PDA

View Full Version : Click.GiftLoad and a System Restore -- Am I Clean?



SaDiablo
2011-04-13, 23:04
Hi, y'all,

I started a post about this last night (here (http://forums.spybot.info/showthread.php?p=401065#post401065)), but there's been new developments so I thought I should start a new thread.

This morning, I couldn't log into Windows. I don't know if it truly was a Windows product (doubtful), but there was something called "Windows Advanced Security" that was preventing me from getting to my desktop.
After log in and waiting, this box would pop up wanting me to "activate" (ie, pay $90 for) the service because my "system was compromised." The first time it happened, I was able to use taskmanager to get rid of it and get to my desktop, but after restarting the system I couldn't get it to go away.

Fortunately, I was able to system restore back to a point I hoped was clean. So far, so good: I haven't had any problems since the restore. I'd still like someone to take a look at my log to see if there's anything lurking I should be aware of.

Thanks, guys!

<--- DDS Log Here --->
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jennifer Bowe at 15:58:01.35 on Wed 04/13/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.827 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lunabar\Lunabar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jennifer Bowe\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://google.com
uWindow Title = IE
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Neopets: {cd292324-974f-4224-d074-caca427aa030} - c:\progra~1\neopets\toolbar\Toolbar.dll
TB: Neopets: {cd292324-974f-4224-d074-caca427aa030} - c:\progra~1\neopets\toolbar\Toolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)" -"http://www.nickjr.com/kids-games/little-bears-dress-up.html"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\jennif~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\lunaba~1.lnk - c:\program files\lunabar\Lunabar.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?p=GRman000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-30 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-4-4 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-28 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-18 517448]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-12 18:40:06 -------- d-----w- C:\_OTL
2011-04-12 10:46:06 -------- d-----w- C:\Temp
2011-04-12 10:46:04 232916 ---h--w- c:\temp\ee896009-2241-4d1a-94b7-8f476921cf1c\OfferApp-2538.exe
2011-04-04 07:54:26 -------- d-----w- c:\users\jennif~1\appdata\roaming\GestaltGames
2011-04-04 07:54:26 -------- d-----w- c:\progra~2\GestaltGames
2011-04-02 06:46:05 -------- d-----w- c:\progra~2\Kristanix Games
2011-04-02 01:32:16 -------- d-----w- c:\users\jennif~1\appdata\roaming\Sanna
2011-04-02 01:31:33 -------- d-----w- c:\progra~2\The Legend of Sanna - Rise of a Great Colony
2011-03-21 07:20:40 -------- d-----w- c:\users\jennif~1\appdata\roaming\Phantasmat_wildgames_se
.
==================== Find3M ====================
.
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
.
============= FINISH: 15:59:05.68 ===============

<--- End DDS Log --->

Dakeyras
2011-04-15, 21:29
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Scan with OTL:

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to your Desktop.

Alternate downloads are here (http://oldtimer.geekstogo.com/OTL.com) and here (http://oldtimer.geekstogo.com/OTL.scr).

Right-click on OTL.exe and select Run as Administrator to start OTL.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

SaDiablo
2011-04-18, 22:51
So thankful this thread hasn't been closed! Due circumstances, I completely forgot to check it over the weekend. Thank you so much, Dakeyras, for looking at my problem. :)

I haven't had any symptoms since the restore. Both AVG and Spybot have come up clean, and there's nothing in HJT that I don't recognize. I've been keeping offline, though, except to check my mail for replies from here.

Running OTL now, will post the logs ASAP.
Thanks again!

Dakeyras
2011-04-18, 22:57
OK/you're welcome! :)

SaDiablo
2011-04-18, 23:01
<--- OTL Log Here --->

OTL logfile created on: 4/18/2011 3:58:01 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jennifer Bowe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 68.97 Gb Free Space | 49.04% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.80 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
Drive F: | 372.52 Gb Total Space | 276.07 Gb Free Space | 74.11% Space Free | Partition Type: FAT32

Computer Name: SEAMUS | User Name: Jennifer Bowe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jennifer Bowe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Lunabar\Lunabar.exe (Infra-Azure Labs)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Jennifer Bowe\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (stllssvr) -- File not found
SRV - (RoxMediaDB9) -- File not found
SRV - (IDriverT) -- File not found
SRV - (hpqcxs08) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Company)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (FlyUsb) -- C:\WINDOWS\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
IE - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/13 14:30:38 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/02/20 12:36:57 | 000,431,617 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 .supercocklol.com
O1 - Hosts: 127.0.0.1 www..webloyalty.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 14858 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Users\Jennifer Bowe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lunabar Taskbar Icon.lnk = C:\Program Files\Lunabar\Lunabar.exe (Infra-Azure Labs)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://mpsnare.iesnare.com/StmOCX.cab (Stm Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.76.227.40 208.180.42.68
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jennifer Bowe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jennifer Bowe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/18 15:43:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer Bowe\Desktop\OTL.exe
[2011/04/13 16:23:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/13 16:17:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/04/13 16:17:50 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/13 16:17:45 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/13 16:17:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/13 16:17:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/13 16:17:36 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/13 16:17:36 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/13 16:17:36 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/13 16:17:36 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/13 16:17:36 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/13 16:17:36 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/13 16:17:36 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/13 16:17:36 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/13 16:17:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/13 16:17:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/13 16:17:36 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/13 16:17:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/13 16:17:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/13 16:17:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/13 16:17:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/13 16:17:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/13 16:16:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/13 16:16:51 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/13 16:16:51 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/13 16:16:48 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/13 16:16:48 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/13 16:16:46 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/13 01:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/12 14:40:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/12 07:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/04/12 06:46:06 | 000,000,000 | ---D | C] -- C:\Temp
[2011/04/04 03:54:26 | 000,000,000 | ---D | C] -- C:\Users\Jennifer Bowe\AppData\Roaming\GestaltGames
[2011/04/04 03:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\GestaltGames
[2011/04/02 02:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kristanix Games
[2011/04/01 21:32:16 | 000,000,000 | ---D | C] -- C:\Users\Jennifer Bowe\AppData\Roaming\Sanna
[2011/04/01 21:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
[2011/03/21 03:20:40 | 000,000,000 | ---D | C] -- C:\Users\Jennifer Bowe\AppData\Roaming\Phantasmat_wildgames_se
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/18 15:49:02 | 000,000,000 | ---- | M] () -- C:\Users\Jennifer Bowe\AppData\Local\prvlcl.dat
[2011/04/18 15:46:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 15:43:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer Bowe\Desktop\OTL.exe
[2011/04/18 15:41:20 | 112,735,522 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/18 15:37:56 | 000,064,469 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/18 15:37:56 | 000,064,469 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/18 15:37:55 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 15:37:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/17 19:46:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/17 19:46:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/17 18:22:49 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E589315-E2B8-4BBB-9AF0-0EED74048859}.job
[2011/04/16 16:56:09 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/16 16:56:09 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/13 16:40:24 | 000,429,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/13 15:45:27 | 000,625,664 | ---- | M] () -- C:\Users\Jennifer Bowe\Desktop\dds.scr
[2011/03/27 20:17:57 | 000,002,611 | ---- | M] () -- C:\Users\Jennifer Bowe\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2011/03/27 02:52:49 | 000,358,697 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/03/26 19:51:02 | 000,001,643 | ---- | M] () -- C:\Users\Jennifer Bowe\Application Data\Microsoft\Internet Explorer\Quick Launch\Character Map (2).lnk
[2011/03/21 12:56:05 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/13 15:45:23 | 000,625,664 | ---- | C] () -- C:\Users\Jennifer Bowe\Desktop\dds.scr
[2011/03/26 19:51:02 | 000,001,643 | ---- | C] () -- C:\Users\Jennifer Bowe\Application Data\Microsoft\Internet Explorer\Quick Launch\Character Map (2).lnk
[2011/02/08 09:57:47 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\prvlcl.dat
[2010/11/22 23:10:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/22 23:09:58 | 000,024,206 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Roaming\UserTile.png
[2010/06/20 17:42:55 | 000,000,001 | -H-- | C] () -- C:\Windows\bk23567.dat
[2010/06/20 17:42:49 | 000,000,002 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\0995154505553.xxe
[2010/06/20 17:42:45 | 000,000,002 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\0535049569854.xxe
[2010/03/17 13:20:33 | 000,004,249 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/11 04:09:03 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/26 17:00:21 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/07/05 23:01:59 | 000,002,653 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/06/01 19:48:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/01 19:48:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/12/26 04:37:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/12/22 18:02:44 | 000,064,469 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/22 18:02:44 | 000,064,469 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/06 17:56:11 | 000,003,740 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Roaming\wklnhst.dat
[2008/10/21 16:52:26 | 000,121,326 | ---- | C] () -- C:\Windows\hpoins15.dat
[2008/10/21 16:52:26 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2008/09/18 18:00:08 | 000,009,216 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/23 21:34:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/16 12:17:46 | 000,000,680 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\d3d9caps.dat
[2008/05/23 20:57:00 | 000,000,027 | ---- | C] () -- C:\Windows\SmAudio.INI
[2008/05/08 03:00:13 | 000,164,352 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/05/08 03:00:13 | 000,012,325 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Jardinains!.dat
[2008/05/06 04:18:38 | 000,000,039 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008/04/04 06:46:14 | 000,056,597 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Roaming\nvModes.001
[2008/04/04 06:46:13 | 000,056,597 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Roaming\nvModes.dat
[2007/08/04 06:53:25 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/04 05:35:06 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,429,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:3D857D30
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5CF48ABF
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:204C7BBB

< End of report >

SaDiablo
2011-04-18, 23:03
<---OTL Extras Log Here --->

OTL Extras logfile created on: 4/18/2011 3:58:01 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jennifer Bowe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 68.97 Gb Free Space | 49.04% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.80 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
Drive F: | 372.52 Gb Total Space | 276.07 Gb Free Space | 74.11% Space Free | Partition Type: FAT32

Computer Name: SEAMUS | User Name: Jennifer Bowe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3848025758-3258170917-2156027094-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{70B41DCB-E655-4F5D-82A2-ED70EF46B6FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{290BC50B-D9F2-4CAE-A443-8884C8576D6F}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{45354A2A-177B-476A-A49A-6A9F3772DA10}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{4A7D4F67-14AD-41F9-B21B-10C37FB5B6D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4AE5DC54-8F43-4EEF-BB1C-4F12103C2406}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{5D4F7290-2429-4FF7-A7DB-630369702C22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{616FCC14-60B0-42F7-A0E7-36EC1C4E6BD3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{852F3192-60CE-44D7-98A0-5D94E28BAE0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8CF565ED-388A-4452-B5BB-70275D447463}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{90F99FE4-8926-4ADB-8E84-E0E1B8C93F9A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{9FE30132-4168-4855-9B0F-725DFD550435}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{A7B69B7A-2561-4556-86B9-96B816180696}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C826EA13-64DC-4335-BCB6-D836117513CE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C8E88454-1935-486D-BC9C-CDCDF5A90DC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5E800E1-D737-484E-A149-391DD7A52677}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"TCP Query User{0DD4CBFB-D8D8-4E57-ACB8-17FD6A373C6B}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{6727413C-27B3-41FF-AA99-E35675E7E79E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{85267DE9-F8A8-40A5-BE57-CDB5E60CC9F3}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{CA5C6AEB-FF71-453F-8AF3-71C0A2CC3D32}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D503B8E-97E3-45B7-96CB-4936269B902C}" = Better Homes and Gardens Home Designer 7.0
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{500F4A70-6965-C255-2385-2C9EE86D641E}" = PBS KIDS PLAY!
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D8D04547-ECFA-45BE-B676-042AF8FD3F57}_is1" = StarLove
"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Astro123_is1" = Astro123 v1.62
"AstroWin_is1" = AstroWin v3.62
"AVG" = AVG 2011
"Azureus Vuze" = Azureus Vuze
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"Horary Helper_is1" = Horary Helper v5.00
"Jardinains!" = Jardinains!
"Lunabar_is1" = Lunabar
"MatchMkr_is1" = MatchMkr v1.29
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Neopets" = Neopets
"NVIDIA Drivers" = NVIDIA Drivers
"PKP-AIR.E1CA2DA223DC5B169679FE7ED011F56FF6BC1819.1" = PBS KIDS PLAY!
"Platypus_is1" = Platypus
"PROR" = Microsoft Office Professional 2007
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"WildTangent hp Master Uninstall" = HP Games
"WildTangent hplaptop Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"WTA-014e8b24-c309-44c5-a8d2-d690feabb62c" = Chuzzle Deluxe
"WTA-2503678a-70cc-49e7-bff3-c1c24b500731" = Super Yum Yum: Puzzle Adventures
"WTA-3237eb9c-76f4-4311-94ac-245e8923523e" = Max and the Magic Marker
"WTA-551c14fb-c510-4f28-8a20-6797796c9ebb" = Sparkle
"WTA-67652a84-b831-4b89-8e30-1e77fd45f78d" = Phantasmat
"WTA-69a54143-a0cc-4c55-a479-9ca2a85bd1e8" = Oceanis
"WTA-9036a889-21f5-4df9-86e9-279f70015b05" = Dora Saves the Snow Princess
"WTA-9e6f5db9-a2c9-41e1-ac6c-f945310b7543" = Hunting Unlimited 2010
"WTA-9eba3e80-8726-4bc2-9c26-48168fe655be" = World Mosaics 4
"WTA-ff9afc27-19c6-40d3-940b-96cbc17e0558" = Hodgepodge Hollow: A Potions Primer
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3848025758-3258170917-2156027094-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2011 10:44:49 PM | Computer Name = Seamus | Source = EventSystem | ID = 4609
Description =

Error - 4/13/2011 12:24:39 AM | Computer Name = Seamus | Source = Application Hang | ID = 1002
Description = The program AS2011.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: d14 Start Time: 01cbf991f895d519 Termination Time: 10

Error - 4/13/2011 12:55:30 AM | Computer Name = Seamus | Source = Application Hang | ID = 1002
Description = The program rundll32.exe version 6.0.6000.16386 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 125c Start Time: 01cbf996d9f5b4e9 Termination Time: 16

Error - 4/13/2011 1:06:57 AM | Computer Name = Seamus | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 4/13/2011 1:46:27 AM | Computer Name = Seamus | Source = Application Hang | ID = 1002
Description = The program AS2011.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: c94 Start Time: 01cbf99dd44fdb32 Termination Time: 1435

Error - 4/13/2011 1:47:06 AM | Computer Name = Seamus | Source = Application Hang | ID = 1002
Description = The program AS2011.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 119c Start Time: 01cbf99e1a4f4a32 Termination Time: 31

Error - 4/13/2011 2:38:50 AM | Computer Name = Seamus | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc000071b, fault offset 0x00088d15, process id 0x514, application
start time 0x01cbf99dac7a09a0.

Error - 4/13/2011 1:37:53 PM | Computer Name = Seamus | Source = Application Hang | ID = 1002
Description = The program AS2011.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: dfc Start Time: 01cbfa01595e0225 Termination Time: 15

Error - 4/13/2011 1:57:14 PM | Computer Name = Seamus | Source = Application Hang | ID = 1002
Description = The program AS2011.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 7d0 Start Time: 01cbfa02906b0f56 Termination Time: 93

Error - 4/13/2011 4:32:08 PM | Computer Name = Seamus | Source = .NET Runtime Optimization Service | ID = 1101
Description =

[ OSession Events ]
Error - 11/18/2008 12:38:02 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 342245
seconds with 3840 seconds of active time. This session ended with a crash.

Error - 10/10/2009 3:12:47 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2129
seconds with 1620 seconds of active time. This session ended with a crash.

Error - 10/18/2009 7:13:21 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4202
seconds with 2400 seconds of active time. This session ended with a crash.

Error - 11/21/2009 2:34:26 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1926
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 11/28/2009 3:37:13 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 560
seconds with 540 seconds of active time. This session ended with a crash.

Error - 8/12/2010 5:12:26 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/25/2011 5:19:09 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/10/2008 1:22:14 PM | Computer Name = Seamus | Source = HTTP | ID = 15016
Description =

Error - 12/10/2008 1:22:23 PM | Computer Name = Seamus | Source = Service Control Manager | ID = 7000
Description =

Error - 12/10/2008 3:23:37 PM | Computer Name = Seamus | Source = HTTP | ID = 15016
Description =

Error - 12/10/2008 3:23:50 PM | Computer Name = Seamus | Source = Service Control Manager | ID = 7000
Description =

Error - 12/11/2008 12:35:33 AM | Computer Name = Seamus | Source = HTTP | ID = 15016
Description =

Error - 12/11/2008 12:35:47 AM | Computer Name = Seamus | Source = Service Control Manager | ID = 7000
Description =

Error - 12/11/2008 4:32:26 AM | Computer Name = Seamus | Source = HTTP | ID = 15016
Description =

Error - 12/11/2008 4:32:40 AM | Computer Name = Seamus | Source = Service Control Manager | ID = 7000
Description =

Error - 12/11/2008 5:10:23 AM | Computer Name = Seamus | Source = HTTP | ID = 15016
Description =

Error - 12/11/2008 5:10:36 AM | Computer Name = Seamus | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Dakeyras
2011-04-19, 00:13
Hi. :)

It appears your machine has been infected with malware for a number of years, nothing to worry about at this stage of my research I will further add. Though being honest the infection you did mention in your initial post, possibly compromised your machine...If I determine this is the case I will provide the appropriate advice.

Anyway lets proceed as follows shall we...

Next:

Now please go to Start >> Control Panel >> Programs and Features and remove the following (if present):

Adobe Reader 9.4.2 <-- We will update this in due course.
Azureus Vuze <-- Please remove this if you wish my assistance, read this (http://forums.spybot.info/showthread.php?t=282) also.
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 5 <-- We will update this in due course.
Spybot - Search & Destroy <-- Will hinder the Malware Removal process, you may reinstall when I give the all clear.
SpywareBlaster 4.4 <-- Not particularly effective these days.
Zynga Toolbar <-- Has undesirable characteristics.

To do so click once on each of the below and click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Temp' Disable Windows Defender:

This is so it will not hinder the Malware Removal process.


Launch Windows Defender via Start(Vista Orb), Control Panel, Windows Defender and go to Tools >> Options.
There will be a list of configuration options.
Scroll down to the end of the list to Administrator options.
Deselect the Use Windows Defender box and press the Save button.
Now you will receive a notification saying that Windows Defender is turned off.
Click on Save then Close on the Notification that appears.

A graphical tutorial explaining the above can be viewed here (http://www.malwarebytes.org/forums/index.php?showtopic=8279).

You may re-enable this when I give the all clear, though personally I would leave it disabled as it is not a particularly effective application and unfortunately it cannot be uninstalled because it is a integral part of the Vista Operating System.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.


Please go here (http://www.aumha.org/downloads/erunt-setup.exe) and download ERUNT.
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
SRV - (stllssvr) -- File not found
SRV - (RoxMediaDB9) -- File not found
SRV - (IDriverT) -- File not found
SRV - (hpqcxs08) -- File not found
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
[2010/06/20 17:42:55 | 000,000,001 | -H-- | C] () -- C:\Windows\bk23567.dat
[2010/06/20 17:42:49 | 000,000,002 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\0995154505553.xxe
[2010/06/20 17:42:45 | 000,000,002 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\0535049569854.xxe
[2008/05/06 04:18:38 | 000,000,039 | ---- | C] () -- C:\Windows\popcinfo.dat
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:3D857D30
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5CF48ABF
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:204C7BBB

:Files
ipconfig /flushdns /c
C:\program files\azureus
C:\Program Files\Azureus Vuze

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F5E800E1-D737-484E-A149-391DD7A52677}"=-
"TCP Query User{0DD4CBFB-D8D8-4E57-ACB8-17FD6A373C6B}C:\program files\azureus\azureus.exe"=-
"TCP Query User{6727413C-27B3-41FF-AA99-E35675E7E79E}C:\program files\azureus\azureus.exe"=-
"UDP Query User{85267DE9-F8A8-40A5-BE57-CDB5E60CC9F3}C:\program files\azureus\azureus.exe"=-
"UDP Query User{CA5C6AEB-FF71-453F-8AF3-71C0A2CC3D32}C:\program files\azureus\azureus.exe"=-

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Right-click mbam-setup.exe and select Run as Administrator, then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.

SaDiablo
2011-04-19, 00:58
Okay, I've dl'd the programs and am following your instructions. Will be back as soon as I've completed the steps.

Thanks again, Dakeyras!

Dakeyras
2011-04-19, 01:01
OK/you're welcome! :)

SaDiablo
2011-04-19, 02:04
I've done everything you suggested and the only problem I've encountered is that even after the uninstall, Java remains in my programs list. (Hooray for minor problems! :) )

Am posting the logs in separate replies -- hang tight. ;)

SaDiablo
2011-04-19, 02:08
All processes killed
========== OTL ==========
Service stllssvr stopped successfully!
Service stllssvr deleted successfully!
File File not found not found.
Service RoxMediaDB9 stopped successfully!
Service RoxMediaDB9 deleted successfully!
File File not found not found.
Service IDriverT stopped successfully!
Service IDriverT deleted successfully!
File File not found not found.
Service hpqcxs08 stopped successfully!
Service hpqcxs08 deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
File C:\Program Files\Zynga\tbZyng.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
File C:\Program Files\Zynga\tbZyng.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
File C:\Program Files\Zynga\tbZyng.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-21-3848025758-3258170917-2156027094-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
C:\WINDOWS\bk23567.dat moved successfully.
C:\Users\Jennifer Bowe\AppData\Local\0995154505553.xxe moved successfully.
C:\Users\Jennifer Bowe\AppData\Local\0535049569854.xxe moved successfully.
C:\WINDOWS\popcinfo.dat moved successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
ADS C:\ProgramData\TEMP:3D857D30 deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:1F96ED45 deleted successfully.
ADS C:\ProgramData\TEMP:5CF48ABF deleted successfully.
ADS C:\ProgramData\TEMP:204C7BBB deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jennifer Bowe\Desktop\Security\cmd.bat deleted successfully.
C:\Users\Jennifer Bowe\Desktop\Security\cmd.txt deleted successfully.
C:\program files\Azureus\plugins\azupnpav folder moved successfully.
C:\program files\Azureus\plugins\azupdater folder moved successfully.
C:\program files\Azureus\plugins\azemp folder moved successfully.
C:\program files\Azureus\plugins folder moved successfully.
C:\program files\Azureus folder moved successfully.
File\Folder C:\Program Files\Azureus Vuze not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5E800E1-D737-484E-A149-391DD7A52677} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5E800E1-D737-484E-A149-391DD7A52677}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0DD4CBFB-D8D8-4E57-ACB8-17FD6A373C6B}C:\program files\azureus\azureus.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6727413C-27B3-41FF-AA99-E35675E7E79E}C:\program files\azureus\azureus.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{85267DE9-F8A8-40A5-BE57-CDB5E60CC9F3}C:\program files\azureus\azureus.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CA5C6AEB-FF71-453F-8AF3-71C0A2CC3D32}C:\program files\azureus\azureus.exe deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 53632 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jennifer Bowe
->Flash cache emptied: 55155 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jennifer Bowe
->Temp folder emptied: 13869592 bytes
->Temporary Internet Files folder emptied: 27102779 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 77136528 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1373729 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 220 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 114.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 04182011_182520

Files\Folders moved on Reboot...
File\Folder C:\Users\Jennifer Bowe\AppData\Local\Temp\~DF1241.tmp not found!
File\Folder C:\Users\Jennifer Bowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{0C31CE02-8098-4D4A-B2AE-DEB2DFB4B998}.tmp not found!
File\Folder C:\Users\Jennifer Bowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BFF81844-EF78-40EC-9218-EA8F5C6F6B4F}.tmp not found!
File\Folder C:\Users\Jennifer Bowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DA0907EE-DB8A-488A-89CA-DB8E099F24DB}.tmp not found!
File\Folder C:\Users\Jennifer Bowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EC6E7C7E-00D1-47A5-8833-999F1E19E7D8}.tmp not found!

Registry entries deleted on Reboot...

SaDiablo
2011-04-19, 02:08
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6393

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

4/18/2011 6:50:38 PM
mbam-log-2011-04-18 (18-50-38).txt

Scan type: Quick scan
Objects scanned: 153757
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D1B2879-99FF-11E3-8D96-D7ACAC95952A} (Spyware.Logger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\lgo (Koobface.Trace) -> Quarantined and deleted successfully.

Dakeyras
2011-04-19, 13:01
Hi. :)

Can you inform myself please which exact version of Java is still showing up in Programs and Features, thank you.

SaDiablo
2011-04-19, 14:13
Sure thing!

Both Java 6 Update 5 and Java SE Runtime Environment 6. Both go through the uninstall procedure, but they're still in the programs list.

Dakeyras
2011-04-19, 14:28
Hi. :)

Please download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.

Please close any instances of Internet Explorer before continuing...


Right-click on JavaRa.exe and select Run as Administrator to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location and post the log in your next reply.

SaDiablo
2011-04-19, 14:38
Went ahead and checked the programs list on a whim. Both Java progs are still listed.

<--- Log Here --->

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Apr 19 07:35:13 2011

Found and removed: C:\Program Files\Java\jre1.6.0

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\JavaSoft\Java Update

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Classes\JavaPlugin.160

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

------------------------------------

Finished reporting.

Dakeyras
2011-04-19, 15:29
Hi. :)

Proving somewhat stubborn these orphaned Java related entries. OK please run the below script for me and post the resulting log and also have a quick check again in Programs and Features etc.


Custom OTL Script:

Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=-
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=-

:Commands
[EmptyTemp]
[Reboot]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

SaDiablo
2011-04-19, 16:36
The programs are still there in the list. *smh* :confused:
How important is it to get rid of them? Won't the reg keys be overwritten if/when we reinstall Java?
To me, it seems like the problem may be leftover registries from Firefox, which I uninstalled at least a year ago... Of course, I could just be making stuff up, too. :P

<--- OTL Log Here --->
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{3248F0A8-6813-11D6-A77B-00B0D0160000} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3248F0A8-6813-11D6-A77B-00B0D0160000}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{3248F0A8-6813-11D6-A77B-00B0D0160050} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3248F0A8-6813-11D6-A77B-00B0D0160050}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jennifer Bowe
->Temp folder emptied: 398604 bytes
->Temporary Internet Files folder emptied: 46869323 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 756 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04192011_092334

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Dakeyras
2011-04-20, 01:19
Hi. :)

Actually it would be prudent to remove them from a security stand point.

Next:

Please download Add Remove Program Cleaner (http://download.cnet.com/Add-Remove-Program-Cleaner/3000-2096_4-10572853.html) to your desktop.

Right-click on addremovecleaner and select Run as Administrator.
Locate Java(TM) SE Runtime Environment 6 in the menu and click once on it to highlight.
Now click on Remove from add/remove programs list
Repeat as above but this time remove Java(TM) 6 Update 5
At the prompt click on Yes then Exit.
Now delete addremovecleaner from the desktop, empty the Recycle Bin and reboot the computer.
When completed the above procedure let myself know the outcome, thank you.

SaDiablo
2011-04-21, 01:17
Okay, I dl'd AddRemoveCleaner and followed your instructions. Unfortunately, both Java programs are still in the list! *grr* Since I used the cleaner app, there's no longer a uninstall/change button in the control panel toolbar, though. (Not sure if that's relevant.)

Out of curiousity and in case this ever comes up again, what's the security line on this problem? What is it indicative of / tell you?

Dakeyras
2011-04-21, 02:00
Hi.:)


Okay, I dl'd AddRemoveCleaner and followed your instructions. Unfortunately, both Java programs are still in the list! *grr* Since I used the cleaner app, there's no longer a uninstall/change button in the control panel toolbar, though. (Not sure if that's relevant.)
Do you mean for the Java related applications and or for all listed?


Out of curiousity and in case this ever comes up again, what's the security line on this problem? What is it indicative of / tell you?
If you mean the infection your machine had before you performed the System Restore, this particular type of malware has the ability to compromise a machine and inject several different types of Root-Kit. Plus being honest the Anti-Virus application you do have presently installed is not the best but I am always of the mind if something is not broken do not fix.

Anyway for now please answer my query and we will go from there, thank you.

SaDiablo
2011-04-21, 02:10
Just for the Java applications, everything else is normal.

And thanks for the answer. :) I'm a curious sort who likes to look "behind the scenes," so to speak.

Dakeyras
2011-04-21, 12:26
Hi. :)

Thanks for the update and you're most welcome!

OK after some further consideration on my behalf I have decided to take a different approach as follows...

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG falsely detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause unpredictable results. Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.

Next:

Please go here (http://www.avg.com/ww-en/download-tools) then download the AVG Remover(32bit) 2011 and save to your Desktop.

Then right-click on avg_remover_stf_x86_2011_1184.exe and select Run as Administrator >> follow the prompts and reboot your machine if advised too.

Note: The above application will have created a notepad file/will be on the desktop. I do not need to review it at this time but do leave it on the desktop for the time being, thank you.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html) <-- Click on this link.Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Download/Install a AV:

Please download just one only of the three free anti-virus programs listed below please and then:

Install >> Update >> Carry Out a Complete Scan. Have it fix anything it finds.


AntiVir Free. (http://www.free-av.com/)
Avast Home Edition. (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?tag=mncol)
Microsoft Security Essentials (http://www.microsoft.com/Security_Essentials/).
Note: If anything was removed by the AV you chose to install, please save a copy of the report created and post the contents in your next reply, thank you.


When completed the above, please post back the following in the order asked for:

How is your computer performing now, any other symptoms and or problems encountered?
ComboFix Log.

SaDiablo
2011-04-23, 01:52
I just now saw your reply, Dakeyras, so wanted to let you know I'll be implementing the latest fix ASAP. :) Will post back with the requested info.

Thanks!

Dakeyras
2011-04-23, 02:11
No problem/fair play. :)

SaDiablo
2011-04-24, 02:53
Okay, I'm finished with the latest instructions. (Technically, I was done last night but sleep won out. ;) )

I haven't had any real symptoms since the system restore. No browser hijacks or warnings, etc -- but the Java programs are still there in the uninstall list.

I decided to go with Avast and it scanned twice, one that I started and then again on reboot. Both came up clean.

Here's the combofix log:

<--- Log Starts Here --->
ComboFix 11-04-22.01 - Jennifer Bowe 04/22/2011 23:10:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1341 [GMT -4:00]
Running from: c:\users\Jennifer Bowe\Desktop\Security\Programs\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\audiograbber\audiograbber.exe
c:\users\Jennifer Bowe\AppData\Roaming\Adobe\plugs
c:\users\Jennifer Bowe\AppData\Roaming\Adobe\shed
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
.
.
2011-04-23 03:19 . 2011-04-23 03:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-18 21:59 . 2011-04-18 21:59 -------- d-----w- c:\users\Jennifer Bowe\AppData\Roaming\Malwarebytes
2011-04-18 21:59 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 21:59 . 2011-04-18 21:59 -------- d-----w- c:\programdata\Malwarebytes
2011-04-18 21:59 . 2011-04-18 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-18 21:59 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 20:16 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-13 20:16 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-13 20:16 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-13 20:16 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-13 20:16 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-13 20:16 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 20:16 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-13 20:16 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-13 20:16 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-13 20:16 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-13 20:13 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-13 05:48 . 2011-04-18 22:04 -------- d-----w- c:\program files\ERUNT
2011-04-12 18:40 . 2011-04-12 18:40 -------- d-----w- C:\_OTL
2011-04-12 11:20 . 2011-04-12 11:20 -------- d-----w- c:\programdata\WindowsSearch
2011-04-12 10:46 . 2011-04-12 10:46 -------- d-----w- C:\Temp
2011-04-12 10:46 . 2011-04-12 10:46 232916 ---h--w- c:\temp\ee896009-2241-4d1a-94b7-8f476921cf1c\OfferApp-2538.exe
2011-04-04 07:54 . 2011-04-04 07:54 -------- d-----w- c:\users\Jennifer Bowe\AppData\Roaming\GestaltGames
2011-04-04 07:54 . 2011-04-04 07:54 -------- d-----w- c:\programdata\GestaltGames
2011-04-02 06:46 . 2011-04-02 06:46 -------- d-----w- c:\programdata\Kristanix Games
2011-04-02 01:32 . 2011-04-02 01:32 -------- d-----w- c:\users\Jennifer Bowe\AppData\Roaming\Sanna
2011-04-02 01:31 . 2011-04-02 01:31 -------- d-----w- c:\programdata\The Legend of Sanna - Rise of a Great Colony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
.
c:\users\Jennifer Bowe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Lunabar Taskbar Icon.lnk - c:\program files\Lunabar\Lunabar.exe [2010-5-10 369152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 19:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 08:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"My Web Search Bar Search Scope Monitor"="c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3848025758-3258170917-2156027094-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2007-06-18 19456]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 12:28]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 12:28]
.
2011-04-22 c:\windows\Tasks\User_Feed_Synchronization-{0E589315-E2B8-4BBB-9AF0-0EED74048859}.job
- c:\windows\system32\msfeedssync.exe [2011-04-13 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-HP Software Update - c:\program files\Hp\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-jpg - c:\programdata\BPK\jpg.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
MSConfigStartUp-sysmain - c:\programdata\BPK\sysmain.exe
MSConfigStartUp-system - c:\programdata\BPK\system.exe
HKLM_ActiveSetup-{10880D85-AAD9-4558-ABDC-2AB1552D831F} - c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-22 23:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-22 23:22:49
ComboFix-quarantined-files.txt 2011-04-23 03:22
.
Pre-Run: 83,184,562,176 bytes free
Post-Run: 84,831,289,344 bytes free
.
- - End Of File - - 5587ADBABA7EADCD80EAA36D44822054

Dakeyras
2011-04-25, 13:07
Hi. :)


the Java programs are still there in the uninstall list.
OK, please download and install CCleaner from here (http://www.piriform.com/ccleaner).

Note: If absouterly anything is offered during installtion apart form the application itself, decline such.

Once installed, run the application in Admin mode...


Click on the Tools button on the left.
Select the Uninstall, then click once on Java(TM) SE Runtime Environment 6 to highlight.
Then click the on the Delete Entry button to remove the entry from the Programs and Features uninstall list.
Repeat as above to remove Java(TM) 6 Update 5 .
Custom ComboFix-Script:



Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::
c:\temp\ee896009-2241-4d1a-94b7-8f476921cf1c\OfferApp-2538.exe


Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring""=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://i223.photobucket.com/albums/dd202/Dakeyras_album/CFScriptB-4.gif


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
Caution: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

SaDiablo
2011-04-25, 23:56
Small problem. I'm unemployed right now and don't have the $ to buy CCleaner. Is there another, free program I can use?

I can still run the ComboFix script, of course, if you say it's okay. :)

Dakeyras
2011-04-26, 01:37
Hi. :)

You do not have to purchase CCleaner, merely download the freeware version. On the page the link resolves, scroll down to:-

Version 3.05.1409 (2,979 kb)

And download the installer from one of the links.

SaDiablo
2011-04-26, 01:46
I must have scrolled right by that. *facepalm* Thanks! Will get to fixin' now. :)

Dakeyras
2011-04-26, 01:49
No problem. :)

Blottedisk
2011-04-29, 17:20
Hi SaDiablo,


Dakeyras will be absent for a couple of days days, so I will be helping you with your issues.


Please post back with the Combofix log.
After doing the CCleaner step, is Java still in the uninstall list?

Blottedisk
2011-05-03, 16:03
Hi SaDiablo,


Are you still there?

Dakeyras
2011-05-06, 23:06
My Personal thanks to Blottedisk for the cover...

--------------

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.