Page 1 of 4 1234 LastLast
Results 1 to 10 of 34

Thread: Click.GiftLoad and a System Restore -- Am I Clean?

  1. #1
    Junior Member
    Join Date
    Apr 2011
    Posts
    19

    Default Click.GiftLoad and a System Restore -- Am I Clean?

    Hi, y'all,

    I started a post about this last night (here), but there's been new developments so I thought I should start a new thread.

    This morning, I couldn't log into Windows. I don't know if it truly was a Windows product (doubtful), but there was something called "Windows Advanced Security" that was preventing me from getting to my desktop.
    After log in and waiting, this box would pop up wanting me to "activate" (ie, pay $90 for) the service because my "system was compromised." The first time it happened, I was able to use taskmanager to get rid of it and get to my desktop, but after restarting the system I couldn't get it to go away.

    Fortunately, I was able to system restore back to a point I hoped was clean. So far, so good: I haven't had any problems since the restore. I'd still like someone to take a look at my log to see if there's anything lurking I should be aware of.

    Thanks, guys!

    <--- DDS Log Here --->
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Jennifer Bowe at 15:58:01.35 on Wed 04/13/2011
    Internet Explorer: 8.0.6001.19019
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.827 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Lunabar\Lunabar.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\AVG\AVG10\avgchsvx.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Jennifer Bowe\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Page = hxxp://google.com
    uWindow Title = IE
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Neopets: {cd292324-974f-4224-d074-caca427aa030} - c:\progra~1\neopets\toolbar\Toolbar.dll
    TB: Neopets: {cd292324-974f-4224-d074-caca427aa030} - c:\progra~1\neopets\toolbar\Toolbar.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)" -"http://www.nickjr.com/kids-games/little-bears-dress-up.html"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\users\jennif~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\lunaba~1.lnk - c:\program files\lunabar\Lunabar.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Search - ?p=GRman000
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-30 21504]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-4-4 1153368]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-28 136176]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-18 517448]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-04-12 18:40:06 -------- d-----w- C:\_OTL
    2011-04-12 10:46:06 -------- d-----w- C:\Temp
    2011-04-12 10:46:04 232916 ---h--w- c:\temp\ee896009-2241-4d1a-94b7-8f476921cf1c\OfferApp-2538.exe
    2011-04-04 07:54:26 -------- d-----w- c:\users\jennif~1\appdata\roaming\GestaltGames
    2011-04-04 07:54:26 -------- d-----w- c:\progra~2\GestaltGames
    2011-04-02 06:46:05 -------- d-----w- c:\progra~2\Kristanix Games
    2011-04-02 01:32:16 -------- d-----w- c:\users\jennif~1\appdata\roaming\Sanna
    2011-04-02 01:31:33 -------- d-----w- c:\progra~2\The Legend of Sanna - Rise of a Great Colony
    2011-03-21 07:20:40 -------- d-----w- c:\users\jennif~1\appdata\roaming\Phantasmat_wildgames_se
    .
    ==================== Find3M ====================
    .
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
    .
    ============= FINISH: 15:59:05.68 ===============

    <--- End DDS Log --->

  2. #2
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,167

    Default

    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
    Hi and welcome to Safer Networking.

    I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
    • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine!
    • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    Vista Advice:

    All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

    The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

    Before we start:

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Scan with OTL:

    Please download OTL and save it to your Desktop.

    Alternate downloads are here and here.
    • Right-click on OTL.exe and select Run as Administrator to start OTL.
    • Under Output, ensure that Minimal Output is selected.
    • Under Extra Registry section, select Use SafeList.
    • Click the Scan All Users checkbox.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please post the contents of these 2 Notepad files in your next reply.

    When completed the above, please post back the following in the order asked for:
    • How is your computer performing now, any further symptoms and or problems encountered?
    • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  3. #3
    Junior Member
    Join Date
    Apr 2011
    Posts
    19

    Default Sorry!

    So thankful this thread hasn't been closed! Due circumstances, I completely forgot to check it over the weekend. Thank you so much, Dakeyras, for looking at my problem.

    I haven't had any symptoms since the restore. Both AVG and Spybot have come up clean, and there's nothing in HJT that I don't recognize. I've been keeping offline, though, except to check my mail for replies from here.

    Running OTL now, will post the logs ASAP.
    Thanks again!

  4. #4
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,167

    Default

    OK/you're welcome!
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  5. #5
    Junior Member
    Join Date
    Apr 2011
    Posts
    19

    Default OTL.log

    <--- OTL Log Here --->

    OTL logfile created on: 4/18/2011 3:58:01 PM - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jennifer Bowe\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19048)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 140.62 Gb Total Space | 68.97 Gb Free Space | 49.04% Space Free | Partition Type: NTFS
    Drive D: | 8.43 Gb Total Space | 1.80 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
    Drive F: | 372.52 Gb Total Space | 276.07 Gb Free Space | 74.11% Space Free | Partition Type: FAT32

    Computer Name: SEAMUS | User Name: Jennifer Bowe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Jennifer Bowe\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\Winamp\winampa.exe ()
    PRC - C:\Program Files\Lunabar\Lunabar.exe (Infra-Azure Labs)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Jennifer Bowe\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (stllssvr) -- File not found
    SRV - (RoxMediaDB9) -- File not found
    SRV - (IDriverT) -- File not found
    SRV - (hpqcxs08) -- File not found
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (Avgldx86) -- C:\WINDOWS\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgtdix) -- C:\WINDOWS\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgmfx86) -- C:\WINDOWS\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSDriver) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSShim) -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSFilter) -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Company)
    DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
    DRV - (CnxtHdAudService) -- C:\WINDOWS\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
    DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (FlyUsb) -- C:\WINDOWS\System32\drivers\FlyUsb.sys (LeapFrog)
    DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)
    DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
    DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
    DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
    DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
    IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
    IE - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/13 14:30:38 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2011/02/20 12:36:57 | 000,431,617 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 .supercocklol.com
    O1 - Hosts: 127.0.0.1 www..webloyalty.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 14858 more lines...
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
    O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
    O3 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000..\RunOnce: [Shockwave Updater] File not found
    O4 - Startup: C:\Users\Jennifer Bowe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lunabar Taskbar Icon.lnk = C:\Program Files\Lunabar\Lunabar.exe (Infra-Azure Labs)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://mpsnare.iesnare.com/StmOCX.cab (Stm Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.76.227.40 208.180.42.68
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Jennifer Bowe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Jennifer Bowe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/18 15:43:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer Bowe\Desktop\OTL.exe
    [2011/04/13 16:23:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/04/13 16:17:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2011/04/13 16:17:50 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2011/04/13 16:17:45 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2011/04/13 16:17:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2011/04/13 16:17:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2011/04/13 16:17:36 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2011/04/13 16:17:36 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2011/04/13 16:17:36 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2011/04/13 16:17:36 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2011/04/13 16:17:36 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2011/04/13 16:17:36 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2011/04/13 16:17:36 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/04/13 16:17:36 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2011/04/13 16:17:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2011/04/13 16:17:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2011/04/13 16:17:36 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2011/04/13 16:17:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2011/04/13 16:17:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2011/04/13 16:17:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/04/13 16:17:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2011/04/13 16:17:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011/04/13 16:16:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
    [2011/04/13 16:16:51 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
    [2011/04/13 16:16:51 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
    [2011/04/13 16:16:48 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
    [2011/04/13 16:16:48 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
    [2011/04/13 16:16:46 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/04/13 01:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/04/12 14:40:06 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/04/12 07:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2011/04/12 06:46:06 | 000,000,000 | ---D | C] -- C:\Temp
    [2011/04/04 03:54:26 | 000,000,000 | ---D | C] -- C:\Users\Jennifer Bowe\AppData\Roaming\GestaltGames
    [2011/04/04 03:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\GestaltGames
    [2011/04/02 02:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kristanix Games
    [2011/04/01 21:32:16 | 000,000,000 | ---D | C] -- C:\Users\Jennifer Bowe\AppData\Roaming\Sanna
    [2011/04/01 21:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
    [2011/03/21 03:20:40 | 000,000,000 | ---D | C] -- C:\Users\Jennifer Bowe\AppData\Roaming\Phantasmat_wildgames_se
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/04/18 15:49:02 | 000,000,000 | ---- | M] () -- C:\Users\Jennifer Bowe\AppData\Local\prvlcl.dat
    [2011/04/18 15:46:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/18 15:43:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer Bowe\Desktop\OTL.exe
    [2011/04/18 15:41:20 | 112,735,522 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2011/04/18 15:37:56 | 000,064,469 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/04/18 15:37:56 | 000,064,469 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/04/18 15:37:55 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/18 15:37:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/04/17 19:46:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/17 19:46:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/17 18:22:49 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E589315-E2B8-4BBB-9AF0-0EED74048859}.job
    [2011/04/16 16:56:09 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/04/16 16:56:09 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/04/13 16:40:24 | 000,429,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/04/13 15:45:27 | 000,625,664 | ---- | M] () -- C:\Users\Jennifer Bowe\Desktop\dds.scr
    [2011/03/27 20:17:57 | 000,002,611 | ---- | M] () -- C:\Users\Jennifer Bowe\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
    [2011/03/27 02:52:49 | 000,358,697 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2011/03/26 19:51:02 | 000,001,643 | ---- | M] () -- C:\Users\Jennifer Bowe\Application Data\Microsoft\Internet Explorer\Quick Launch\Character Map (2).lnk
    [2011/03/21 12:56:05 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/04/13 15:45:23 | 000,625,664 | ---- | C] () -- C:\Users\Jennifer Bowe\Desktop\dds.scr
    [2011/03/26 19:51:02 | 000,001,643 | ---- | C] () -- C:\Users\Jennifer Bowe\Application Data\Microsoft\Internet Explorer\Quick Launch\Character Map (2).lnk
    [2011/02/08 09:57:47 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\prvlcl.dat
    [2010/11/22 23:10:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/11/22 23:09:58 | 000,024,206 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Roaming\UserTile.png
    [2010/06/20 17:42:55 | 000,000,001 | -H-- | C] () -- C:\Windows\bk23567.dat
    [2010/06/20 17:42:49 | 000,000,002 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\0995154505553.xxe
    [2010/06/20 17:42:45 | 000,000,002 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\0535049569854.xxe
    [2010/03/17 13:20:33 | 000,004,249 | ---- | C] () -- C:\Windows\wininit.ini
    [2009/10/11 04:09:03 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/26 17:00:21 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
    [2009/07/05 23:01:59 | 000,002,653 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2009/06/01 19:48:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/06/01 19:48:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2008/12/26 04:37:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/12/22 18:02:44 | 000,064,469 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2008/12/22 18:02:44 | 000,064,469 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2008/12/06 17:56:11 | 000,003,740 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Roaming\wklnhst.dat
    [2008/10/21 16:52:26 | 000,121,326 | ---- | C] () -- C:\Windows\hpoins15.dat
    [2008/10/21 16:52:26 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat
    [2008/09/18 18:00:08 | 000,009,216 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/07/23 21:34:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/06/16 12:17:46 | 000,000,680 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\d3d9caps.dat
    [2008/05/23 20:57:00 | 000,000,027 | ---- | C] () -- C:\Windows\SmAudio.INI
    [2008/05/08 03:00:13 | 000,164,352 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
    [2008/05/08 03:00:13 | 000,012,325 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Jardinains!.dat
    [2008/05/06 04:18:38 | 000,000,039 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2008/04/04 06:46:14 | 000,056,597 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Roaming\nvModes.001
    [2008/04/04 06:46:13 | 000,056,597 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Roaming\nvModes.dat
    [2007/08/04 06:53:25 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2007/08/04 05:35:06 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:47:37 | 000,429,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
    @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:3D857D30
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1F96ED45
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5CF48ABF
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:204C7BBB

    < End of report >

  6. #6
    Junior Member
    Join Date
    Apr 2011
    Posts
    19

    Default OTL Extras Log

    <---OTL Extras Log Here --->

    OTL Extras logfile created on: 4/18/2011 3:58:01 PM - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jennifer Bowe\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19048)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 140.62 Gb Total Space | 68.97 Gb Free Space | 49.04% Space Free | Partition Type: NTFS
    Drive D: | 8.43 Gb Total Space | 1.80 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
    Drive F: | 372.52 Gb Total Space | 276.07 Gb Free Space | 74.11% Space Free | Partition Type: FAT32

    Computer Name: SEAMUS | User Name: Jennifer Bowe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 1
    "InternetSettingsDisableNotify" = 1
    "AutoUpdateDisableNotify" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3848025758-3258170917-2156027094-1000]
    "EnableNotifications" = 1
    "EnableNotificationsRef" = 2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{70B41DCB-E655-4F5D-82A2-ED70EF46B6FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{290BC50B-D9F2-4CAE-A443-8884C8576D6F}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
    "{45354A2A-177B-476A-A49A-6A9F3772DA10}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{4A7D4F67-14AD-41F9-B21B-10C37FB5B6D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4AE5DC54-8F43-4EEF-BB1C-4F12103C2406}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{5D4F7290-2429-4FF7-A7DB-630369702C22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{616FCC14-60B0-42F7-A0E7-36EC1C4E6BD3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{852F3192-60CE-44D7-98A0-5D94E28BAE0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8CF565ED-388A-4452-B5BB-70275D447463}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
    "{90F99FE4-8926-4ADB-8E84-E0E1B8C93F9A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{9FE30132-4168-4855-9B0F-725DFD550435}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{A7B69B7A-2561-4556-86B9-96B816180696}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{C826EA13-64DC-4335-BCB6-D836117513CE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{C8E88454-1935-486D-BC9C-CDCDF5A90DC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F5E800E1-D737-484E-A149-391DD7A52677}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "TCP Query User{0DD4CBFB-D8D8-4E57-ACB8-17FD6A373C6B}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
    "TCP Query User{6727413C-27B3-41FF-AA99-E35675E7E79E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
    "UDP Query User{85267DE9-F8A8-40A5-BE57-CDB5E60CC9F3}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
    "UDP Query User{CA5C6AEB-FF71-453F-8AF3-71C0A2CC3D32}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
    "{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0D503B8E-97E3-45B7-96CB-4936269B902C}" = Better Homes and Gardens Home Designer 7.0
    "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
    "{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
    "{500F4A70-6965-C255-2385-2C9EE86D641E}" = PBS KIDS PLAY!
    "{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
    "{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
    "{D8D04547-ECFA-45BE-B676-042AF8FD3F57}_is1" = StarLove
    "{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
    "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
    "{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
    "{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
    "{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
    "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Astro123_is1" = Astro123 v1.62
    "AstroWin_is1" = AstroWin v3.62
    "AVG" = AVG 2011
    "Azureus Vuze" = Azureus Vuze
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DivX Setup.divx.com" = DivX Setup
    "Horary Helper_is1" = Horary Helper v5.00
    "Jardinains!" = Jardinains!
    "Lunabar_is1" = Lunabar
    "MatchMkr_is1" = MatchMkr v1.29
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Neopets" = Neopets
    "NVIDIA Drivers" = NVIDIA Drivers
    "PKP-AIR.E1CA2DA223DC5B169679FE7ED011F56FF6BC1819.1" = PBS KIDS PLAY!
    "Platypus_is1" = Platypus
    "PROR" = Microsoft Office Professional 2007
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "WildTangent hp Master Uninstall" = HP Games
    "WildTangent hplaptop Master Uninstall" = My HP Games
    "Winamp" = Winamp
    "WinRAR archiver" = WinRAR archiver
    "WTA-014e8b24-c309-44c5-a8d2-d690feabb62c" = Chuzzle Deluxe
    "WTA-2503678a-70cc-49e7-bff3-c1c24b500731" = Super Yum Yum: Puzzle Adventures
    "WTA-3237eb9c-76f4-4311-94ac-245e8923523e" = Max and the Magic Marker
    "WTA-551c14fb-c510-4f28-8a20-6797796c9ebb" = Sparkle
    "WTA-67652a84-b831-4b89-8e30-1e77fd45f78d" = Phantasmat
    "WTA-69a54143-a0cc-4c55-a479-9ca2a85bd1e8" = Oceanis
    "WTA-9036a889-21f5-4df9-86e9-279f70015b05" = Dora Saves the Snow Princess
    "WTA-9e6f5db9-a2c9-41e1-ac6c-f945310b7543" = Hunting Unlimited 2010
    "WTA-9eba3e80-8726-4bc2-9c26-48168fe655be" = World Mosaics 4
    "WTA-ff9afc27-19c6-40d3-940b-96cbc17e0558" = Hodgepodge Hollow: A Potions Primer
    "Zynga Toolbar" = Zynga Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3848025758-3258170917-2156027094-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Smilebox" = Smilebox

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/12/2011 10:44:49 PM | Computer Name = Seamus | Source = EventSystem | ID = 4609
    Description =

    Error - 4/13/2011 12:24:39 AM | Computer Name = Seamus | Source = Application Hang | ID = 1002
    Description = The program AS2011.exe version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Problem Reports and Solutions control panel. Process
    ID: d14 Start Time: 01cbf991f895d519 Termination Time: 10

    Error - 4/13/2011 12:55:30 AM | Computer Name = Seamus | Source = Application Hang | ID = 1002
    Description = The program rundll32.exe version 6.0.6000.16386 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 125c Start Time: 01cbf996d9f5b4e9 Termination Time: 16

    Error - 4/13/2011 1:06:57 AM | Computer Name = Seamus | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 4/13/2011 1:46:27 AM | Computer Name = Seamus | Source = Application Hang | ID = 1002
    Description = The program AS2011.exe version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Problem Reports and Solutions control panel. Process
    ID: c94 Start Time: 01cbf99dd44fdb32 Termination Time: 1435

    Error - 4/13/2011 1:47:06 AM | Computer Name = Seamus | Source = Application Hang | ID = 1002
    Description = The program AS2011.exe version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Problem Reports and Solutions control panel. Process
    ID: 119c Start Time: 01cbf99e1a4f4a32 Termination Time: 31

    Error - 4/13/2011 2:38:50 AM | Computer Name = Seamus | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
    exception code 0xc000071b, fault offset 0x00088d15, process id 0x514, application
    start time 0x01cbf99dac7a09a0.

    Error - 4/13/2011 1:37:53 PM | Computer Name = Seamus | Source = Application Hang | ID = 1002
    Description = The program AS2011.exe version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Problem Reports and Solutions control panel. Process
    ID: dfc Start Time: 01cbfa01595e0225 Termination Time: 15

    Error - 4/13/2011 1:57:14 PM | Computer Name = Seamus | Source = Application Hang | ID = 1002
    Description = The program AS2011.exe version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Problem Reports and Solutions control panel. Process
    ID: 7d0 Start Time: 01cbfa02906b0f56 Termination Time: 93

    Error - 4/13/2011 4:32:08 PM | Computer Name = Seamus | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    [ OSession Events ]
    Error - 11/18/2008 12:38:02 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 342245
    seconds with 3840 seconds of active time. This session ended with a crash.

    Error - 10/10/2009 3:12:47 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2129
    seconds with 1620 seconds of active time. This session ended with a crash.

    Error - 10/18/2009 7:13:21 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4202
    seconds with 2400 seconds of active time. This session ended with a crash.

    Error - 11/21/2009 2:34:26 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1926
    seconds with 1500 seconds of active time. This session ended with a crash.

    Error - 11/28/2009 3:37:13 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 560
    seconds with 540 seconds of active time. This session ended with a crash.

    Error - 8/12/2010 5:12:26 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2/25/2011 5:19:09 PM | Computer Name = Seamus | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 12/10/2008 1:22:14 PM | Computer Name = Seamus | Source = HTTP | ID = 15016
    Description =

    Error - 12/10/2008 1:22:23 PM | Computer Name = Seamus | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/10/2008 3:23:37 PM | Computer Name = Seamus | Source = HTTP | ID = 15016
    Description =

    Error - 12/10/2008 3:23:50 PM | Computer Name = Seamus | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/11/2008 12:35:33 AM | Computer Name = Seamus | Source = HTTP | ID = 15016
    Description =

    Error - 12/11/2008 12:35:47 AM | Computer Name = Seamus | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/11/2008 4:32:26 AM | Computer Name = Seamus | Source = HTTP | ID = 15016
    Description =

    Error - 12/11/2008 4:32:40 AM | Computer Name = Seamus | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/11/2008 5:10:23 AM | Computer Name = Seamus | Source = HTTP | ID = 15016
    Description =

    Error - 12/11/2008 5:10:36 AM | Computer Name = Seamus | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >

  7. #7
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,167

    Default

    Hi.

    It appears your machine has been infected with malware for a number of years, nothing to worry about at this stage of my research I will further add. Though being honest the infection you did mention in your initial post, possibly compromised your machine...If I determine this is the case I will provide the appropriate advice.

    Anyway lets proceed as follows shall we...

    Next:

    Now please go to Start >> Control Panel >> Programs and Features and remove the following (if present):

    Adobe Reader 9.4.2 <-- We will update this in due course.
    Azureus Vuze <-- Please remove this if you wish my assistance, read this also.
    Java(TM) SE Runtime Environment 6
    Java(TM) 6 Update 5 <-- We will update this in due course.
    Spybot - Search & Destroy <-- Will hinder the Malware Removal process, you may reinstall when I give the all clear.
    SpywareBlaster 4.4 <-- Not particularly effective these days.
    Zynga Toolbar <-- Has undesirable characteristics.

    To do so click once on each of the below and click on Uninstall/Change and follow the prompts.

    Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

    Temp' Disable Windows Defender:

    This is so it will not hinder the Malware Removal process.

    • Launch Windows Defender via Start(Vista Orb), Control Panel, Windows Defender and go to Tools >> Options.
    • There will be a list of configuration options.
    • Scroll down to the end of the list to Administrator options.
    • Deselect the Use Windows Defender box and press the Save button.
    • Now you will receive a notification saying that Windows Defender is turned off.
    • Click on Save then Close on the Notification that appears.

    A graphical tutorial explaining the above can be viewed here.

    You may re-enable this when I give the all clear, though personally I would leave it disabled as it is not a particularly effective application and unfortunately it cannot be uninstalled because it is a integral part of the Vista Operating System.

    Backup the Registry:

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    • Please go here and download ERUNT.
    • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
    • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
    • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
    • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
    • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
    • Make sure that at least the first two check boxes are selected.
    • Click on OK
    • Then click on YES to create the folder.
    Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

    Custom OTL Script:
    • Right-click OTL.exe and select Run as Administrator to start the program.
    • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :OTL
    SRV - (stllssvr) -- File not found
    SRV - (RoxMediaDB9) -- File not found
    SRV - (IDriverT) -- File not found
    SRV - (hpqcxs08) -- File not found
    IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
    [2010/06/20 17:42:55 | 000,000,001 | -H-- | C] () -- C:\Windows\bk23567.dat
    [2010/06/20 17:42:49 | 000,000,002 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\0995154505553.xxe
    [2010/06/20 17:42:45 | 000,000,002 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\0535049569854.xxe
    [2008/05/06 04:18:38 | 000,000,039 | ---- | C] () -- C:\Windows\popcinfo.dat
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
    @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:3D857D30
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1F96ED45
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5CF48ABF
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:204C7BBB
    
    :Files
    ipconfig /flushdns /c
    C:\program files\azureus
    C:\Program Files\Azureus Vuze
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{F5E800E1-D737-484E-A149-391DD7A52677}"=-
    "TCP Query User{0DD4CBFB-D8D8-4E57-ACB8-17FD6A373C6B}C:\program files\azureus\azureus.exe"=-
    "TCP Query User{6727413C-27B3-41FF-AA99-E35675E7E79E}C:\program files\azureus\azureus.exe"=-
    "UDP Query User{85267DE9-F8A8-40A5-BE57-CDB5E60CC9F3}C:\program files\azureus\azureus.exe"=-
    "UDP Query User{CA5C6AEB-FF71-453F-8AF3-71C0A2CC3D32}C:\program files\azureus\azureus.exe"=-
    
    :Commands
    [Purity]
    [ResetHosts]
    [EmptyFlash]
    [EmptyTemp]
    [CreateRestorePoint]
    [Reboot]
    • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
    • Then click the red Run Fix button.
    • Let the program run unhindered.
    • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

    Next:

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Right-click mbam-setup.exe and select Run as Administrator, then follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please post that log in your next reply.
    The log can also be found here:
    1. Launch Malwarebytes' Anti-Malware
    2. Click on the Logs radio tab.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    When completed the above, please post back the following in the order asked for:
    • How is your computer performing now, any further symptoms and or problems encountered?
    • OTL Log from the Custom Script.
    • Malwarebytes Anti-Malware Log.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  8. #8
    Junior Member
    Join Date
    Apr 2011
    Posts
    19

    Default Back in a Few

    Okay, I've dl'd the programs and am following your instructions. Will be back as soon as I've completed the steps.

    Thanks again, Dakeyras!

  9. #9
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,167

    Default

    OK/you're welcome!
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  10. #10
    Junior Member
    Join Date
    Apr 2011
    Posts
    19

    Default Finished Scans

    I've done everything you suggested and the only problem I've encountered is that even after the uninstall, Java remains in my programs list. (Hooray for minor problems! )

    Am posting the logs in separate replies -- hang tight.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •