
[2012/07/03 15:50:14 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\Temp
[2011/06/16 21:00:45 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\Thunderbird
[2011/11/26 22:04:08 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXXX\AppData\Roaming\VshareComplete
[2012/08/07 01:03:10 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/10/23 14:36:12 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

ken545
2012-08-07, 14:20
HI,

WebTrendsLive <-- This is basically a tracking cookie and will come back as your surf the net


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

zennla
2012-08-08, 01:24
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\XXXXXXXX\Desktop\cmd.bat deleted successfully.
C:\Users\XXXXXXXX\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: XXXXXXXX
->Temp folder emptied: 1057182 bytes
->Temporary Internet Files folder emptied: 114170783 bytes
->Java cache emptied: 7668546 bytes
->FireFox cache emptied: 70018700 bytes
->Flash cache emptied: 188634 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62492 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 49125738442 bytes

Total Files Cleaned = 47,034.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08072012_225442

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




BTW, I just ran the Spybot S+D scan again and it still found the webtrends live.

ken545
2012-08-08, 03:46
Hi, where just dealing with tracking cookies, we can set you privacy a little tighter and see how it goes

Open IE, go to Tools, Internet Options, Privacy, Advanced, click in the box "Override automatic cookie handling", First-party Cookies select Prompt, Third-party cookies select Block. When those cookies try to install click block.

Your going to need the 64bit version

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:Regfind
webtrends live


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

zennla
2012-08-08, 14:25
Hi, actually, I don't use IE much. I browse much more with FF.

Anyway, here's the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:21 on 08/08/2012 by XXXXXXX
Administrator - Elevation successful

========== Regfind ==========

Searching for "webtrends live"
No data found.

-= EOF =-

ken545
2012-08-08, 19:14
Well, like i said there just tracking cookies, its not an infection.

Open FF and go to Tools > Options > Privacy Tab

1. Check Tell websites I do not want to be tracked
2. Clear your recent history
3. Remove individual Cookies > Remove all cookies

( You may want to go through your cookie list and keep the ones you need, unless you remember your passwords and log on info for sites you frequent you could prevent yourself from accessing those site )

Everything running ok ?

zennla
2012-08-09, 14:56
Hi, I followed your instructions.

Spybot is still finding webtrends.

ken545
2012-08-09, 19:16
Lets do this, first I may not have put the name in the search correctly with

Plug this into System Look

:Regfind
web trends live

There is a way to block tracking cookies with Spybot but I am at work and dont have access to Spybot on the computer I am on but will check later this evening

Then run this scanner

Please download SuperAntiSpyware Free (http://www.superantispyware.com/superantispyware.html)
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply

zennla
2012-08-09, 22:35
N.B. I ran SystemLook after running SUPERAntiSpyware.

SystemLook 30.07.11 by jpshortstuff
Log created at 20:33 on 09/08/2012 by XXXXXXX
Administrator - Elevation successful

========== Regfind ==========

Searching for "web trends live"
No data found.

-= EOF =-

zennla
2012-08-09, 22:36
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/09/2012 at 07:11 PM

Application Version : 5.5.1012

Core Rules Database Version : 9034
Trace Rules Database Version: 6846

Scan type : Quick Scan
Total Scan Time : 00:03:37

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 716
Memory threats detected : 0
Registry items scanned : 54113
Registry threats detected : 0
File items scanned : 11266
File threats detected : 105

Adware.Tracking Cookie
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxxxx@liveperson[3].txt [ /liveperson ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxxxx@revsci[2].txt [ /revsci ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxxxxxx@server.lon.liveperson[2].txt [ /server.lon.liveperson ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\7GEAUNHG.txt [ /www.media.barclays.co.uk ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\DVD963OI.txt [ /amazon-adsystem.com ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\P3ZHH7WC.txt [ /liveperson.net ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\8WP3HNY4.txt [ /invitemedia.com ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\JYKTHFYB.txt [ /ad.360yield.com ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\EZHOK739.txt [ /media6degrees.com ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\ZKC0JFOS.txt [ /imrworldwide.com ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\YGZ9C2WZ.txt [ /ru4.com ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\R4T2YAEA.txt [ /stats.paypal.com ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\JMFIMOAF.txt [ /at.atwola.com ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\P2QETV09.txt [ /revsci.net ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\YP320P07.txt [ /ads.adk2.com ]
C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft\Windows\Cookies\S2O061M6.txt [ /liveperson.net ]
C:\USERS\xxxxxxxxx\Cookies\7GEAUNHG.txt [ Cookie:xxxxxxxxx@www.media.barclays.co.uk/ ]
C:\USERS\xxxxxxxxx\Cookies\DVD963OI.txt [ Cookie:xxxxxxxxx@amazon-adsystem.com/ ]
C:\USERS\xxxxxxxxx\Cookies\P3ZHH7WC.txt [ Cookie:xxxxxxxxx@liveperson.net/hc/73500804 ]
C:\USERS\xxxxxxxxx\Cookies\EZHOK739.txt [ Cookie:xxxxxxxxx@media6degrees.com/ ]
C:\USERS\xxxxxxxxx\Cookies\ZKC0JFOS.txt [ Cookie:xxxxxxxxx@imrworldwide.com/cgi-bin ]
C:\USERS\xxxxxxxxx\Cookies\YGZ9C2WZ.txt [ Cookie:xxxxxxxxx@ru4.com/ ]
C:\USERS\xxxxxxxxx\Cookies\R4T2YAEA.txt [ Cookie:xxxxxxxxx@stats.paypal.com/ ]
C:\USERS\xxxxxxxxx\Cookies\P2QETV09.txt [ Cookie:xxxxxxxxx@revsci.net/ ]
C:\USERS\xxxxxxxxx\Cookies\S2O061M6.txt [ Cookie:xxxxxxxxx@liveperson.net/ ]
accounts.youtube.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjlyelczgfp.stats.esomniture.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.virginmedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
mediaservices-d.openxenterprise.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\xxxxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R4BZGJNF.DEFAULT\COOKIES.SQLITE ]

ken545
2012-08-10, 00:06
Read through this and it looks like you can op out of webtrendslive

http://www.mozilla.org/en-US/opt-out.html

zennla
2012-08-10, 00:45
OK, I'll read it later.

Many thanks for your time.:bigthumb:

ken545
2012-08-10, 22:45
Hi,

http://forums.spybot.info/showthread.php?t=288
Read Post 2, you should have read this already


If Spybot-S&D has detected items it cannot remove, please produce the top of the log showing the items flagged and the version of Spybot-S&D.
Please do not attempt to post the entire log as it won't fit in to the one post and is not needed unless requested.

The developers of Spybot would like to see what is and what is not removed


Read this also please
http://www.safer-networking.org/faq/why-do-other-anti-spyware-applications-appear-to-detect-so-many-more-tracking-cookies/

ken545
2012-08-13, 19:07
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.