Hi.
It appears your machine has been infected with malware for a number of years, nothing to worry about at this stage of my research I will further add. Though being honest the infection you did mention in your initial post, possibly compromised your machine...If I determine this is the case I will provide the appropriate advice.
Anyway lets proceed as follows shall we...
Next:
Now please go to Start >> Control Panel >> Programs and Features and remove the following (if present):
Adobe Reader 9.4.2 <-- We will update this in due course.
Azureus Vuze <-- Please remove this if you wish my assistance, read this also.
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 5 <-- We will update this in due course.
Spybot - Search & Destroy <-- Will hinder the Malware Removal process, you may reinstall when I give the all clear.
SpywareBlaster 4.4 <-- Not particularly effective these days.
Zynga Toolbar <-- Has undesirable characteristics.
To do so click once on each of the below and click on Uninstall/Change and follow the prompts.
Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.
Temp' Disable Windows Defender:
This is so it will not hinder the Malware Removal process.
- Launch Windows Defender via Start(Vista Orb), Control Panel, Windows Defender and go to Tools >> Options.
- There will be a list of configuration options.
- Scroll down to the end of the list to Administrator options.
- Deselect the Use Windows Defender box and press the Save button.
- Now you will receive a notification saying that Windows Defender is turned off.
- Click on Save then Close on the Notification that appears.
A graphical tutorial explaining the above can be viewed here.
You may re-enable this when I give the all clear, though personally I would leave it disabled as it is not a particularly effective application and unfortunately it cannot be uninstalled because it is a integral part of the Vista Operating System.
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
- Please go here and download ERUNT.
- ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
- Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
- Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
- Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
- Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
- Make sure that at least the first two check boxes are selected.
- Click on OK
- Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe
Custom OTL Script:
- Right-click OTL.exe and select Run as Administrator to start the program.
- Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
:OTL
SRV - (stllssvr) -- File not found
SRV - (RoxMediaDB9) -- File not found
SRV - (IDriverT) -- File not found
SRV - (hpqcxs08) -- File not found
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3848025758-3258170917-2156027094-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
[2010/06/20 17:42:55 | 000,000,001 | -H-- | C] () -- C:\Windows\bk23567.dat
[2010/06/20 17:42:49 | 000,000,002 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\0995154505553.xxe
[2010/06/20 17:42:45 | 000,000,002 | ---- | C] () -- C:\Users\Jennifer Bowe\AppData\Local\0535049569854.xxe
[2008/05/06 04:18:38 | 000,000,039 | ---- | C] () -- C:\Windows\popcinfo.dat
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:3D857D30
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5CF48ABF
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:204C7BBB
:Files
ipconfig /flushdns /c
C:\program files\azureus
C:\Program Files\Azureus Vuze
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F5E800E1-D737-484E-A149-391DD7A52677}"=-
"TCP Query User{0DD4CBFB-D8D8-4E57-ACB8-17FD6A373C6B}C:\program files\azureus\azureus.exe"=-
"TCP Query User{6727413C-27B3-41FF-AA99-E35675E7E79E}C:\program files\azureus\azureus.exe"=-
"UDP Query User{85267DE9-F8A8-40A5-BE57-CDB5E60CC9F3}C:\program files\azureus\azureus.exe"=-
"UDP Query User{CA5C6AEB-FF71-453F-8AF3-71C0A2CC3D32}C:\program files\azureus\azureus.exe"=-
:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
- Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
- Then click the red Run Fix button.
- Let the program run unhindered.
- If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Next:
Please download Malwarebytes' Anti-Malware to your desktop.
- Right-click mbam-setup.exe and select Run as Administrator, then follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
- Launch Malwarebytes' Anti-Malware
- Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed the above, please post back the following in the order asked for:
- How is your computer performing now, any further symptoms and or problems encountered?
- OTL Log from the Custom Script.
- Malwarebytes Anti-Malware Log.