BleepingComputer.com: Registry Reviver/windows recovery

Hi, I just got word that a relative of mine had something going on with his computer. I decide to go and look at it, and it looks as though he keeps getting an error due to his HD failing. I don't trust this as it seems he's having a virus problem as well. Two, it seems...Registry reviver which he says he does not recall installing and windows recovery. I got a couple logs to post and then I'll leave everything to you, thanks in advance!

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
  
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
  
• Please do not PM me directly for help. If you have any questions, post them in this topic.
  
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running OTL

We need to create a FULL OTL Report

• Please download OTL from here:
  
  • Main Mirror
  
  
• Save it to your desktop.
  
• Double click on the icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• Change the "Extra Registry" option to "SafeList"
  
• Push the button.
  
• Two reports will open, copy and paste them in a reply here:
  
  • OTL.txt <-- Will be opened
    
  • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Can I install OTL on a flash drive so I can run off it or should i just download .exe onto the flash drive then run it on his computer?

Extras

OTL Extras logfile created on: 5/17/2011 10:37:16 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Martin\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.45 Gb Total Space | 3.62 Gb Free Space | 4.86% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 5.96 Gb Free Space | 79.96% Space Free | Partition Type: FAT32
Drive Z: | 931.51 Gb Total Space | 880.67 Gb Free Space | 94.54% Space Free | Partition Type: NTFS

Computer Name: VX5 | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1497561714-220801801-719060552-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1497561714-220801801-719060552-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FC3FB0A-1D03-4598-98BE-E27C614A675D}" = lport=139 | protocol=6 | dir=in | app=system |
"{2B79A209-3E46-4CE8-8DD9-09219516CD71}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3DE4F6BC-CAD7-49FE-A065-10412DAF3ADC}" = rport=445 | protocol=6 | dir=out | app=system |
"{5FD2691D-4A11-473C-A54A-D0B005BC2BED}" = lport=138 | protocol=17 | dir=in | app=system |
"{6A3C7E42-3360-4DD3-A032-5DB9F0000988}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6A496412-396C-4081-826F-83CF7D4BAE03}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{93C6BA79-BFBA-4878-BA2E-FD3965C1B562}" = rport=137 | protocol=17 | dir=out | app=system |
"{9528BE1D-DA9D-4618-8464-F78B72A262D3}" = rport=139 | protocol=6 | dir=out | app=system |
"{B6DE0ADB-3C81-48FE-9B6C-422826127DC7}" = lport=445 | protocol=6 | dir=in | app=system |
"{B936740C-783A-451E-92C4-C6C5BCB86480}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C957866C-A3FF-4D72-B737-3BC5A1F8257B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D68844EB-8B6E-432D-87C3-6FE7F0631071}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E4B62A34-C75D-45B5-B288-1A1D811918E3}" = lport=137 | protocol=17 | dir=in | app=system |
"{ECB6713A-469F-44F7-AB30-2CEE6F175271}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F061B205-6A51-430F-8A07-E30114ABED3D}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DBE28D-4F3E-4B3B-8C9E-F5EBCD8EF009}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{0696E916-7FD6-4807-BB4E-F9A16CA4AA77}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0720F08B-6823-47FE-839F-2998C2F890D8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{105A36EC-1593-4C3E-8426-F739A43D47DD}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{11B487AF-A1E5-4319-ABCF-4410D859560E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{18074808-A742-49F4-9931-D86FCDB4F5A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1CC4CBDF-6EB8-480A-9A54-CB20E3AD961E}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{22B6FFB7-C6B5-4790-BA0E-4DD9AB6E5D3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{30811B5C-5884-48C4-B7B9-021F6B90846A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{35272968-22E8-4CD2-9A33-5A4348B852D3}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{39A4AD72-30CF-4FBC-81A8-40E8AC806B4A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3AD6D3C6-491D-4976-8751-E6D64C42AF7F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3B047FB3-A49D-4537-9A6A-BD8C05BC8995}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C483C25-5F66-402F-9FE0-37A7F294B458}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{409E3475-1ECC-4303-B45E-74E46FC31B6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{48615B5B-C3CD-41B7-82D5-384533DA1897}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{54E841AE-C09B-485D-BC60-0B59252124C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{55CAB3C7-6CDD-44BE-A1BF-B788F19C3115}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{58777F83-D88E-4346-8AF0-50E475C3F812}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{58D65DAE-C9C7-48F4-ABA4-B0FCA6024A2E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{5AA8CD69-EA9C-4704-B4FB-F391DB589F99}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{60F9EA5F-FDE4-49E1-9ACE-0EC303CBAF15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{61C4F875-CB86-4B99-9F01-D0FFE23E5EEA}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{68C192FE-B6F2-4201-BD89-815C9622A36A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F55ACFD-859B-40C6-A63C-E699BDDFE4CD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{72613E15-71C4-4214-AA7D-122372F78CF5}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{86EDD448-DCB9-4057-A9E0-90E9AEFB418A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{8742F74C-5BD5-4480-838D-71C4C3AA986D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{88FDF711-9642-46B4-8BEB-BAD1A8AA658C}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8A59ED9B-6D6D-4BD8-B698-7212AA1767B3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{94814543-4BA4-4288-B3D0-C796419B0A18}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{95BFF2AB-5051-4A2D-B293-D219A6B5F5EE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9641AB18-61AC-416A-A4A5-3B523976B54B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{97127467-D9FD-4F7D-8E91-C8F5601F9F62}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{9960E7AC-0514-48DE-8280-E55B28095EAF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A74C056-7049-4842-9B1C-9F3ACFAAE803}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{A5A738EB-BE44-42C9-ACBA-62F23F25BF29}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACEA22B3-12FC-41E0-9AE9-4FC5193F0C4A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AF23FCED-C259-4725-A5C2-C99A008227CA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B105AC9D-1684-4F99-AEEC-706991EF86B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B61D7AD5-5AC9-4BC9-91E7-A973C65D33F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B6B6AF68-E12B-4A75-9955-882BC825468C}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{BE603553-0F4C-4B00-B5BB-6192EF0157D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{BF15B18C-6834-4790-9766-800B92988446}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{C0551804-3E82-49C2-81AB-F48BC29AA83D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C1912ECF-455C-40AE-B11B-F607860D4260}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C4AD1123-F577-4D6C-930E-FBAC40E1CF30}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CB2D0B71-F7D7-4AE0-AB8B-A83445E28F2C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{CD24B5BB-0385-4774-A0B3-0726553C1888}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{D0571483-E0D7-41C4-88C8-BBB0F0006640}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{DE17B1BA-6EF5-40A1-B863-E24437C4CD02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E3C2C847-6A17-40E9-BE1A-7351D08DD81C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EBAC8EB6-EB8E-4092-89CD-FDA814096B2D}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{ECCEFAA9-594E-4900-AFF4-5FBCC537C62E}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{F2C6EFED-D6BC-4A70-839F-BE21FB76512F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F45573B0-ED0B-4AFB-B4F7-26664EBC5D41}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{1885733E-BF3C-4367-969D-59478EE2BE25}C:\program files (x86)\xbc\nexbc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbc\nexbc.exe |
"TCP Query User{3DAE9166-A9D3-4736-876D-D7FB80C5AD81}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{4BFEB285-8942-4222-ABBF-E1D09EE0BEE5}C:\users\martin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{8F128C8D-C995-4F36-B8E3-BB16D4AA0CC1}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{AD7AA0EB-8266-4CE6-9E71-5796B243DB03}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{BAAC5A9C-E74B-4C96-A102-6F4DC26B1655}C:\program files (x86)\stepmania4\program\stepmania.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stepmania4\program\stepmania.exe |
"UDP Query User{3A542A8B-C328-4FA4-9A1A-7C03E0A9EFF5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{3ADF1C05-50B1-421F-A3B7-5258114A0713}C:\users\martin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{B85E2137-552A-4C27-B0E6-E3210624E2C2}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{D0ED1BA1-D96A-4BDF-8C42-C28B03DDA727}C:\program files (x86)\stepmania4\program\stepmania.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stepmania4\program\stepmania.exe |
"UDP Query User{DBF42FE3-2DF3-4F94-96EA-BBD75595F515}C:\program files (x86)\xbc\nexbc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbc\nexbc.exe |
"UDP Query User{E918A5E5-F668-4631-A9C1-540539A826B1}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3E061CBA-1DBB-45DD-8873-D100072ADCAD}" = Microsoft LifeCam
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"OEMInformation" = OEM Logo and Information
"RegistryReviver" = RegistryReviver
"Vista Ultimate_is1" = Vista Ultimate

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"conduitEngine" = Conduit Engine
"ExpressBurn" = Express Burn
"LimeWire" = LimeWire 5.3.6
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Philips Songbird" = Philips Songbird
"PROR" = Microsoft Office Professional 2007
"Search Toolbar" = Search Toolbar
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StepMania" = StepMania 3.9a (remove only)
"Switch" = Switch Sound File Converter
"Veetle TV" = Veetle TV 0.9.17
"WavePad" = WavePad Uninstall
"WinPcapInst" = WinPcap 4.1 beta5
"XBC 5.1" = XBC 5.1
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1497561714-220801801-719060552-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2011 3:15:28 PM | Computer Name = VX5 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/16/2011 3:15:28 PM | Computer Name = VX5 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 53013243

Error - 5/16/2011 3:15:28 PM | Computer Name = VX5 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53013243

Error - 5/16/2011 3:15:29 PM | Computer Name = VX5 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/16/2011 3:15:29 PM | Computer Name = VX5 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 53014257

Error - 5/16/2011 3:15:29 PM | Computer Name = VX5 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53014257

Error - 5/17/2011 11:30:58 PM | Computer Name = VX5 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/17/2011 11:30:58 PM | Computer Name = VX5 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 116113338

Error - 5/17/2011 11:30:58 PM | Computer Name = VX5 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 116113338

Error - 5/17/2011 11:34:42 PM | Computer Name = VX5 | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 11/20/2009 12:48:52 AM | Computer Name = VX5 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/21/2010 9:42:41 PM | Computer Name = VX5 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.187 for the Network Card with network
address 00241D8730A9 has been denied by the DHCP server 192.168.1.2 (The DHCP Server
sent a DHCPNACK message).

Error - 8/23/2010 11:49:27 PM | Computer Name = VX5 | Source = HTTP | ID = 15016
Description =

Error - 8/23/2010 11:51:14 PM | Computer Name = VX5 | Source = Service Control Manager | ID = 7026
Description =

Error - 8/24/2010 11:45:31 AM | Computer Name = VX5 | Source = HTTP | ID = 15016
Description =

Error - 8/24/2010 11:47:16 AM | Computer Name = VX5 | Source = Service Control Manager | ID = 7026
Description =

Error - 8/24/2010 11:29:32 PM | Computer Name = VX5 | Source = HTTP | ID = 15016
Description =

Error - 8/24/2010 11:31:18 PM | Computer Name = VX5 | Source = Service Control Manager | ID = 7026
Description =

Error - 8/25/2010 6:57:34 PM | Computer Name = VX5 | Source = HTTP | ID = 15016
Description =

Error - 8/25/2010 6:59:21 PM | Computer Name = VX5 | Source = Service Control Manager | ID = 7026
Description =

Error - 8/26/2010 11:59:47 AM | Computer Name = VX5 | Source = HTTP | ID = 15016
Description =


< End of report >

OTL:

OTL logfile created on: 5/17/2011 10:37:16 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Martin\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.45 Gb Total Space | 3.62 Gb Free Space | 4.86% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 5.96 Gb Free Space | 79.96% Space Free | Partition Type: FAT32
Drive Z: | 931.51 Gb Total Space | 880.67 Gb Free Space | 94.54% Space Free | Partition Type: NTFS

Computer Name: VX5 | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/17 22:27:56 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
PRC - [2011/05/12 03:45:18 | 000,436,736 | -H-- | M] () -- C:\ProgramData\44818168.exe
PRC - [2011/05/12 03:43:07 | 000,506,880 | -H-- | M] (QNP) -- C:\ProgramData\PJUdowMnnh.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/05/27 10:52:22 | 000,375,296 | -H-- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2009/10/01 15:20:57 | 003,634,024 | -H-- | M] (AOL LLC) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2009/01/08 08:44:06 | 000,070,936 | -H-- | M] (Octoshape ApS) -- C:\Users\Martin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/11/02 04:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\attrib.exe


========== Modules (SafeList) ==========

MOD - [2011/05/17 22:27:56 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
MOD - [2008/01/20 21:48:20 | 000,266,240 | -H-- | M] () -- C:\Users\Martin\AppData\Local\epevazoverax.dll
MOD - [2008/01/20 21:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/24 16:04:54 | 000,199,008 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/01/15 07:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/12/23 10:35:20 | 000,117,264 | -H-- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/11/09 15:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/20 21:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/24 16:04:54 | 000,036,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/24 20:45:48 | 010,496,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/12/23 10:35:42 | 000,047,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2008/12/10 03:37:52 | 000,184,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/04 13:25:58 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/01/20 21:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:00 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | -H-- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/05/09 19:18:40 | 000,015,664 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1497561714-220801801-719060552-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1497561714-220801801-719060552-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1497561714-220801801-719060552-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1497561714-220801801-719060552-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1497561714-220801801-719060552-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/intl/en_us/services/hp/index.html#utm_source=en-bing-sem-na-us-defhp-7"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {4D393E10-185D-4F55-AB00-30893C1A8DD5}:1.9.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{4D393E10-185D-4F55-AB00-30893C1A8DD5}: C:\Users\Martin\AppData\Local\{4D393E10-185D-4F55-AB00-30893C1A8DD5} [2011/05/12 10:17:06 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/30 16:06:13 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/04 17:34:54 | 000,000,000 | -H-D | M]

[2010/12/29 18:31:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Extensions
[2009/10/07 15:31:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/29 18:31:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2011/05/01 21:27:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\p0cz5eo1.default\extensions
[2011/05/12 21:42:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/11 22:37:20 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/05/12 10:17:06 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\MARTIN\APPDATA\LOCAL\{4D393E10-185D-4F55-AB00-30893C1A8DD5}

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1497561714-220801801-719060552-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1497561714-220801801-719060552-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Hsupafiqema] C:\Users\Martin\AppData\Local\epevazoverax.dll ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1497561714-220801801-719060552-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL LLC)
O4 - HKU\S-1-5-21-1497561714-220801801-719060552-1000..\Run: [Core Temp] C:\Users\Martin\Documents\CoreTemp64\Core Temp.exe ()
O4 - HKU\S-1-5-21-1497561714-220801801-719060552-1000..\Run: [Izipimaxe] C:\Users\Martin\AppData\Local\uphtat.dll (Voxware, Inc.)
O4 - HKU\S-1-5-21-1497561714-220801801-719060552-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1497561714-220801801-719060552-1000..\Run: [Octoshape Streaming Services] C:\Users\Martin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-1497561714-220801801-719060552-1000..\Run: [PJUdowMnnh] C:\ProgramData\PJUdowMnnh.exe (QNP)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1497561714-220801801-719060552-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1497561714-220801801-719060552-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dceb5a8c-1391-11e0-b5fc-00241d8730a9}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{ff84258b-f0fb-11df-986b-00241d8730a9}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{ff84258b-f0fb-11df-986b-00241d8730a9}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 22:35:55 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2011/05/12 10:17:05 | 000,000,000 | -H-D | C] -- C:\Users\Martin\AppData\Local\{4D393E10-185D-4F55-AB00-30893C1A8DD5}
[2011/05/12 03:45:32 | 000,000,000 | -H-D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/05/12 03:43:07 | 000,506,880 | -H-- | C] (QNP) -- C:\ProgramData\PJUdowMnnh.exe
[2011/05/10 11:45:52 | 000,000,000 | -H-D | C] -- C:\Users\Martin\Desktop\spm
[2011/05/01 02:33:08 | 000,000,000 | -H-D | C] -- C:\Users\Martin\AppData\Local\Yahoo
[2011/05/01 02:31:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Yahoo! Companion
[2011/05/01 02:31:53 | 000,000,000 | -H-D | C] -- C:\Users\Martin\AppData\Roaming\Yahoo!
[2011/05/01 02:31:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/05/01 02:31:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Yahoo!
[2011/05/01 02:29:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Yahoo!
[2008/01/20 21:48:20 | 000,126,976 | -H-- | C] (Voxware, Inc.) -- C:\Users\Martin\AppData\Local\uphtat.dll

========== Files - Modified Within 30 Days ==========

[2011/05/17 22:38:51 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/17 22:38:51 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/17 22:38:51 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/17 22:34:13 | 000,000,000 | -H-- | M] () -- C:\Users\Martin\AppData\Local\Ngoqe.bin
[2011/05/17 22:33:04 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 22:33:03 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 22:33:03 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\Registry Reviver64-Martin-Startup.job
[2011/05/17 22:33:02 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\RegistryReviver64-Martin-Startup.job
[2011/05/17 22:32:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/17 22:27:56 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2011/05/15 11:17:10 | 000,000,912 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1497561714-220801801-719060552-1000UA.job
[2011/05/12 22:17:06 | 000,000,000 | -H-- | M] () -- C:\Users\Martin\defogger_reenable
[2011/05/12 21:41:35 | 000,000,120 | -H-- | M] () -- C:\Users\Martin\AppData\Local\Jmijapaximibahu.dat
[2011/05/12 03:45:54 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44818168
[2011/05/12 03:45:53 | 000,000,586 | -H-- | M] () -- C:\Users\Martin\Desktop\Windows Recovery.lnk
[2011/05/12 03:45:53 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~44818168r
[2011/05/12 03:45:29 | 000,000,344 | -H-- | M] () -- C:\ProgramData\44818168
[2011/05/12 03:45:18 | 000,436,736 | -H-- | M] () -- C:\ProgramData\44818168.exe
[2011/05/12 03:43:07 | 000,506,880 | -H-- | M] (QNP) -- C:\ProgramData\PJUdowMnnh.exe
[2011/05/12 03:41:48 | 000,000,000 | -H-- | M] () -- C:\Users\Martin\2gweorjqjutp92vjy9gake
[2011/05/09 17:57:59 | 000,000,680 | -H-- | M] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat
[2011/05/08 18:17:52 | 000,002,050 | -H-- | M] () -- C:\Users\Martin\Desktop\Google Chrome.lnk
[2011/05/07 17:24:26 | 000,031,232 | -H-- | M] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/06 08:17:00 | 000,000,860 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1497561714-220801801-719060552-1000Core.job

========== Files Created - No Company Name ==========

[2011/05/12 22:17:06 | 000,000,000 | -H-- | C] () -- C:\Users\Martin\defogger_reenable
[2011/05/12 10:17:11 | 000,000,000 | -H-- | C] () -- C:\Users\Martin\AppData\Local\Ngoqe.bin
[2011/05/12 10:17:08 | 000,000,120 | -H-- | C] () -- C:\Users\Martin\AppData\Local\Jmijapaximibahu.dat
[2011/05/12 03:45:53 | 000,000,586 | -H-- | C] () -- C:\Users\Martin\Desktop\Windows Recovery.lnk
[2011/05/12 03:45:53 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~44818168
[2011/05/12 03:45:53 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~44818168r
[2011/05/12 03:45:29 | 000,000,344 | -H-- | C] () -- C:\ProgramData\44818168
[2011/05/12 03:45:18 | 000,436,736 | -H-- | C] () -- C:\ProgramData\44818168.exe
[2011/05/12 03:41:48 | 000,000,000 | -H-- | C] () -- C:\Users\Martin\2gweorjqjutp92vjy9gake
[2010/09/19 13:04:11 | 000,815,104 | -H-- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/19 13:04:11 | 000,180,224 | -H-- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/03/11 22:51:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/02/25 00:34:31 | 000,708,868 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/12 20:53:31 | 000,000,680 | -H-- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat
[2009/11/04 01:51:25 | 002,731,600 | -H-- | C] () -- C:\Users\Martin\AppData\Roaming\speech.wav
[2009/10/12 18:11:56 | 000,001,024 | -H-- | C] () -- C:\Users\Martin\AppData\Roaming\WavCodec.wff
[2009/10/12 17:28:58 | 000,031,232 | -H-- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/02 13:01:55 | 000,982,196 | -H-- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/09/02 13:01:55 | 000,092,168 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/09/02 13:01:54 | 000,417,344 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/09/02 13:01:54 | 000,134,544 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/09/02 12:59:42 | 000,000,010 | -H-- | C] () -- C:\Windows\GSetup.ini
[2009/09/02 12:41:45 | 000,000,732 | -H-- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps64.dat
[2008/12/23 10:33:18 | 000,053,299 | -H-- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2008/01/20 21:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 21:48:20 | 000,266,240 | -H-- | C] () -- C:\Users\Martin\AppData\Local\epevazoverax.dll
[2008/01/20 21:48:19 | 000,100,043 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2007/06/21 17:34:08 | 000,203,328 | RH-- | C] () -- C:\Windows\GSetup.exe
[2006/11/02 10:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:26:55 | 000,018,271 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2006/11/02 07:24:17 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | -H-- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Martin\Desktop\Pineapple Express (Ipod).mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Martin\Desktop\MOV00960.MPG:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Martin\Desktop\MOV00956.MPG:TOC.WMV

< End of report >

Hi!

Lets run this tool first:

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



GooredFix
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :Services
  :OTL
  PRC - [2011/05/12 03:45:18 | 000,436,736 | -H-- | M] () -- C:\ProgramData\44818168.exe
  MOD - [2008/01/20 21:48:20 | 000,266,240 | -H-- | M] () -- C:\Users\Martin\AppData\Local\epevazoverax.dll
  O4 - HKLM..\Run: [Hsupafiqema] C:\Users\Martin\AppData\Local\epevazoverax.dll ()
  O4 - HKU\S-1-5-21-1497561714-220801801-719060552-1000..\Run: [Izipimaxe] C:\Users\Martin\AppData\Local\uphtat.dll (Voxware, Inc.)
  O4 - HKU\S-1-5-21-1497561714-220801801-719060552-1000..\Run: [PJUdowMnnh] C:\ProgramData\PJUdowMnnh.exe (QNP)
  O33 - MountPoints2\{dceb5a8c-1391-11e0-b5fc-00241d8730a9}\Shell\AutoRun\command - "" = E:\setup.exe
  O33 - MountPoints2\{ff84258b-f0fb-11df-986b-00241d8730a9}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
  O33 - MountPoints2\{ff84258b-f0fb-11df-986b-00241d8730a9}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
  [2011/05/12 10:17:05 | 000,000,000 | -H-D | C] -- C:\Users\Martin\AppData\Local\{4D393E10-185D-4F55-AB00-30893C1A8DD5}
  [2011/05/12 03:45:32 | 000,000,000 | -H-D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
  [2011/05/12 03:43:07 | 000,506,880 | -H-- | C] (QNP) -- C:\ProgramData\PJUdowMnnh.exe
  [2008/01/20 21:48:20 | 000,126,976 | -H-- | C] (Voxware, Inc.) -- C:\Users\Martin\AppData\Local\uphtat.dll
  [2011/05/17 22:34:13 | 000,000,000 | -H-- | M] () -- C:\Users\Martin\AppData\Local\Ngoqe.bin
  [2011/05/17 22:33:03 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\Registry Reviver64-Martin-Startup.job
  [2011/05/17 22:33:02 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\RegistryReviver64-Martin-Startup.job
  [2011/05/12 21:41:35 | 000,000,120 | -H-- | M] () -- C:\Users\Martin\AppData\Local\Jmijapaximibahu.dat
  [2011/05/12 03:45:54 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44818168
  [2011/05/12 03:45:53 | 000,000,586 | -H-- | M] () -- C:\Users\Martin\Desktop\Windows Recovery.lnk
  [2011/05/12 03:45:53 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~44818168r
  [2011/05/12 03:45:29 | 000,000,344 | -H-- | M] () -- C:\ProgramData\44818168
  [2011/05/12 03:45:18 | 000,436,736 | -H-- | M] () -- C:\ProgramData\44818168.exe
  [2011/05/12 03:43:07 | 000,506,880 | -H-- | M] (QNP) -- C:\ProgramData\PJUdowMnnh.exe
  [2011/05/12 03:41:48 | 000,000,000 | -H-- | M] () -- C:\Users\Martin\2gweorjqjutp92vjy9gake
  [2011/05/12 10:17:11 | 000,000,000 | -H-- | C] () -- C:\Users\Martin\AppData\Local\Ngoqe.bin
  [2011/05/12 10:17:08 | 000,000,120 | -H-- | C] () -- C:\Users\Martin\AppData\Local\Jmijapaximibahu.dat
  [2011/05/12 03:45:53 | 000,000,586 | -H-- | C] () -- C:\Users\Martin\Desktop\Windows Recovery.lnk
  [2011/05/12 03:45:53 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~44818168
  [2011/05/12 03:45:53 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~44818168r
  [2011/05/12 03:45:29 | 000,000,344 | -H-- | C] () -- C:\ProgramData\44818168
  [2011/05/12 03:45:18 | 000,436,736 | -H-- | C] () -- C:\ProgramData\44818168.exe
  [2011/05/12 03:41:48 | 000,000,000 | -H-- | C] () -- C:\Users\Martin\2gweorjqjutp92vjy9gake
  [2008/01/20 21:48:20 | 000,266,240 | -H-- | C] () -- C:\Users\Martin\AppData\Local\epevazoverax.dll
  
  :Reg
  
  :Files
  C:\ProgramData\PJUdowMnnh.exe
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  

  
  
• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.

Download Link 1
Download Link 2

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
  For instructions with screenshots, please refer to this Guide.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  
• If an update is found, the program will automatically update itself. Press the OK button and continue.
  
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

• Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  
• Click on the Scan button.
  
• When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked and then click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab.
  
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  
• Exit Malwarebytes' when done.

Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



What issues are you currently experiencing with your computer?

GooredFix:

GooredFix by jpshortstuff (04.04.11.1)
Log created at 19:49 on 18/05/2011 (Martin)
Firefox version 3.6.17 (en-US)

========== GooredScan ==========

(none)
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{4D393E10-185D-4F55-AB00-30893C1A8DD5} -> Success!
Deleting C:\Users\Martin\AppData\Local\{4D393E10-185D-4F55-AB00-30893C1A8DD5} -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:31 02/09/2009]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [03:37 12/03/2010]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [20:30 07/10/2009]

C:\Users\Martin\Application Data\Mozilla\Firefox\Profiles\p0cz5eo1.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:31 14/02/2010]

-=E.O.F=-

OTL Fix:

========== SERVICES/DRIVERS ==========
========== OTL ==========
Process 44818168.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Hsupafiqema deleted successfully.
C:\Users\Martin\AppData\Local\epevazoverax.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1497561714-220801801-719060552-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Izipimaxe deleted successfully.
C:\Users\Martin\AppData\Local\uphtat.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1497561714-220801801-719060552-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PJUdowMnnh deleted successfully.
C:\ProgramData\PJUdowMnnh.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dceb5a8c-1391-11e0-b5fc-00241d8730a9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dceb5a8c-1391-11e0-b5fc-00241d8730a9}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff84258b-f0fb-11df-986b-00241d8730a9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff84258b-f0fb-11df-986b-00241d8730a9}\ not found.
File E:\Setup_FlipShare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff84258b-f0fb-11df-986b-00241d8730a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff84258b-f0fb-11df-986b-00241d8730a9}\ not found.
File E:\Setup_FlipShare.exe not found.
Folder C:\Users\Martin\AppData\Local\{4D393E10-185D-4F55-AB00-30893C1A8DD5}\ not found.
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery folder moved successfully.
File C:\ProgramData\PJUdowMnnh.exe not found.
File C:\Users\Martin\AppData\Local\uphtat.dll not found.
C:\Users\Martin\AppData\Local\Ngoqe.bin moved successfully.
C:\Windows\Tasks\Registry Reviver64-Martin-Startup.job moved successfully.
C:\Windows\Tasks\RegistryReviver64-Martin-Startup.job moved successfully.
C:\Users\Martin\AppData\Local\Jmijapaximibahu.dat moved successfully.
C:\ProgramData\~44818168 moved successfully.
C:\Users\Martin\Desktop\Windows Recovery.lnk moved successfully.
C:\ProgramData\~44818168r moved successfully.
C:\ProgramData\44818168 moved successfully.
C:\ProgramData\44818168.exe moved successfully.
File C:\ProgramData\PJUdowMnnh.exe not found.
C:\Users\Martin\2gweorjqjutp92vjy9gake moved successfully.
File C:\Users\Martin\AppData\Local\Ngoqe.bin not found.
File C:\Users\Martin\AppData\Local\Jmijapaximibahu.dat not found.
File C:\Users\Martin\Desktop\Windows Recovery.lnk not found.
File C:\ProgramData\~44818168 not found.
File C:\ProgramData\~44818168r not found.
File C:\ProgramData\44818168 not found.
File C:\ProgramData\44818168.exe not found.
File C:\Users\Martin\2gweorjqjutp92vjy9gake not found.
File C:\Users\Martin\AppData\Local\epevazoverax.dll not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\ProgramData\PJUdowMnnh.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Martin\Desktop\cmd.bat deleted successfully.
C:\Users\Martin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
Error creating restore point.

OTL by OldTimer - Version 3.2.22.3 log created on 05182011_203818

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6612

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

5/18/2011 8:44:43 PM
mbam-log-2011-05-18 (20-44-43).txt

Scan type: Quick scan
Objects scanned: 157983
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Izipimaxe (Trojan.Agent.U) -> Value: Izipimaxe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hsupafiqema (Trojan.Agent.U) -> Value: Hsupafiqema -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Martin\AppData\Local\Temp\0.14941902945925178.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Martin\AppData\Local\Temp\0.3503373450038688.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Martin\AppData\Local\Temp\0.5986568842301756.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Martin\AppData\Local\Temp\0.6137941045835402.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Martin\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Martin\AppData\Local\Temp\jar_cache8250418183783474383.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Martin\AppData\Local\Temp\ldr6065.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Martin\downloads\xvidsetup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Martin\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

Well, The computer is running now, and the only thing wrong is I get two run.dll errors on start up but that's it:

C:\Users\Martin\AppData\Local\uphtat.dll
C:\Users\Martin\AppData\Local\epevazoverax.dll

Also, I was wondering if I could remove that Registry Reviver program? My brother told me that he doesn't remember installing it so I figured it was put on there without him knowing.

Hi!

Quote

Yes, you should be able to remove that via Start > Control Panel > Programs > Uninstall a Program.

Quote

You're receiving these error messages because your registry is pointing to files in that location that have been removed.

I'll remove those shortly.

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Check
  
• Make sure that the option "Remove found threats" is Unchecked
  
• When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
  
  • Enable Anti-Stealth technology
  
  
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

NEXT:



Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

C:\Program Files\ReviverSoft\Registry Reviver\SetUp_x64.exe a variant of Win32/SlowPCfighter application
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYYLTONI\RegistryReviver_Upgrade_x64[1].exe a variant of Win32/SlowPCfighter

application
C:\Users\Martin\AppData\Local\Temp\jar_cache7293222246213319992.tmp a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Users\Martin\AppData\Local\Temp\jar_cache8349465862506354704.tmp a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\350e9cdc-767acc48 a variant of Java/Exploit.CVE-2009-2843.B trojan
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\102e93af-441a81b2 probably a variant of Win32/Agent.CDGQEWH trojan
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\4f698bbc-1582b64c multiple threats
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\6752b209-6966a4d4 a variant of Win32/Kryptik.NRY trojan
C:\Users\Martin\AppData\Roaming\Adobe\plugs\mmc43586102.txt a variant of Win32/Kryptik.NQE trojan
C:\Users\Martin\AppData\Roaming\OpenCandy\OpenCandy_7947F18E3A7F43388BBE8280DE07FA85\DLMgr_3_1.6.87.exe Win32/OpenCandy application
C:\Users\Martin\AppData\Roaming\OpenCandy\OpenCandy_7947F18E3A7F43388BBE8280DE07FA85\p1v1_PPIRegistryReviver_w.exe a variant of Win32/SlowPCfighter application
C:\Users\Martin\AppData\Roaming\OpenCandy\OpenCandy_7947F18E3A7F43388BBE8280DE07FA85\PPIRegistryReviverSetup.exe a variant of Win32/SlowPCfighter application
C:\Users\Martin\Desktop\Music\busy body puall wall n webbie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Martin\Desktop\Music\science system of down [extended concert version].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Martin\Desktop\Music\tamagotchi dj mystik - bonus track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Martin\Desktop\Music\tamagotchi dj mystik VBR.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\_OTL\MovedFiles\05182011_203818\C_ProgramData\44818168.exe a variant of Win32/Kryptik.NQM trojan
C:\_OTL\MovedFiles\05182011_203818\C_ProgramData\PJUdowMnnh.exe a variant of Win32/Kryptik.NQM trojan
C:\_OTL\MovedFiles\05182011_203818\C_Users\Martin\AppData\Local\epevazoverax.dll a variant of Win32/Kryptik.NOS trojan
C:\_OTL\MovedFiles\05182011_203818\C_Users\Martin\AppData\Local\uphtat.dll a variant of Win32/Kryptik.NQE trojan
Z:\$RECYCLE.BIN\S-1-5-21-1497561714-220801801-719060552-1000\$R19QRDN.exe a variant of Win32/Adware.Gamevance.AK application
Z:\$RECYCLE.BIN\S-1-5-21-1497561714-220801801-719060552-1000\$R4YDUMR.exe Win32/OpenCandy application
Z:\$RECYCLE.BIN\S-1-5-21-1497561714-220801801-719060552-1000\$R7LTO85.exe a variant of Win32/Adware.Gamevance.AK application
Z:\$RECYCLE.BIN\S-1-5-21-1497561714-220801801-719060552-1000\$RMYC59F.exe Win32/OpenCandy application
Z:\$RECYCLE.BIN\S-1-5-21-1497561714-220801801-719060552-1000\$RRKG8IN.exe a variant of Win32/Adware.Gamevance.AK application
Z:\$RECYCLE.BIN\S-1-5-21-1497561714-220801801-719060552-1000\$RW9M4AJ.exe a variant of Win32/Adware.Gamevance.AK application
Z:\$RECYCLE.BIN\S-1-5-21-1497561714-220801801-719060552-1000\$RXBAAF3.exe a variant of Win32/Adware.Gamevance.AK application
Z:\Downloads\ClickPotatoInstaller.exe a variant of Win32/Adware.HotBar.G application
Z:\Downloads\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AK application
Z:\Downloads\StepMania-3.9a.exe Win32/OpenCandy application
Z:\Downloads\XvidSetup.exe a variant of Win32/Adware.HotBar.H application
Z:\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\350e9cdc-767acc48 a variant of Java/Exploit.CVE-2009-2843.B trojan
Z:\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\102e93af-441a81b2 probably a variant of Win32/Agent.CDGQEWH trojan
Z:\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\4f698bbc-1582b64c multiple threats
Z:\Martin\AppData\Roaming\OpenCandy\OpenCandy_7947F18E3A7F43388BBE8280DE07FA85\DLMgr_3_1.6.87.exe Win32/OpenCandy application
Z:\Martin\AppData\Roaming\OpenCandy\OpenCandy_7947F18E3A7F43388BBE8280DE07FA85\p1v1_PPIRegistryReviver_w.exe a variant of Win32/SlowPCfighter application
Z:\Martin\AppData\Roaming\OpenCandy\OpenCandy_7947F18E3A7F43388BBE8280DE07FA85\PPIRegistryReviverSetup.exe a variant of Win32/SlowPCfighter application
Z:\Martin\Desktop\Music\busy body puall wall n webbie.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
Z:\Martin\Desktop\Music\science system of down [extended concert version].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
Z:\Martin\Desktop\Music\tamagotchi dj mystik - bonus track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
Z:\Martin\Desktop\Music\tamagotchi dj mystik VBR.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
Z:\Martin\Downloads\ClickPotatoInstaller.exe a variant of Win32/Adware.HotBar.G application
Z:\Martin\Downloads\SetupGamevance(2).exe a variant of Win32/Adware.Gamevance.AK application
Z:\Martin\Downloads\SetupGamevance(3).exe a variant of Win32/Adware.Gamevance.AK application
Z:\Martin\Downloads\SetupGamevance(4).exe a variant of Win32/Adware.Gamevance.AK application
Z:\Martin\Downloads\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AK application
Z:\Martin\Downloads\StepMania-3.9a.exe Win32/OpenCandy application
Z:\Martin\Downloads\StepMania-4.0.b6(2).exe Win32/OpenCandy application
Z:\Martin\Downloads\StepMania-4.0.b6.exe Win32/OpenCandy application
Z:\Martin\Downloads\XvidSetup.exe a variant of Win32/Adware.HotBar.H application

Security Check:

Results of screen317's Security Check version 0.99.11
Windows Vista (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 16
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
``````````End of Log````````````

Hi!

Looks like we have some work to do!

Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Microsoft: ‘Unprecedented Wave of Java Exploitation’
  
• Drive-by Trojan preying on out-of-date Java installations
  
• Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Look for "Java Platform, Standard Edition".
  
• Click the "Download JRE" button to the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• From the list, select your OS and Platform.
  
  • 32-bit Select: Windows x86 Offline.
    
  • 64-bit Select: Windows x64.
  
  
• If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
  
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  
• The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  
• Click Ok and reboot your computer.

NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

• Go to Start > Control Panel > Add/Remove Programs
  
• Remove ALL instances of Adobe Reader
  
• Re-boot your computer as required.
  
• Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :Services
  :OTL
  
  :Reg
  
  :Files
  C:\Program Files\ReviverSoft\Registry Reviver\SetUp_x64.exe
  C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYYLTONI\RegistryReviver_Upgrade_x64[1].exe
  C:\Users\Martin\AppData\Local\Temp\jar_cache7293222246213319992.tmp
  C:\Users\Martin\AppData\Local\Temp\jar_cache8349465862506354704.tmp
  C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\350e9cdc-767acc48
  C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\102e93af-441a81b2
  C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\4f698bbc-1582b64c
  C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\6752b209-6966a4d4
  C:\Users\Martin\AppData\Roaming\Adobe\plugs\mmc43586102.txt
  C:\Users\Martin\AppData\Roaming\OpenCandy\OpenCandy_7947F18E3A7F43388BBE8280DE07FA85\DLMgr_3_1.6.87.exe
  C:\Users\Martin\AppData\Roaming\OpenCandy\OpenCandy_7947F18E3A7F43388BBE8280DE07FA85\p1v1_PPIRegistryReviver_w.exe
  C:\Users\Martin\AppData\Roaming\OpenCandy\OpenCandy_7947F18E3A7F43388BBE8280DE07FA85\PPIRegistryReviverSetup.exe
  C:\Users\Martin\Desktop\Music\busy body puall wall n webbie.mp3
  C:\Users\Martin\Desktop\Music\science system of down [extended concert version].mp3
  C:\Users\Martin\Desktop\Music\tamagotchi dj mystik - bonus track.mp3
  C:\Users\Martin\Desktop\Music\tamagotchi dj mystik VBR.mp3
  Z:\Downloads\ClickPotatoInstaller.exe
  Z:\Downloads\SetupGamevance.exe
  Z:\Downloads\StepMania-3.9a.exe
  Z:\Downloads\XvidSetup.exe
  Z:\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\350e9cdc-767acc48
  Z:\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\102e93af-441a81b2
  Z:\Martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\4f698bbc-1582b64c
  Z:\Martin\AppData\Roaming\OpenCandy\OpenCandy_7947F18E3A7F43388BBE8280DE07FA85\DLMgr_3_1.6.87.exe
  Z:\Martin\AppData\Roaming\OpenCandy\OpenCandy_7947F18E3A7F43388BBE8280DE07FA85\p1v1_PPIRegistryReviver_w.exe
  Z:\Martin\AppData\Roaming\OpenCandy\OpenCandy_7947F18E3A7F43388BBE8280DE07FA85\PPIRegistryReviverSetup.exe
  Z:\Martin\Desktop\Music\busy body puall wall n webbie.mp3
  Z:\Martin\Desktop\Music\science system of down [extended concert version].mp3
  Z:\Martin\Desktop\Music\tamagotchi dj mystik - bonus track.mp3
  Z:\Martin\Desktop\Music\tamagotchi dj mystik VBR.mp3
  Z:\Martin\Downloads\ClickPotatoInstaller.exe
  Z:\Martin\Downloads\SetupGamevance(2).exe
  Z:\Martin\Downloads\SetupGamevance(3).exe
  Z:\Martin\Downloads\SetupGamevance(4).exe
  Z:\Martin\Downloads\SetupGamevance.exe
  Z:\Martin\Downloads\StepMania-3.9a.exe
  Z:\Martin\Downloads\StepMania-4.0.b6(2).exe
  Z:\Martin\Downloads\StepMania-4.0.b6.exe
  Z:\Martin\Downloads\XvidSetup.exe
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

  
  
• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Your computer is currently running with an outdated Service Pack installed. This is not something that I recommend you continue to do. Please visit this link here: http://support.microsoft.com/kb/935791#Method2 for information on how to obtain the latest Service Pack for Vista. The latest service pack for Vista is currently Service Pack 2.


NEXT:



No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors

• Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
  
• avast! 6 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  
  
  
  netsvcs
  drivers32
  hklm\software\clients\startmenuinternet|command /rs
  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
  
  
• Push the button.
  
• A report will open. Copy and Paste that report in your next reply.

NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Still with me?

Hi, sorry. I haven't been able to get to his computer as of late. Work has been kicking my butt but I have time today so i'll post up the logs you asked of here in a little bit. Sorry about the delay :/

Okay. Thanks for letting me know

Still with me?

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.