Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: XP Malware Problem

  1. 2012-06-09, 04:08 #1
    roger.f
    roger.f is offline
    Member
    Join Date
    Sep 2009
    Posts
    93

    Default XP Malware Problem

    Hi, I need some help getting an XP computer cleansed. I have attempted to cleanse the machine using spybot and malwareByets anti-malware. Current symptoms is slow running and it seems like every time I run spybot, it finds the following:
    AdResolver
    Adviva
    BlueStreak
    BurstMedia
    CoreMetrics
    DoubleClick
    FastClick
    MediaPlex
    RIghtMedia
    Tradedoubler

    Spybot thinks it removes these items, but when I run spybot again, they are still there.

    1. Registery backed up with Erunt
    2. Spybot tea timer is off
    3. DDS log follows and attach.txt is attacked.

    Thank you so much…

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by WandaS at 18:51:13.75 on Fri 06/08/2012
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.648 [GMT -7:00]

    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Gamesbar\SearchEngineProtection.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Documents and Settings\WandaS\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\DoNotTrackPlus\IE\DNTPService.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\WandaS\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Do Not Track Plus: {6e45f3e8-2683-4824-a6be-08108022fb36} - c:\program files\donottrackplus\ie\DNTPAddon.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [SearchEngineProtection] c:\program files\gamesbar\SearchEngineProtection.exe
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
    mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
    mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    StartupFolder: c:\docume~1\wandas\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\wandas\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}
    IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ie\DNTPAddon.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
    DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://rap.mgmmirage.com/Citrix/ICAWEB/en/ica32/wficat.cab
    DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://las.mlxchange.com/5.5.08.25119/Control/IRCSharc.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\wandas\applic~1\mozilla\firefox\profiles\az4zki3k.default\
    FF - prefs.js: browser.search.selectedEngine - bing
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6f881&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\npjpi160_32.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\NPSWF32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-29 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-29 337880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-29 20696]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-29 44768]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-4-6 25824]
    R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-11-3 8704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-29 136176]
    S3 B-Service;B-Service;c:\documents and settings\wandas\local settings\temporary internet files\content.ie5\is1fxw44\b-service.exe --> c:\documents and settings\wandas\local settings\temporary internet files\content.ie5\is1fxw44\B-Service.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-29 136176]
    S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2008-9-18 24944]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    ============== File Associations ===============

    .txt=

    =============== Created Last 30 ================

    2012-05-24 18:10:19 0 d-----w- c:\program files\common files\xing shared
    2012-05-24 17:57:05 0 d-----w- c:\program files\DoNotTrackPlus
    2012-05-24 17:02:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-05-24 17:02:38 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

    ==================== Find3M ====================

    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-24 18:09:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-05-24 18:09:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-05-24 18:07:12 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-24 17:02:23 472864 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-16 08:29:58 871936 ----a-w- c:\windows\system32\GeacView.dll
    2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

    ============= FINISH: 18:51:54.06 ===============
  2. 2012-06-16, 14:57 #2
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR





    What Spybot is finding are just tracking cookies and can be deleted on a regular basis.
    Gamesbar is not malicious but does bring you adds via the tracking cookies





    Open up Malwarebytes and go to the Logs tab, open the last log and copy and paste it into this thread for me to see


    Nothing earth shattering on your DDS log

    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply
    Last edited by ken545; 2012-06-16 at 15:04.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2012-06-18, 07:22 #3
    roger.f
    roger.f is offline
    Member
    Join Date
    Sep 2009
    Posts
    93

    Default

    Actions requested are complete. See requested information below.
    Is there any way to immunize from the tracking cookies? I installed Do Not Track Plus. But I think it is causing trouble with some of my applications. The tracking cookies keep coming back almost instantly after they are removed and they slowdown the computer.

    is it ok to remove gamesbar through the control panel?

    Thank you so much...

    Roger



    ------------- Info -----------------------------------------

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3945

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/2/2010 7:41:15 PM
    mbam-log-2010-04-02 (19-41-15).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 199729
    Time elapsed: 37 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    --------------------------------------------------------------------------
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-17 21:52:12
    -----------------------------
    21:52:12.105 OS Version: Windows 5.1.2600 Service Pack 3
    21:52:12.105 Number of processors: 2 586 0x6B02
    21:52:12.105 ComputerName: WANDAS UserName: WandaS
    21:52:13.652 Initialize success
    21:52:13.902 AVAST engine defs: 12061701
    21:52:24.636 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    21:52:24.636 Disk 0 Vendor: ST3250410AS 3.AAF Size: 238474MB BusType: 3
    21:52:24.652 Disk 0 MBR read successfully
    21:52:24.652 Disk 0 MBR scan
    21:52:24.652 Disk 0 Windows XP default MBR code
    21:52:24.652 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
    21:52:24.652 Disk 0 scanning sectors +488376000
    21:52:24.714 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:52:31.245 Service scanning
    21:52:44.245 Modules scanning
    21:52:49.480 Disk 0 trace - called modules:
    21:52:49.511 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    21:52:49.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d29ab8]
    21:52:49.527 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000062[0x89d06f18]
    21:52:49.527 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d2b940]
    21:52:50.511 AVAST engine scan C:\WINDOWS
    21:52:58.136 AVAST engine scan C:\WINDOWS\system32
    21:55:28.417 AVAST engine scan C:\WINDOWS\system32\drivers
    21:55:49.636 AVAST engine scan C:\Documents and Settings\WandaS
    22:08:46.370 AVAST engine scan C:\Documents and Settings\All Users
    22:09:52.355 Scan finished successfully
    22:16:13.527 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\WandaS\Desktop\MBR.dat"
    22:16:13.527 The log file has been saved successfully to "C:\Documents and Settings\WandaS\Desktop\aswMBR.txt"
  4. 2012-06-18, 09:49 #4
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    Yes you can uninstall Gamesbar via Add Remove Programs in the Control Panel, you also have Avast Anti Virus installed and I am looking at the AVG Toolbar, AVG can go also.


    Do Not Track Plus <-- I am not familiar with this program but any program that you feel is giving you problems you should unintall.

    Tracking cookies can be removed manually about once a week, cookies are funny, if you block them all there are some sites that you wont be able to access.

    Open Internet Explorer and go to Tools > Internet Options > Privacy Tab and make sure the slider bar is at least set to Medium, you can make it stronger if you wish and see how that works, you can always reset it back if your unhappy with that setting

    aswMBR checks for rootkit activity and your log was fine

    Run this program and it will flush them all out

    Please download SuperAntiSpyware Free
    Install the program
    • Run SuperAntiSpyware and click: Check for updates
    • Once the update is finished, on the main screen, click: Scan your computer
    • Check: Perform Complete Scan
    • Click Next to start the scan.

    Superantispyware scans the computer, and when finished, lists all the infections found.
    Make sure everything found has a check next to it, and press: Next <-- Important
    Then, click Finish

    It is possible that the program asks to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    • Click: Preferences
    • Click the Statistics/Logs tab
    • Under Scanner Logs, double-click SuperAntiSpyware Scan Log
    It opens in your default text editor (such as Notepad)

    Please provide the SuperAntiSpyware log in your next reply




    Then lets take a deeper look into your system

    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2012-06-19, 06:13 #5
    roger.f
    roger.f is offline
    Member
    Join Date
    Sep 2009
    Posts
    93

    Default

    I removed the Gamesbar. But could not figure out how to remove the AVG Toolbar. I previously removed AVG through the control panel/add-remove programs option. At this point it does not show up in the list of candidate programs to remove. I checked the Internet Explorer add-on's as well as Firefox and could not find the AVG toolbar.

    Internet Explorer, Tools > Internet Options > Privacy Tab was already set to Medium.

    Requested information is posted below and the overflow in the next post.

    Thanks so much.... Roger

    ---------------------
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/18/2012 at 02:30 AM

    Application Version : 5.1.1002

    Core Rules Database Version : 8750
    Trace Rules Database Version: 6562

    Scan type : Complete Scan
    Total Scan Time : 01:16:59

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 602
    Memory threats detected : 0
    Registry items scanned : 38224
    Registry threats detected : 0
    File items scanned : 56265
    File threats detected : 123

    Adware.Tracking Cookie
    C:\Documents and Settings\WandaS\Cookies\wandas@winzip.122.2o7[1].txt [ /winzip.122.2o7 ]
    C:\Documents and Settings\WandaS\Cookies\FDA9MX7B.txt [ /pointroll.com ]
    C:\Documents and Settings\WandaS\Cookies\DVOJJO57.txt [ /amazon-adsystem.com ]
    C:\Documents and Settings\WandaS\Cookies\Z64DUG6R.txt [ /ad.wsod.com ]
    C:\Documents and Settings\WandaS\Cookies\DED51D3G.txt [ /ads.webkinz.com ]
    C:\Documents and Settings\WandaS\Cookies\3TZET375.txt [ /ads.m4internet.com ]
    C:\Documents and Settings\WandaS\Cookies\YWU7UW21.txt [ /accounts.youtube.com ]
    C:\Documents and Settings\WandaS\Cookies\QIINLGFJ.txt [ /adserver.adtechus.com ]
    C:\Documents and Settings\WandaS\Cookies\2KY9TWZ5.txt [ /ads.pointroll.com ]
    C:\Documents and Settings\WandaS\Cookies\H538P4GK.txt [ /collective-media.net ]
    C:\Documents and Settings\WandaS\Cookies\HASXRUZM.txt [ /accounts.google.com ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@specificclick[2].txt [ Cookie:larry@specificclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@dynamic.media.adrevolver[2].txt [ Cookie:larry@dynamic.media.adrevolver.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@2o7[1].txt [ Cookie:larry@2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@ads.pointroll[1].txt [ Cookie:larry@ads.pointroll.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@interclick[1].txt [ Cookie:larry@interclick.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@clicksmartaffiliates[2].txt [ Cookie:larry@clicksmartaffiliates.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@imrworldwide[2].txt [ Cookie:larry@imrworldwide.com/cgi-bin ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@specificmedia[1].txt [ Cookie:larry@specificmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@ads.bridgetrack[1].txt [ Cookie:larry@ads.bridgetrack.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@nextag[1].txt [ Cookie:larry@nextag.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@login.tracking101[2].txt [ Cookie:larry@login.tracking101.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@atwola[1].txt [ Cookie:larry@atwola.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@richmedia.yahoo[1].txt [ Cookie:larry@richmedia.yahoo.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@edge.ru4[1].txt [ Cookie:larry@edge.ru4.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@insightexpressai[1].txt [ Cookie:larry@insightexpressai.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@adinterax[1].txt [ Cookie:larry@adinterax.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@adopt.specificclick[2].txt [ Cookie:larry@adopt.specificclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@adultfriendfinder[1].txt [ Cookie:larry@adultfriendfinder.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@invitemedia[2].txt [ Cookie:larry@invitemedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@adserver.adtechus[1].txt [ Cookie:larry@adserver.adtechus.com/ ]
    C:\DOCUMENTS AND SETTINGS\LARRY\Cookies\larry@network.realmedia[2].txt [ Cookie:larry@network.realmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@atwola[2].txt [ Cookie:roger@atwola.com/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@adopt.specificclick[1].txt [ Cookie:roger@adopt.specificclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@microsoftwga.112.2o7[1].txt [ Cookie:roger@microsoftwga.112.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@nextag[2].txt [ Cookie:roger@nextag.com/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@dynamic.media.adrevolver[2].txt [ Cookie:roger@dynamic.media.adrevolver.com/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@server.iad.liveperson[3].txt [ Cookie:roger@server.iad.liveperson.net/hc/16241656 ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@revsci[1].txt [ Cookie:roger@revsci.net/adserver ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@www.googleadservices[1].txt [ Cookie:roger@www.googleadservices.com/pagead/conversion/1072501689/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@imrworldwide[2].txt [ Cookie:roger@imrworldwide.com/cgi-bin ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@apmebf[2].txt [ Cookie:roger@apmebf.com/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@microsoftoffice.112.2o7[1].txt [ Cookie:roger@microsoftoffice.112.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@mediaonenetwork[1].txt [ Cookie:roger@mediaonenetwork.net/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@google[5].txt [ Cookie:roger@google.com/accounts/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@media6degrees[1].txt [ Cookie:roger@media6degrees.com/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@specificmedia[1].txt [ Cookie:roger@specificmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@collective-media[1].txt [ Cookie:roger@collective-media.net/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@media.adrevolver[3].txt [ Cookie:roger@media.adrevolver.com/adrevolver/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@specificclick[1].txt [ Cookie:roger@specificclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@adinterax[1].txt [ Cookie:roger@adinterax.com/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@server.iad.liveperson[1].txt [ Cookie:roger@server.iad.liveperson.net/ ]
    C:\DOCUMENTS AND SETTINGS\ROGER\Cookies\roger@ads.pointroll[2].txt [ Cookie:roger@ads.pointroll.com/ ]
    C:\DOCUMENTS AND SETTINGS\WANDAS\Cookies\1DIHZO99.txt [ Cookie:wandas@google.com/accounts/ ]
    C:\DOCUMENTS AND SETTINGS\WANDAS\Cookies\2TZ54IF2.txt [ Cookie:wandas@www.google.com/accounts ]
    ads1.msn.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCFY6K38 ]
    interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCFY6K38 ]
    .msnportal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .specificmedia.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .akamai.interclickproxy.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\COOKIES.SQLITE ]
    acvs.mediaonenetwork.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YF5JSKWZ ]
    interclick.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YF5JSKWZ ]
    m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YF5JSKWZ ]
    findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    .a.findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    .a.findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    .findarticles.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    webtrack.bestsoftware.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    .chitika.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    .cgm.adbureau.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    adserv.legitreviews.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    .adopt.specificclick.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    .adopt.specificclick.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    .msnbc.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\COOKIES.SQLITE ]
    .winzip.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\WANDAS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\WANDAS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\WANDAS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\WANDAS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\WANDAS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZXCQ9DM3 ]

    Adware.ArcadeWeb
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
    C:\DOCUMENTS AND SETTINGS\DEFAULT USER\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
    C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
    C:\DOCUMENTS AND SETTINGS\LARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\23BS0LAG.DEFAULT\EXTENSIONS\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
    C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
    C:\DOCUMENTS AND SETTINGS\ROGER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RNLUH7AW.DEFAULT\EXTENSIONS\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
    C:\DOCUMENTS AND SETTINGS\WANDAS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HGAILGALDCHAJPKKMBJDLBIMHDNMMGLD\ARCADEWEBCHROME.DLL
    C:\DOCUMENTS AND SETTINGS\WANDAS\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL
    C:\DOCUMENTS AND SETTINGS\WANDAS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AZ4ZKI3K.DEFAULT\EXTENSIONS\TEXT_LINKS@ARCADEWEB.COM\COMPONENTS\ARCADEWEBFIREFOX.DLL

    Trojan.Agent/Gen-Gamevance
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{E9FFFE46-438A-4449-BEE1-6467BEA8B10E}\RP1362\A0099704.EXE
    ---------------------------
    OTL logfile created on: 6/18/2012 8:51:30 PM - Run 1
    OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\WandaS\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.87 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 61.03% Memory free
    3.72 Gb Paging File | 2.86 Gb Available in Paging File | 76.69% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 185.68 Gb Free Space | 79.74% Space Free | Partition Type: NTFS
    Drive X: | 1863.01 Gb Total Space | 1742.12 Gb Free Space | 93.51% Space Free | Partition Type: NTFS
    Drive Y: | 1863.01 Gb Total Space | 1742.12 Gb Free Space | 93.51% Space Free | Partition Type: NTFS
    Drive Z: | 1863.01 Gb Total Space | 1742.12 Gb Free Space | 93.51% Space Free | Partition Type: NTFS

    Computer Name: WANDAS | User Name: WandaS | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\WandaS\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Documents and Settings\WandaS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo)
    PRC - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
    PRC - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe ()
    PRC - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\defs\12061802\algo.dll ()
    MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
    MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
    MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
    MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll ()
    MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll ()
    MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll ()
    MOD - C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll ()
    MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll ()
    MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()
    MOD - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe ()
    MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll ()
    MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll ()
    MOD - C:\Program Files\Memeo\AutoBackup\sqlite3.dll ()
    MOD - C:\Program Files\Common Files\Memeo\ProfMan.dll ()
    MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


    ========== Win32 Services (SafeList) ==========

    SRV - (B-Service) -- C:\Documents and Settings\WandaS\Local Settings\Temporary Internet Files\Content.IE5\IS1FXW44\B-Service.exe File not found
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
    DRV - (GVTDrv) -- C:\WINDOWS\system32\drivers\GVTDrv.sys ()
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
    DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{79B0CD5F-1A71-4579-85BB-EE4150B9B542}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADBR_en
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{A4FD28B7-2EB8-4116-8FDC-2B33F161908D}: "URL" = http://ws.infospace.com/playsushi_tb...?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "bing"
    FF - prefs.js..browser.search.selectedEngine: "bing"
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
    FF - prefs.js..extensions.enabledItems: donottrackplus@abine.com:2.2.0.514
    FF - prefs.js..extensions.enabledItems: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc6f881&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/13 12:00:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/24 11:10:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/24 11:10:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/24 11:10:41 | 000,000,000 | ---D | M]

    [2008/10/18 23:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Extensions
    [2012/06/17 21:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Firefox\Profiles\az4zki3k.default\extensions
    [2010/10/11 14:24:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Firefox\Profiles\az4zki3k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/05/24 10:53:38 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Firefox\Profiles\az4zki3k.default\extensions\donottrackplus@abine.com
    [2011/12/09 18:33:27 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Firefox\Profiles\az4zki3k.default\extensions\text_links@arcadeweb.com
    [2012/06/17 21:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/05/24 10:02:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
    [2012/05/24 11:10:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2012/05/24 10:02:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012/05/24 11:09:56 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2011/12/09 18:58:21 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober628642703.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: ArcadeWeb Plugin (Enabled) = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: ArcadeWeb = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\
    CHR - Extension: avast! WebRep = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Gmail = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/05/07 14:32:17 | 000,442,934 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15221 more lines...
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
    O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
    O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\WandaS\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\WandaS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
    O9 - Extra Button: Do Not Track Plus (c) Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://rap.mgmmirage.com/Citrix/ICA...a32/wficat.cab (Citrix ICA Client)
    O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://las.mlxchange.com/5.5.08.2511...l/IRCSharc.cab (GeacRevw Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D8A7F33-8A32-4614-8F48-88FAE933315A}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\WandaS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\WandaS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/09/17 11:18:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/18 20:47:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WandaS\Desktop\OTL.exe
    [2012/06/18 11:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\corys resume 2012
    [2012/06/18 01:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Application Data\SUPERAntiSpyware.com
    [2012/06/18 01:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2012/06/18 01:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2012/06/18 01:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/06/18 01:11:09 | 017,902,896 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\WandaS\Desktop\SUPERAntiSpyware.exe
    [2012/06/17 21:50:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\WandaS\Desktop\aswMBR.exe
    [2012/06/12 08:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Temp
    [2012/06/08 18:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Reports
    [2012/06/08 18:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Wanda
    [2012/06/08 18:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Macy
    [2012/06/08 18:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/06/08 18:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2012/06/08 18:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Malware CleanUp
    [2012/05/24 11:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2012/05/24 11:10:05 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/05/24 11:09:52 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/05/24 11:09:52 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/05/24 11:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
    [2012/05/24 10:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Local Settings\Application Data\DoNotTrackPlus
    [2012/05/24 10:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\DoNotTrackPlus
    [2012/05/24 10:49:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WandaS\Recent
    [2012/05/24 10:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/05/24 10:02:38 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2012/05/24 10:02:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/05/24 10:02:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/05/24 10:02:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/05/24 10:02:38 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/05/24 10:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/18 20:47:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WandaS\Desktop\OTL.exe
    [2012/06/18 13:02:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd060a84673b90.job
    [2012/06/18 07:54:44 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1604221776-682003330-1005.job
    [2012/06/18 07:54:44 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1604221776-682003330-1006.job
    [2012/06/18 06:43:16 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/06/18 06:43:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/06/18 01:12:09 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/06/18 01:11:16 | 017,902,896 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\WandaS\Desktop\SUPERAntiSpyware.exe
    [2012/06/17 22:16:13 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\WandaS\Desktop\MBR.dat
    [2012/06/17 21:50:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\WandaS\Desktop\aswMBR.exe
    [2012/06/16 09:49:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1604221776-682003330-1006.job
    [2012/06/14 15:10:47 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\WandaS\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2012/06/14 11:11:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1604221776-682003330-1005.job
    [2012/06/12 19:32:46 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/06/08 18:53:33 | 000,004,901 | ---- | M] () -- C:\Documents and Settings\WandaS\Desktop\Attach.zip
    [2012/05/31 06:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
    [2012/05/24 11:10:05 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/05/24 11:09:52 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/05/24 11:09:52 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/05/24 11:09:51 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2012/05/24 11:07:12 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/05/24 11:07:12 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/05/24 10:02:24 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/05/24 10:02:24 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/05/24 10:02:24 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/05/24 10:02:24 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/05/24 10:02:23 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2012/05/24 10:02:23 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/18 01:12:09 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/06/17 22:16:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\WandaS\Desktop\MBR.dat
    [2012/06/08 18:53:33 | 000,004,901 | ---- | C] () -- C:\Documents and Settings\WandaS\Desktop\Attach.zip
    [2012/04/07 11:24:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\WandaS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/03/19 16:09:15 | 000,408,902 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1659004503-1604221776-682003330-1005-0.dat
    [2012/02/29 02:32:08 | 000,408,902 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/02/15 17:34:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/09/15 17:20:42 | 000,000,077 | ---- | C] () -- C:\WINDOWS\webica.ini

    ========== LOP Check ==========

    [2008/09/18 23:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
    [2011/07/29 11:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2008/12/16 14:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2012/04/13 23:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
    [2011/02/16 10:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/12/09 20:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
    [2008/09/18 19:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2011/12/09 20:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2010/01/07 16:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2008/09/23 18:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2008/09/21 00:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\ACT
    [2012/04/13 23:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Seagate
    [2008/09/18 22:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roger\Application Data\ACT
    [2008/09/18 22:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roger\Application Data\IsolatedStorage
    [2008/09/18 19:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roger\Application Data\ScanSoft
    [2008/09/19 10:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\ACT
    [2012/06/18 07:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\Dropbox
    [2011/09/15 17:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\ICAClient
    [2008/09/21 22:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\IsolatedStorage
    [2012/04/13 23:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\Memeo
    [2012/06/18 01:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\Oberon Media
    [2010/03/27 00:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\Research In Motion
    [2009/04/22 12:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\ScanSoft
    [2012/04/13 23:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\Seagate
    [2009/11/12 11:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WandaS\Application Data\SmartDraw

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:C64C2839

    < End of report >
  6. 2012-06-19, 06:17 #6
    roger.f
    roger.f is offline
    Member
    Join Date
    Sep 2009
    Posts
    93

    Default

    Overflow data from the previous post follows....

    Thanks again...

    ------------------------
    OTL Extras logfile created on: 6/18/2012 8:51:30 PM - Run 1
    OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\WandaS\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.87 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 61.03% Memory free
    3.72 Gb Paging File | 2.86 Gb Available in Paging File | 76.69% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 185.68 Gb Free Space | 79.74% Space Free | Partition Type: NTFS
    Drive X: | 1863.01 Gb Total Space | 1742.12 Gb Free Space | 93.51% Space Free | Partition Type: NTFS
    Drive Y: | 1863.01 Gb Total Space | 1742.12 Gb Free Space | 93.51% Space Free | Partition Type: NTFS
    Drive Z: | 1863.01 Gb Total Space | 1742.12 Gb Free Space | 93.51% Space Free | Partition Type: NTFS

    Computer Name: WANDAS | User Name: WandaS | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
    .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    jsfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Documents and Settings\WandaS\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\WandaS\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
    "C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe" = C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe:*:Enabled:SeagateHipServAgent -- (Axentra Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{04A8C405-7DCC-4D12-9A69-02C063CC80D6}" = Aurigma Image Uploader 6.5 Redistributable
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
    "{12BA4B30-873F-4F14-BB3A-2C0EF8C3A6C7}" = BlackBerry Device Software v4.6.0 for the BlackBerry 8220 smartphone
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{39822393-2324-4705-9010-1AB76DA144A2}" = BlackBerry Desktop Software 4.6
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
    "{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7F04B272-E0DD-47E7-8B55-D97483DB0EBD}" = hp LaserJet 1160/1320 series
    "{8410B358-107A-4FB7-AB2B-6FD952F15A8F}" = Nero 8 Essentials
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{90B5E602-1867-449D-86FD-FC9DEA4434BF}" = HP Software Update
    "{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
    "{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
    "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{EB3DF81F-5E70-4722-9D99-C1FC3EEF4DE1}" = Roxio Media Manager
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "avast" = avast! Free Antivirus
    "BlackBerry_{39822393-2324-4705-9010-1AB76DA144A2}" = BlackBerry Desktop Software 4.6
    "CCleaner" = CCleaner
    "Citrix ICA Web Client" = Citrix ICA Web Client
    "Do Not Track Plus Add-on_is1" = Do Not Track Plus Add-on 2.2.0.514
    "ERUNT_is1" = ERUNT 1.1j
    "Google Chrome" = Google Chrome
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PokerStars.net" = PokerStars.net
    "PUBLISHERR" = Microsoft Office Publisher 2007
    "RealPlayer 15.0" = RealPlayer
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "GoToMeeting" = GoToMeeting 5.1.0.873
    "SmartDraw 2010" = SmartDraw 2010

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 4/21/2012 2:46:37 AM | Computer Name = WANDAS | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/25/2012 12:38:03 PM | Computer Name = WANDAS | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 5/16/2012 4:51:04 AM | Computer Name = WANDAS | Source = .NET Runtime Optimization Service | ID = 1103
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Tried to start a service that wasn't the latest version of CLR Optimization service.
    Will shutdown

    Error - 5/31/2012 8:01:56 PM | Computer Name = WANDAS | Source = Application Hang | ID = 1002
    Description = Hanging application AcroRd32.exe, version 9.5.1.283, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/2/2012 12:18:50 AM | Computer Name = WANDAS | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/4/2012 11:11:18 PM | Computer Name = WANDAS | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module mshtml.dll, version 8.0.6001.19222, fault address 0x000b9e68.

    Error - 6/12/2012 12:27:20 AM | Computer Name = WANDAS | Source = Application Hang | ID = 1002
    Description = Hanging application AcroRd32.exe, version 9.5.1.283, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 6/18/2012 4:08:27 AM | Computer Name = WANDAS | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 6/18/2012 4:08:27 AM | Computer Name = WANDAS | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 6/18/2012 3:58:31 PM | Computer Name = WANDAS | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 6/17/2012 8:46:09 PM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    DANIDELL that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
    is being forced.

    Error - 6/17/2012 9:54:07 PM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    DANIDELL that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
    is being forced.

    Error - 6/17/2012 10:57:45 PM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    DANIDELL that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
    is being forced.

    Error - 6/18/2012 12:06:00 AM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    DANIDELL that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
    is being forced.

    Error - 6/18/2012 1:06:02 AM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    DANIDELL that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
    is being forced.

    Error - 6/18/2012 3:15:22 AM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    DANIDELL that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
    is being forced.

    Error - 6/18/2012 9:43:15 AM | Computer Name = WANDAS | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.0.123 for the Network Card with network
    address 001FD05E4C01 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/18/2012 9:46:13 AM | Computer Name = WANDAS | Source = Service Control Manager | ID = 7009
    Description = Timeout (120000 milliseconds) waiting for the Roxio Hard Drive Watcher
    9 service to connect.

    Error - 6/18/2012 4:08:03 PM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    DANIDELL that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
    is being forced.

    Error - 6/18/2012 11:06:55 PM | Computer Name = WANDAS | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    DANIDELL that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{5D8A7F33-8A32-4614-. The master browser is stopping or an election
    is being forced.


    < End of report >
  7. 2012-06-19, 10:20 #7
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    This will remove remnants of the AVG toolbar, you can also run there removal tool after the fix to make sure its all removed

    Try one of these sites
    http://www.avg.com/us-en/download-tools
    http://download.avg.com/filedir/util..._2011_1322.exe




    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :processes
killallprocesses


:OTL
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc6f881&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
O3 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.


:Services

:Reg

:Files
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces.
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  8. 2012-06-19, 12:34 #8
    roger.f
    roger.f is offline
    Member
    Join Date
    Sep 2009
    Posts
    93

    Default

    Performed all actions as requested. See logs below.

    Thank you so much.
    Roger

    ---------------------
    All processes killed
    ========== PROCESSES ==========
    ========== OTL ==========
    Prefs.js: "http://search.avg.com/route/?d=4cc6f881&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=" removed from keyword.URL
    Registry value HKEY_USERS\S-1-5-21-1659004503-1604221776-682003330-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1659004503-1604221776-682003330-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\WandaS\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\WandaS\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore point Set: OTL Restore Point

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Larry
    ->Temp folder emptied: 1426625 bytes
    ->Temporary Internet Files folder emptied: 103591298 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 46440913 bytes
    ->Flash cache emptied: 1920 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 489604 bytes

    User: Roger
    ->Temp folder emptied: 866341882 bytes
    ->Temporary Internet Files folder emptied: 146253924 bytes
    ->FireFox cache emptied: 71540302 bytes
    ->Flash cache emptied: 1555 bytes

    User: WandaS
    ->Temp folder emptied: 11156477 bytes
    ->Temporary Internet Files folder emptied: 554440340 bytes
    ->Java cache emptied: 137546517 bytes
    ->FireFox cache emptied: 113138075 bytes
    ->Google Chrome cache emptied: 6465993 bytes
    ->Flash cache emptied: 42594 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2402044 bytes
    %systemroot%\System32 .tmp files removed: 1162769 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16384 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 236764302 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 34891518 bytes

    Total Files Cleaned = 2,226.00 mb


    OTL by OldTimer - Version 3.2.49.0 log created on 06192012_030748

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    ------------------- new scan results -------------------------
    OTL logfile created on: 6/19/2012 3:22:29 AM - Run 2
    OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\WandaS\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.87 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 45.47% Memory free
    3.72 Gb Paging File | 2.72 Gb Available in Paging File | 73.08% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 199.11 Gb Free Space | 85.50% Space Free | Partition Type: NTFS

    Computer Name: WANDAS | User Name: WandaS | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\WandaS\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Documents and Settings\WandaS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo)
    PRC - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
    PRC - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe ()
    PRC - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
    MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
    MOD - C:\Program Files\AVAST Software\Avast\defs\12061900\algo.dll ()
    MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
    MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll ()
    MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll ()
    MOD - C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll ()
    MOD - C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll ()
    MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll ()
    MOD - C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()
    MOD - C:\Program Files\Memeo\AutoBackup\InstantBackup.exe ()
    MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll ()
    MOD - C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll ()
    MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
    MOD - C:\Program Files\Memeo\AutoBackup\sqlite3.dll ()
    MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


    ========== Win32 Services (SafeList) ==========

    SRV - (B-Service) -- C:\Documents and Settings\WandaS\Local Settings\Temporary Internet Files\Content.IE5\IS1FXW44\B-Service.exe File not found
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
    DRV - (GVTDrv) -- C:\WINDOWS\system32\drivers\GVTDrv.sys ()
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
    DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{79B0CD5F-1A71-4579-85BB-EE4150B9B542}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADBR_en
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\SearchScopes\{A4FD28B7-2EB8-4116-8FDC-2B33F161908D}: "URL" = http://ws.infospace.com/playsushi_tb...?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
    IE - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "bing"
    FF - prefs.js..browser.search.selectedEngine: "bing"
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
    FF - prefs.js..extensions.enabledItems: donottrackplus@abine.com:2.2.0.514
    FF - prefs.js..extensions.enabledItems: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/13 12:00:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/24 11:10:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/24 11:10:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/24 11:10:41 | 000,000,000 | ---D | M]

    [2008/10/18 23:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Extensions
    [2012/06/18 21:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Firefox\Profiles\az4zki3k.default\extensions
    [2010/10/11 14:24:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Firefox\Profiles\az4zki3k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/05/24 10:53:38 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Firefox\Profiles\az4zki3k.default\extensions\donottrackplus@abine.com
    [2011/12/09 18:33:27 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Documents and Settings\WandaS\Application Data\Mozilla\Firefox\Profiles\az4zki3k.default\extensions\text_links@arcadeweb.com
    [2012/06/17 21:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/05/24 10:02:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
    [2012/05/24 11:10:14 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2012/05/24 10:02:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012/05/24 11:09:56 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2011/12/09 18:58:21 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober628642703.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: ArcadeWeb Plugin (Enabled) = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: ArcadeWeb = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\
    CHR - Extension: avast! WebRep = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Gmail = C:\Documents and Settings\WandaS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/06/19 03:07:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
    O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
    O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\WandaS\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\WandaS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1659004503-1604221776-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
    O9 - Extra Button: Do Not Track Plus (c) Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://rap.mgmmirage.com/Citrix/ICA...a32/wficat.cab (Citrix ICA Client)
    O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://las.mlxchange.com/5.5.08.2511...l/IRCSharc.cab (GeacRevw Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D8A7F33-8A32-4614-8F48-88FAE933315A}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\WandaS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\WandaS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/09/17 11:18:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/19 03:07:48 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/06/19 03:05:42 | 001,163,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\WandaS\Desktop\avg_remover_stf_x86_2011_1322.exe
    [2012/06/18 20:47:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WandaS\Desktop\OTL.exe
    [2012/06/18 11:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\corys resume 2012
    [2012/06/18 01:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Application Data\SUPERAntiSpyware.com
    [2012/06/18 01:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2012/06/18 01:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2012/06/18 01:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/06/18 01:11:09 | 017,902,896 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\WandaS\Desktop\SUPERAntiSpyware.exe
    [2012/06/17 21:50:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\WandaS\Desktop\aswMBR.exe
    [2012/06/12 08:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Temp
    [2012/06/08 18:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Reports
    [2012/06/08 18:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Wanda
    [2012/06/08 18:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Macy
    [2012/06/08 18:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/06/08 18:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2012/06/08 18:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Desktop\Malware CleanUp
    [2012/05/24 11:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2012/05/24 11:10:05 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/05/24 11:09:52 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/05/24 11:09:52 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/05/24 11:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
    [2012/05/24 10:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WandaS\Local Settings\Application Data\DoNotTrackPlus
    [2012/05/24 10:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\DoNotTrackPlus
    [2012/05/24 10:49:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WandaS\Recent
    [2012/05/24 10:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/05/24 10:02:38 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2012/05/24 10:02:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/05/24 10:02:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/05/24 10:02:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/05/24 10:02:38 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/05/24 10:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java

    ========== Files - Modified Within 30 Days ==========

    [2012/06/19 03:15:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd060a84673b90.job
    [2012/06/19 03:15:06 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1604221776-682003330-1005.job
    [2012/06/19 03:15:06 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1604221776-682003330-1006.job
    [2012/06/19 03:14:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/06/19 03:07:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2012/06/19 03:05:42 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\WandaS\Desktop\avg_remover_stf_x86_2011_1322.exe
    [2012/06/18 20:47:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WandaS\Desktop\OTL.exe
    [2012/06/18 06:43:16 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/06/18 01:12:09 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/06/18 01:11:16 | 017,902,896 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\WandaS\Desktop\SUPERAntiSpyware.exe
    [2012/06/17 22:16:13 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\WandaS\Desktop\MBR.dat
    [2012/06/17 21:50:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\WandaS\Desktop\aswMBR.exe
    [2012/06/16 09:49:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1604221776-682003330-1006.job
    [2012/06/14 15:10:47 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\WandaS\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2012/06/14 11:11:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1604221776-682003330-1005.job
    [2012/06/12 19:32:46 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/06/08 18:53:33 | 000,004,901 | ---- | M] () -- C:\Documents and Settings\WandaS\Desktop\Attach.zip
    [2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
    [2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
    [2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
    [2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
    [2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
    [2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
    [2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
    [2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
    [2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
    [2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
    [2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
    [2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
    [2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
    [2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
    [2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
    [2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
    [2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
    [2012/05/31 06:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
    [2012/05/24 11:10:05 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/05/24 11:09:52 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/05/24 11:09:52 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/05/24 11:09:51 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2012/05/24 11:07:12 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/05/24 11:07:12 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/05/24 10:02:24 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2012/05/24 10:02:24 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2012/05/24 10:02:24 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2012/05/24 10:02:24 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2012/05/24 10:02:23 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2012/05/24 10:02:23 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

    ========== Files Created - No Company Name ==========

    [2012/06/18 01:12:09 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/06/17 22:16:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\WandaS\Desktop\MBR.dat
    [2012/06/08 18:53:33 | 000,004,901 | ---- | C] () -- C:\Documents and Settings\WandaS\Desktop\Attach.zip
    [2012/04/07 11:24:57 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\WandaS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/03/19 16:09:15 | 000,408,902 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1659004503-1604221776-682003330-1005-0.dat
    [2012/02/29 02:32:08 | 000,408,902 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/02/15 17:34:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/09/15 17:20:42 | 000,000,077 | ---- | C] () -- C:\WINDOWS\webica.ini

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:C64C2839

    < End of report >
  9. 2012-06-19, 13:11 #9
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Things running ok ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  10. 2012-06-20, 09:49 #10
    roger.f
    roger.f is offline
    Member
    Join Date
    Sep 2009
    Posts
    93

    Default

    Yes, Things are running good! Thank you so much. I do have a couple of questions...
    (1) things seem to be greatly improved, what exactly did we remove and what can I do to prevent occurrence?
    (2) Any more suggestions for dealing with the tracking cookies? Perhaps I should use a higher setting in the IE privacy tab and then make exceptions for sites that I utilize. But that only partially works because some of the biggest tracking sites are common sites like Google and Yahoo.
    (3) I have other computers that are in similar conditions as this one was in. Is there a standard procedure I can utilize to check and tune-up these machines without utilizing valuable time of wonderful experts like you. If I can run a standard procedure and then only utilize your time if I find something that requires more expertise. Then I would feel better about asking for help.
    (4) for maintenance am I good running Avast and spybot (without tea-timer) as required? Do you recommend anything else?

    Thank you so much...

    Regards,

    Roger
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules