Google search page appears to be fraudulent, searches result in foreign language

Solved
By mcn901
Jan 6, 2011
Topic Status:
Not open for further replies.
  1. System affected (friend's not mine): Windows XP Home Edition Version 2002 Service Pack 3

    Problem: appears Unique to Google Search home page.
    Internet Explorer and Firefox both behave the same
    When I go to www.google.ca I get what appears to be a Google search page but it is NOT the one from google.ca
    - the google logo does not say "Google Canada"
    - there is no "option for french"
    - most of the links like "Advanced search options" just blink and the same page comes up, sometimes with a missing Google logo
    - when I enter a search term and hit enter, it delivers a "results" page with links, but in a foreign language (not french)
    - other internet sites operate normally
    - trying to join techspot.com from that machine does not display the image needed for image verification
    I am running AVG 2011, MalwareBytes 1.50.1.1100, windows firewall

    Ran the 8 steps as per instructions

    ==================
    AVG scan log
    =================
    "Scan ""Whole computer scan"" completed."
    "Warnings";"8";"8";"0"
    "Folders selected for scanning:";"Whole computer scan"
    "Scan started:";"January 6, 2011, 4:15:01 AM"
    "Scan finished:";"January 6, 2011, 4:58:38 AM (43 minute(s) 37 second(s))"
    "Total object scanned:";"1015509"
    "User who launched the scan:";"Larry"

    "Warnings"
    "";"File";"Infection";"Result"
    "";"C:\Documents and Settings\Larry\Cookies\larry@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault"
    "";"C:\Documents and Settings\Larry\Cookies\larry@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Healed"
    "";"C:\Documents and Settings\Larry\Cookies\larry@mediaplex[2].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
    "";"C:\Documents and Settings\Larry\Cookies\larry@mediaplex[2].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
    "";"C:\Documents and Settings\Larry\Cookies\larry@mediaplex[2].txt";"Found Tracking cookie.Mediaplex";"Healed"
    "";"C:\Documents and Settings\Larry\Cookies\larry@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
    "";"C:\Documents and Settings\Larry\Cookies\larry@atdmt[2].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
    "";"C:\Documents and Settings\Larry\Cookies\larry@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Healed"

    ======================
    MBAM Log
    ======================
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5469

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    06/01/2011 7:20:41 AM
    mbam-log-2011-01-06 (07-20-41).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 248261
    Time elapsed: 1 hour(s), 23 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ================
    GMER log
    ================
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-06 07:52:32
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3160811AS rev.3.AAE
    Running: lrdv8m8z.exe; Driver: C:\DOCUME~1\Larry\LOCALS~1\Temp\kflcrpog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----

    ====================
    DDS log
    ====================

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Larry at 7:57:18.25 on 06/01/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.2495.1756 [GMT -7:00]

    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Documents and Settings\Larry\Desktop\lrdv8m8z.exe
    C:\Documents and Settings\Larry\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    mSearchAssistant = hxxp://www.google.com/ie
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
    mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
    mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    AppInit_DLLs: c:\windows\system32\zawolam.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 89.149.230.137 www.google.com
    Hosts: 89.149.230.137 www.google.de
    Hosts: 89.149.230.137 www.google.fr
    Hosts: 89.149.230.137 www.google.co.uk
    Hosts: 89.149.230.137 www.google.com.br

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ================= FIREFOX ===================

    FF - ProfilePath -

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
    S2 gupdate1ca46d14845d248;Google Update Service (gupdate1ca46d14845d248);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

    =============== Created Last 30 ================

    2011-01-06 11:06:01 -------- d-----w- c:\docume~1\larry\applic~1\Malwarebytes
    2011-01-06 10:52:17 -------- d-sh--w- c:\documents and settings\larry\PrivacIE
    2011-01-05 23:55:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2011-01-05 19:38:16 -------- d--h--w- C:\$AVG
    2011-01-05 18:24:11 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
    2011-01-05 18:23:20 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-01-05 18:23:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
    2011-01-05 18:17:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2011-01-05 16:09:36 90112 ----a-w- c:\windows\unvise32.exe
    2011-01-05 16:07:12 -------- d-----w- c:\program files\Starry Night Enthusiast 4.5
    2011-01-05 15:08:26 -------- d-----w- C:\Hubble Site Light
    2011-01-05 13:42:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
    2011-01-05 13:42:45 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-01-05 13:42:44 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-01-05 13:42:44 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-01-05 13:42:32 -------- d-----w- c:\program files\NVIDIA Corporation
    2011-01-05 13:41:02 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
    2011-01-04 22:43:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-04 22:43:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-01-04 22:43:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-04 22:43:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-04 22:31:51 -------- d-----w- c:\windows\pss
    2010-12-15 10:17:18 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-15 10:15:16 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2010-12-08 11:12:38 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2008-10-30 18:26:50 16156056 ----a-w- c:\program files\jre-6u10-windows-i586-p.exe
    2006-12-13 21:32:39 2904959 ----a-w- c:\program files\java3d-1_4_0_01-windows-i586.exe

    ============= FINISH: 7:57:33.57 ===============

    ATTACH Log too big - will add after this
  2. mcn901

    mcn901 Newcomer, in training Topic Starter

    ATTACH log part 1 for the problem PC

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 06/11/2006 2:33:12 PM
    System Uptime: 06/01/2011 5:54:32 AM (2 hours ago)

    Motherboard: ASUSTeK Computer INC. | | A8N-VM CSM
    Processor: AMD Athlon(tm) 64 Processor 3500+ | CPU 1 | 2210/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 105.489 GiB free.
    D: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP720: 09/10/2010 3:04:28 AM - System Checkpoint
    RP721: 10/10/2010 4:04:28 AM - System Checkpoint
    RP722: 11/10/2010 5:04:28 AM - System Checkpoint
    RP723: 12/10/2010 6:04:28 AM - System Checkpoint
    RP724: 13/10/2010 7:04:30 AM - System Checkpoint
    RP725: 14/10/2010 3:00:31 AM - Software Distribution Service 3.0
    RP726: 18/10/2010 4:27:22 PM - System Checkpoint
    RP727: 19/10/2010 5:21:20 PM - System Checkpoint
    RP728: 20/10/2010 6:21:25 PM - System Checkpoint
    RP729: 21/10/2010 7:21:20 PM - System Checkpoint
    RP730: 25/10/2010 4:10:44 PM - System Checkpoint
    RP731: 26/10/2010 4:12:43 PM - System Checkpoint
    RP732: 27/10/2010 4:32:45 PM - System Checkpoint
    RP733: 28/10/2010 5:30:45 PM - System Checkpoint
    RP734: 29/10/2010 5:32:42 PM - System Checkpoint
    RP735: 30/10/2010 6:46:42 PM - System Checkpoint
    RP736: 31/10/2010 7:32:42 PM - System Checkpoint
    RP737: 01/11/2010 8:32:43 PM - System Checkpoint
    RP738: 02/11/2010 9:32:42 PM - System Checkpoint
    RP739: 03/11/2010 10:32:43 PM - System Checkpoint
    RP740: 08/11/2010 10:14:25 AM - System Checkpoint
    RP741: 09/11/2010 10:35:04 AM - System Checkpoint
    RP742: 10/11/2010 1:35:18 PM - System Checkpoint
    RP743: 11/11/2010 3:00:24 AM - Software Distribution Service 3.0
    RP744: 12/11/2010 3:35:02 AM - System Checkpoint
    RP745: 13/11/2010 4:35:02 AM - System Checkpoint
    RP746: 14/11/2010 5:34:52 AM - System Checkpoint
    RP747: 15/11/2010 6:34:52 AM - System Checkpoint
    RP748: 16/11/2010 7:34:52 AM - System Checkpoint
    RP749: 17/11/2010 8:34:52 AM - System Checkpoint
    RP750: 18/11/2010 9:34:53 AM - System Checkpoint
    RP751: 19/11/2010 10:34:52 AM - System Checkpoint
    RP752: 20/11/2010 11:34:52 AM - System Checkpoint
    RP753: 21/11/2010 12:34:48 PM - System Checkpoint
    RP754: 22/11/2010 1:55:07 PM - System Checkpoint
    RP755: 23/11/2010 3:24:30 PM - System Checkpoint
    RP756: 24/11/2010 3:57:31 PM - System Checkpoint
    RP757: 25/11/2010 4:57:34 PM - System Checkpoint
    RP758: 26/11/2010 5:57:31 PM - System Checkpoint
    RP759: 27/11/2010 6:57:33 PM - System Checkpoint
    RP760: 28/11/2010 7:57:48 PM - System Checkpoint
    RP761: 29/11/2010 8:57:33 PM - System Checkpoint
    RP762: 30/11/2010 9:57:33 PM - System Checkpoint
    RP763: 01/12/2010 10:57:32 PM - System Checkpoint
    RP764: 03/12/2010 12:25:15 AM - System Checkpoint
    RP765: 04/12/2010 5:22:01 AM - System Checkpoint
    RP766: 06/12/2010 9:54:18 AM - System Checkpoint
    RP767: 07/12/2010 10:31:33 AM - System Checkpoint
    RP768: 08/12/2010 11:30:27 AM - System Checkpoint
    RP769: 09/12/2010 12:42:27 PM - System Checkpoint
    RP770: 13/12/2010 12:53:57 PM - System Checkpoint
    RP771: 14/12/2010 1:30:47 PM - System Checkpoint
    RP772: 15/12/2010 3:00:17 PM - System Checkpoint
    RP773: 16/12/2010 3:00:20 AM - Software Distribution Service 3.0
    RP774: 20/12/2010 11:45:12 AM - System Checkpoint
    RP775: 21/12/2010 12:28:39 PM - System Checkpoint
    RP776: 22/12/2010 2:34:12 PM - System Checkpoint
    RP777: 03/01/2011 12:03:19 PM - System Checkpoint
    RP778: 05/01/2011 5:52:08 AM - Software Distribution Service 3.0
    RP779: 05/01/2011 6:40:01 AM - Software Distribution Service 3.0
    RP780: 05/01/2011 10:23:21 AM - Software Distribution Service 3.0
    RP781: 05/01/2011 11:12:04 AM - Removed Safari
    RP782: 05/01/2011 11:13:14 AM - Removed McAfee VirusScan Enterprise
    RP783: 05/01/2011 11:22:45 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP784: 05/01/2011 11:22:55 AM - Installed AVG 2011
    RP785: 05/01/2011 11:23:13 AM - Installed AVG 2011
    RP786: 05/01/2011 1:35:43 PM - Removed Google Earth.
    RP787: 05/01/2011 1:47:58 PM - Removed Apple Mobile Device Support

    ==== Hosts File Hijack ======================

    Hosts: 89.149.230.137 www.google.com
    Hosts: 89.149.230.137 www.google.de
    Hosts: 89.149.230.137 www.google.fr
    Hosts: 89.149.230.137 www.google.co.uk
    Hosts: 89.149.230.137 www.google.com.br
    Hosts: 89.149.230.137 www.google.it
    Hosts: 89.149.230.137 www.google.es
    Hosts: 89.149.230.137 www.google.co.jp
    Hosts: 89.149.230.137 www.google.com.mx
    Hosts: 89.149.230.137 www.google.ca
    Hosts: 89.149.230.137 www.google.com.au
    Hosts: 89.149.230.137 www.google.nl
    Hosts: 89.149.230.137 www.google.co.za
    Hosts: 89.149.230.137 www.google.be
    Hosts: 89.149.230.137 www.google.gr
    Hosts: 89.149.230.137 www.google.at
    Hosts: 89.149.230.137 www.google.se
    Hosts: 89.149.230.137 www.google.ch
    Hosts: 89.149.230.137 www.google.pt
    Hosts: 89.149.230.137 www.google.dk
    Hosts: 89.149.230.137 www.google.fi
    Hosts: 89.149.230.137 www.google.ie
    Hosts: 89.149.230.137 www.google.no
    Hosts: 89.149.230.137 search.yahoo.com
    Hosts: 89.149.230.137 us.search.yahoo.com
    Hosts: 89.149.230.137 uk.search.yahoo.com
    Hosts: 89.149.230.137 www.bing.com

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    8500A909_eDocs
    8500A909_Help
    8500A909a
    8500A909g
    Adobe Acrobat 7.0 Professional
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Creative Suite 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe GoLive CS2
    Adobe Help Center 1.0
    Adobe Illustrator CS2
    Adobe InDesign CS2
    Adobe Photoshop CS2
    Adobe Reader 7.0.8
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    Adobe Version Cue CS2
    Akamai NetSession Interface
    Apple Application Support
    Apple Software Update
    ArcSoft PhotoImpression 5
    Athlon 64 Processor Driver
    AusLogics Disk Defrag
    AusLogics Registry Cleaner
    AVG 2011
    BPD_DSWizards
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Destination Component
    DeviceDiscovery
    DocMgr
    DocProc
    EPSON CX 4200 4800 Guide
    EPSON Printer Software
    EPSON Scan
    Fax
    Google Update Helper
    GPBaseService2
    High Definition Audio Driver Package - KB888111
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Format SDK (KB921108)
    Hotfix for Windows Media Format SDK (KB922814)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 12.0
    HP Document Manager 2.0
    HP Imaging Device Functions 12.0
    HP Smart Web Printing
    HP Solution Center 13.0
    HP Update
    HPProductAssistant
    HPSSupply
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 14
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    K-Lite Codec Pack 5.4.4 (Basic)
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Professional with FrontPage
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ Run Time Lib Setup
    Mozilla Firefox (3.6.2)
    MPM
    MSVCSetup
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero Suite
    Network
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    OCR Software by I.R.I.S. 12.0
    Officejet Pro 8500 A909 Series
    PowerDVD
    ProductContext
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    Rhapsody Player Engine
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shop for HP Supplies
    SkyMap Pro 11
    SmartWebPrinting
    SolutionCenter
    SoundMAX
    SSH Secure Shell
    Starry Night Enthusiast 4.5 (Freeman)
    Status
    Suite Specific
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2466076)
    Update for Windows Internet Explorer 8 (KB969497)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB912452)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VIREO - The VIRtual Educational Observatory (Version 1.400)
    VLC media player 1.1.5
    WebFldrs XP
    WebReg
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Hotfix - KB895181
    Windows Media Player 10 Hotfix - KB888656
    Windows Media Player 11
    Windows XP Service Pack 3
    WinZip
  3. mcn901

    mcn901 Newcomer, in training Topic Starter

    ATTACH log part 2 for the problem PC

    ==== Event Viewer Messages From Past Week ========

    06/01/2011 5:52:54 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    06/01/2011 5:52:54 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    06/01/2011 5:52:54 AM, error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s).
    06/01/2011 5:52:05 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.
    06/01/2011 5:52:05 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
    05/01/2011 9:28:56 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.
    05/01/2011 7:57:49 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 25 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:57:28 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:57:22 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:57:12 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:57:07 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:57:01 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:56:56 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:56:50 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:56:45 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:56:39 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:56:32 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:56:06 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:55:56 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:55:48 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:55:43 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:55:32 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:55:27 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:55:21 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:55:16 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:55:08 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:54:50 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:54:45 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:54:38 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:54:32 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:54:22 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 7:53:39 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    05/01/2011 6:11:28 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Akamai NetSession Interface service to connect.
    05/01/2011 6:11:27 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 117 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:11:22 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 116 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:11:17 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 115 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:11:11 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 114 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:11:06 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 113 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:11:00 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 112 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:10:55 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 111 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:10:47 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 110 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:10:42 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 109 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:10:35 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 108 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:10:18 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 107 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:10:10 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 106 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:10:05 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 105 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:10:00 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 104 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:09:55 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 103 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:09:47 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 102 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:09:42 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 101 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:09:34 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 100 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:09:28 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 99 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:09:23 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 98 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:09:18 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 97 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:09:01 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 96 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:08:56 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 95 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:08:51 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 94 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:08:46 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 93 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:08:38 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 92 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:08:33 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 91 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:08:29 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 90 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:08:23 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 89 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:08:18 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 88 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:08:13 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 87 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:08:08 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 86 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:08:03 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 85 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:07:45 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 84 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:07:40 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 83 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:07:34 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 82 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:07:24 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 81 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:07:13 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 80 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:07:07 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 79 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:07:01 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 78 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:06:55 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 77 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:06:37 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 76 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:06:31 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 75 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:06:25 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 74 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:06:19 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 73 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:06:14 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 72 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:06:05 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 71 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:06:00 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 70 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:05:53 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 69 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:05:47 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 68 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:05:42 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 67 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:05:36 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 66 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:05:15 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 65 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:05:09 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 64 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:05:00 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 63 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:04:54 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 62 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:04:44 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 61 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:04:39 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 60 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:04:34 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 59 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:04:28 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 58 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:04:23 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 57 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:04:03 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 56 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:03:57 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 55 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:03:51 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 54 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:03:45 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 53 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:03:39 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 52 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:03:32 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 51 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:03:26 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 50 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:03:21 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 49 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:03:16 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 48 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:03:07 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 47 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:02:44 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 46 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:02:33 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 45 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:02:26 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 44 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:02:20 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 43 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:02:15 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 42 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:02:10 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 41 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:02:01 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 40 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:01:53 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 39 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:01:48 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 38 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:01:27 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 37 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:01:18 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 36 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:01:13 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 35 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:01:07 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 34 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:01:02 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 33 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:00:57 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 32 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:00:52 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 31 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:00:47 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 30 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:00:42 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 29 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:00:37 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 28 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:00:20 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 27 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 6:00:12 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 26 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    05/01/2011 5:16:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Avgldx86 Avgmfx86 Avgtdix Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    05/01/2011 2:16:46 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate1ca46d14845d248) service failed to start due to the following error: The system cannot find the path specified.
    05/01/2011 11:14:49 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    05/01/2011 10:47:55 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2751'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
    05/01/2011 1:32:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    05/01/2011 1:31:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    05/01/2011 1:28:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Avgldx86 Avgmfx86 Avgtdix Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    05/01/2011 1:28:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    05/01/2011 1:28:36 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    05/01/2011 1:28:36 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    05/01/2011 1:28:36 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    05/01/2011 1:28:36 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    05/01/2011 1:28:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    05/01/2011 1:28:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    05/01/2011 1:27:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    ==== End Of File ===========================
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! The Host files on your friend's computer have been hijacked. The searches are being directed to a web site in Poland. And he has the Akamai NetSession Interface ("NetSession Interface") set but it isn't working> whether the 2 are related, remains to be seen. This interface is a secure networking service that is installed for improving the speed, reliability and efficiency of content downloaded from the Internet. The NetSession Interface downloads only files specifically authorized by you, or for the purpose of automatically updating itself- however if the Service isn't running or it can't update, it will not be of any use. He should review this http://www.akamai.com/eula

    This shows a status of Running, Automatic, but it does not appear to be working. Install date is 2004. Please ask if this is still being used.
    =================================================
    Please run the following in the order given:
    Step one:
    You will need to do a DNS Flush, then reset your router.
    Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)
    Exit the Command prompt when finished and shut the system down.-
    Step two:

    • [1]. Shut down your computer, and any other computer connected to your router.
      [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
      [3]. Unplug the router. Wait sixty seconds.
      [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
      [5].With the router unplugged, start your computer.
      [6].Connect to the router again. The turn the router back on.
      [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
      [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
    Step three:
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ===============================================
    Step four:Follow with Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =========================================
    After I review these logs, I will have you remove multiple outdated Java and Adobe Reader programs which present vulnerabilities to the system.
  5. mcn901

    mcn901 Newcomer, in training Topic Starter

    Thanks very much for your quick reply.

    To reset her router I will have to go to her site (I brought the PC to my house to work on it for the last 2 days). Since I cannot get access to her site for 2-3 hours I estimate that I will finish the steps you gave me in about 3 hours. I will post the results then.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    No problem- take your time. It's about time for my miday break too.
  7. mcn901

    mcn901 Newcomer, in training Topic Starter

    Steps done as advised
    ComboFix required that I uninstall AVG 2011 . Done. It ran as expected.

    HijackThis Log
    ==========
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:25:22 PM, on 06/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O1 - Hosts: 89.149.230.137 www.google.com
    O1 - Hosts: 89.149.230.137 www.google.de
    O1 - Hosts: 89.149.230.137 www.google.fr
    O1 - Hosts: 89.149.230.137 www.google.co.uk
    O1 - Hosts: 89.149.230.137 www.google.com.br
    O1 - Hosts: 89.149.230.137 www.google.it
    O1 - Hosts: 89.149.230.137 www.google.es
    O1 - Hosts: 89.149.230.137 www.google.co.jp
    O1 - Hosts: 89.149.230.137 www.google.com.mx
    O1 - Hosts: 89.149.230.137 www.google.ca
    O1 - Hosts: 89.149.230.137 www.google.com.au
    O1 - Hosts: 89.149.230.137 www.google.nl
    O1 - Hosts: 89.149.230.137 www.google.co.za
    O1 - Hosts: 89.149.230.137 www.google.be
    O1 - Hosts: 89.149.230.137 www.google.gr
    O1 - Hosts: 89.149.230.137 www.google.at
    O1 - Hosts: 89.149.230.137 www.google.se
    O1 - Hosts: 89.149.230.137 www.google.ch
    O1 - Hosts: 89.149.230.137 www.google.pt
    O1 - Hosts: 89.149.230.137 www.google.dk
    O1 - Hosts: 89.149.230.137 www.google.fi
    O1 - Hosts: 89.149.230.137 www.google.ie
    O1 - Hosts: 89.149.230.137 www.google.no
    O1 - Hosts: 89.149.230.137 search.yahoo.com
    O1 - Hosts: 89.149.230.137 us.search.yahoo.com
    O1 - Hosts: 89.149.230.137 uk.search.yahoo.com
    O1 - Hosts: 89.149.230.137 www.bing.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\zawolam.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate1ca46d14845d248) (gupdate1ca46d14845d248) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 11358 bytes

    ===========

    ===========
    ComboFix Log
    ============
    ComboFix 11-01-04.01 - Larry 06/01/2011 13:52:57.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.2495.2011 [GMT -7:00]
    Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
    .

    2011-01-06 20:24 . 2011-01-06 20:25 -------- d-----w- C:\HijackThis
    2011-01-06 10:51 . 2011-01-06 10:52 -------- d-----w- c:\documents and settings\Larry
    2011-01-05 23:55 . 2011-01-05 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-01-05 19:38 . 2011-01-05 19:38 -------- d-----w- C:\$AVG
    2011-01-05 18:25 . 2011-01-05 18:25 -------- d-----w- c:\documents and settings\JH\Application Data\AVG10
    2011-01-05 18:24 . 2011-01-05 18:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-01-05 18:23 . 2011-01-06 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2011-01-05 18:17 . 2011-01-05 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-01-05 16:09 . 2003-03-16 06:15 90112 ----a-w- c:\windows\unvise32.exe
    2011-01-05 16:07 . 2011-01-05 18:07 -------- d-----w- c:\program files\Starry Night Enthusiast 4.5
    2011-01-05 15:21 . 2011-01-05 15:22 -------- d-----w- c:\documents and settings\JH\Application Data\vlc
    2011-01-05 15:08 . 2011-01-05 15:18 -------- d-----w- C:\Hubble Site Light
    2011-01-05 13:55 . 2011-01-05 13:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-01-05 13:42 . 2011-01-05 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2011-01-05 13:42 . 2011-01-05 13:42 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-01-05 13:42 . 2011-01-05 13:42 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-01-05 13:42 . 2011-01-05 13:42 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-01-05 13:42 . 2011-01-05 13:42 -------- d-----w- c:\program files\NVIDIA Corporation
    2011-01-05 13:41 . 2008-07-08 15:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
    2011-01-04 22:44 . 2011-01-04 22:44 -------- d-----w- c:\documents and settings\JH\Application Data\Malwarebytes
    2011-01-04 22:43 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-04 22:43 . 2011-01-04 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-01-04 22:43 . 2011-01-05 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-04 22:43 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-04 21:46 . 2011-01-05 01:10 -------- d-----w- c:\documents and settings\Administrator
    2010-12-15 10:17 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-15 10:15 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-18 18:12 . 2006-10-16 18:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2008-10-30 18:26 . 2008-10-30 18:25 16156056 ----a-w- c:\program files\jre-6u10-windows-i586-p.exe
    2006-12-13 21:32 . 2006-12-13 21:32 2904959 ----a-w- c:\program files\java3d-1_4_0_01-windows-i586.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
    "Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1151:TCP"= 1151:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 5:00 AM 14336]
    S2 gupdate1ca46d14845d248;Google Update Service (gupdate1ca46d14845d248);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

    2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1465058494-2243138800-104724495-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

    2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1465058494-2243138800-104724495-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

    2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1465058494-2243138800-104724495-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

    2011-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1465058494-2243138800-104724495-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

    2011-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1465058494-2243138800-104724495-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

    2011-01-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1465058494-2243138800-104724495-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

    2011-01-06 c:\windows\Tasks\User_Feed_Synchronization-{A82AFFAB-A6B3-4602-9697-EBB76F0243B1}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-06 13:55
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3184)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-01-06 13:57:18
    ComboFix-quarantined-files.txt 2011-01-06 20:57

    Pre-Run: 113,340,682,240 bytes free
    Post-Run: 113,303,916,544 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 23C8B051C919889238514B7B556FA5CE
  8. mcn901

    mcn901 Newcomer, in training Topic Starter

    Also - user does no\t know of or use the Akamai NetSession Interface for any reason.
    Shall I uninstallit now or later?
  9. mcn901

    mcn901 Newcomer, in training Topic Starter

    Forgot to include in above - the router at this remote site is part of a corporate network - a 19inch rack mounted professional microwave network router.
    I am unable to gain access and reset it.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    There are over 200 errors in the Event Viewer for the Akamai NetSession Interface service. There are globally open ports in the firewall for Akamai. There are drivers running and updates being attempted. Install shows 2004. It is curious how this program could continue running for 6 years and not used.

    The router setup also makes me wonder if this is a work computer and would therefore have an IT person available. I can have you remove the entries, but without the reset, I don't know if the host hijack will be eliminated.
    ==================================================
    Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O1 - Hosts: 89.149.230.137 www.google.com
    O1 - Hosts: 89.149.230.137 www.google.de
    O1 - Hosts: 89.149.230.137 www.google.fr
    O1 - Hosts: 89.149.230.137 www.google.co.uk
    O1 - Hosts: 89.149.230.137 www.google.com.br
    O1 - Hosts: 89.149.230.137 www.google.it
    O1 - Hosts: 89.149.230.137 www.google.es
    O1 - Hosts: 89.149.230.137 www.google.co.jp
    O1 - Hosts: 89.149.230.137 www.google.com.mx
    O1 - Hosts: 89.149.230.137 www.google.ca
    O1 - Hosts: 89.149.230.137 www.google.com.au
    O1 - Hosts: 89.149.230.137 www.google.nl
    O1 - Hosts: 89.149.230.137 www.google.co.za
    O1 - Hosts: 89.149.230.137 www.google.be
    O1 - Hosts: 89.149.230.137 www.google.gr
    O1 - Hosts: 89.149.230.137 www.google.at
    O1 - Hosts: 89.149.230.137 www.google.se
    O1 - Hosts: 89.149.230.137 www.google.ch
    O1 - Hosts: 89.149.230.137 www.google.pt
    O1 - Hosts: 89.149.230.137 www.google.dk
    O1 - Hosts: 89.149.230.137 www.google.fi
    O1 - Hosts: 89.149.230.137 www.google.ie
    O1 - Hosts: 89.149.230.137 www.google.no
    O1 - Hosts: 89.149.230.137 search.yahoo.com
    O1 - Hosts: 89.149.230.137 us.search.yahoo.com
    O1 - Hosts: 89.149.230.137 uk.search.yahoo.com
    O1 - Hosts: 89.149.230.137 www.bing.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O20 - AppInit_DLLs: C:\WINDOWS\system32\zawolam.dll


    Close all Windows except HijackThis and click on "Fix Checked."
    ======================================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files\jre-6u10-windows-i586-p.exe
    c:\program files\java3d-1_4_0_01-windows-i586.exe
    c:\windows\System32\svchost.exe -k Akamai.
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "1151:TCP"=-
    "5000:UDP"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    "Akamai"
    Driver::
    Akamai 
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please go on to next reply when through.
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Continue here after HIJT and the Combofix script:

    There are 9 outdated versions of Java on the system and no current version. All of these are a vulnerability to the system. The following program with remove all of the Java entries. When it has finished, follow the direction for updating to the current version:

    Please download JavaRa and unzip it to your desktop.

    Important!
    ***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.
    Then download and install then most current version and update of Java Runtime
    Environment (JRE)
    HERE.
    ======================================
    The Adobe Reader v7 is also outdated and a vulnerability. Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates (v7.0) as they are vulnerabilities.
    ======================================
    Please ask the user if they know what this file is:
    C:\Documents and Settings\Larry\Desktop\lrdv8m8z.exe
    =====================================

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =========================================
    Repeat the scan with HijackThis.
    Paste all logs into next reply.
     
  12. mcn901

    mcn901 Newcomer, in training Topic Starter

    Re router and IT person available - available remotely perhaps but the IT people are, shall we say, not that experienced.
    - Desktop file lrdv8m8z.exe is the random name of GMER as downloaded earlier today

    Sorry for the delay - took a while to do all the steps and run the scans

    I will uninstall Akamai

    Ran HijackThis again - no "do system scan only" - just a scan button
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe - appeared in the log but not a checkbox item
    - shall I delete this manually?

    O20 - AppInit_DLLs: C:\WINDOWS\system32\zawolam.dll - did not appear this time
    - checked all other Hijack items and fixed them - HJ log#2 below

    ran CFscript as directed - it ran and rebooted the machine (including doing a disk check after the reboot) -CF log#2 below

    Ran JavaRa as directed - it ran and worked for a while, then:
    JavaRa has encountered a problem and needs to close ... Please tell Microsoft about this problem
    Error signature
    AppName: javara.exe AppVer: 1.16.1.1763 ModName: ntdll.dll
    ModVer: 5.1.2600.5755 Offset: 0000100b
    C:\DOCUME~1\Larry\LOCALS~1\Temp\f4ef_appcompat.txt - I saved this error info file (an 8K XML file)

    - in Program Files/Java there is now only jre6
    - tried running it again - success and log created looks like it deleted 8 of 9 - JR#1 log below

    - Windows Add/Remove programs still thinks there are multiple J2SE Runtime Environment 5.0 Update 9, 10, and 11
    as well as Java(TM) 6 Update 2,3,5,14 and Java(TM) SE Runtime Environment 6 Update 1
    - I did not try to uninstall these via add/remove programs - should I? (some may be just leftover links to uninstalls that no longer exist)

    - I will download current JAVA runtime environment in a short while

    - uninstalled Adobe Reader 7.0.8 - I can install current version later

    - uninstalled Akamai NetSession. - successful

    - run Eset NOD32 Online AntiVirus scan - clean - log below

    - repeated Hijack This - log HJ #3 below

    Again, thanks for all your help, and to those who create the powerful tools you use to help us unfortunate victims.


    Logs follow:

    ===========
    HijackThis #2
    ===========
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:51:51 PM, on 06/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\WINDOWS\explorer.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O1 - Hosts: 89.149.230.137 www.google.com
    O1 - Hosts: 89.149.230.137 www.google.de
    O1 - Hosts: 89.149.230.137 www.google.fr
    O1 - Hosts: 89.149.230.137 www.google.co.uk
    O1 - Hosts: 89.149.230.137 www.google.com.br
    O1 - Hosts: 89.149.230.137 www.google.it
    O1 - Hosts: 89.149.230.137 www.google.es
    O1 - Hosts: 89.149.230.137 www.google.co.jp
    O1 - Hosts: 89.149.230.137 www.google.com.mx
    O1 - Hosts: 89.149.230.137 www.google.ca
    O1 - Hosts: 89.149.230.137 www.google.com.au
    O1 - Hosts: 89.149.230.137 www.google.nl
    O1 - Hosts: 89.149.230.137 www.google.co.za
    O1 - Hosts: 89.149.230.137 www.google.be
    O1 - Hosts: 89.149.230.137 www.google.gr
    O1 - Hosts: 89.149.230.137 www.google.at
    O1 - Hosts: 89.149.230.137 www.google.se
    O1 - Hosts: 89.149.230.137 www.google.ch
    O1 - Hosts: 89.149.230.137 www.google.pt
    O1 - Hosts: 89.149.230.137 www.google.dk
    O1 - Hosts: 89.149.230.137 www.google.fi
    O1 - Hosts: 89.149.230.137 www.google.ie
    O1 - Hosts: 89.149.230.137 www.google.no
    O1 - Hosts: 89.149.230.137 search.yahoo.com
    O1 - Hosts: 89.149.230.137 us.search.yahoo.com
    O1 - Hosts: 89.149.230.137 uk.search.yahoo.com
    O1 - Hosts: 89.149.230.137 www.bing.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Google Update Service (gupdate1ca46d14845d248) (gupdate1ca46d14845d248) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9959 bytes

    =========
    ComboFix #2
    =========

    ComboFix 11-01-04.01 - Larry 06/01/2011 16:00:51.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.2495.1830 [GMT -7:00]
    Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Larry\Desktop\CFscript.txt

    FILE ::
    "c:\program files\java3d-1_4_0_01-windows-i586.exe"
    "c:\program files\jre-6u10-windows-i586-p.exe"
    "c:\windows\System32\svchost.exe -k Akamai."
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\java3d-1_4_0_01-windows-i586.exe
    c:\program files\jre-6u10-windows-i586-p.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_AKAMAI
    -------\Service_Akamai


    ((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
    .

    2011-01-06 20:24 . 2011-01-06 22:58 -------- d-----w- C:\HijackThis
    2011-01-06 10:51 . 2011-01-06 10:52 -------- d-----w- c:\documents and settings\Larry
    2011-01-05 23:55 . 2011-01-05 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-01-05 19:38 . 2011-01-05 19:38 -------- d-----w- C:\$AVG
    2011-01-05 18:25 . 2011-01-05 18:25 -------- d-----w- c:\documents and settings\JH\Application Data\AVG10
    2011-01-05 18:24 . 2011-01-05 18:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-01-05 18:23 . 2011-01-06 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2011-01-05 18:17 . 2011-01-05 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-01-05 16:09 . 2003-03-16 06:15 90112 ----a-w- c:\windows\unvise32.exe
    2011-01-05 16:07 . 2011-01-05 18:07 -------- d-----w- c:\program files\Starry Night Enthusiast 4.5
    2011-01-05 15:21 . 2011-01-05 15:22 -------- d-----w- c:\documents and settings\JH\Application Data\vlc
    2011-01-05 15:08 . 2011-01-05 15:18 -------- d-----w- C:\Hubble Site Light
    2011-01-05 13:55 . 2011-01-05 13:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-01-05 13:42 . 2011-01-05 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2011-01-05 13:42 . 2011-01-05 13:42 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-01-05 13:42 . 2011-01-05 13:42 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-01-05 13:42 . 2011-01-05 13:42 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-01-05 13:42 . 2011-01-05 13:42 -------- d-----w- c:\program files\NVIDIA Corporation
    2011-01-05 13:41 . 2008-07-08 15:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
    2011-01-04 22:44 . 2011-01-04 22:44 -------- d-----w- c:\documents and settings\JH\Application Data\Malwarebytes
    2011-01-04 22:43 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-04 22:43 . 2011-01-04 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-01-04 22:43 . 2011-01-05 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-04 22:43 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-04 21:46 . 2011-01-05 01:10 -------- d-----w- c:\documents and settings\Administrator
    2010-12-15 10:17 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-15 10:15 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-18 18:12 . 2006-10-16 18:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2011-01-06_20.55.57 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-06 23:05 . 2011-01-06 23:05 16384 c:\windows\Temp\Perflib_Perfdata_694.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
    "Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    S2 gupdate1ca46d14845d248;Google Update Service (gupdate1ca46d14845d248);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

    2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1465058494-2243138800-104724495-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

    2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1465058494-2243138800-104724495-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

    2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1465058494-2243138800-104724495-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

    2011-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1465058494-2243138800-104724495-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

    2011-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1465058494-2243138800-104724495-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

    2011-01-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1465058494-2243138800-104724495-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

    2011-01-06 c:\windows\Tasks\User_Feed_Synchronization-{A82AFFAB-A6B3-4602-9697-EBB76F0243B1}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-06 16:05
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2440)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-06 16:08:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-06 23:08
    ComboFix2.txt 2011-01-06 20:57

    Pre-Run: 113,316,990,976 bytes free
    Post-Run: 113,185,746,944 bytes free

    - - End Of File - - 844DAA4B386D802CB4DF83AC9784F30B


    ===========
    JavaRa log
    ===========
    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Thu Jan 06 16:16:55 2011

    Found and removed: C:\Program Files\Java\jre1.5.0_09

    Found and removed: C:\Program Files\Java\jre1.5.0_10

    Found and removed: C:\Program Files\Java\jre1.5.0_11

    Found and removed: C:\Program Files\Java\jre1.6.0_01

    Found and removed: C:\Program Files\Java\jre1.6.0_02

    Found and removed: C:\Program Files\Java\jre1.6.0_03

    Found and removed: C:\Program Files\Java\jre1.6.0_05

    Found and removed: C:\Program Files\Java\jre1.6.0_07

    Found and removed: Applications\javaw.exe

    Found and removed: JavaPlugin.FamilyVersionSupport

    Found and removed: Installer\Products\8A0F842331866D117AB7000B0D610007

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: JavaScript

    Found and removed: JavaScript Author

    Found and removed: JavaScript1.1

    Found and removed: JavaScript1.1 Author

    Found and removed: JavaScript1.2

    Found and removed: JavaScript1.2 Author

    Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

    Found and removed: Software\Classes\JavaPlugin.150_09

    Found and removed: Software\Classes\JavaPlugin.150_10

    Found and removed: Software\Classes\JavaPlugin.150_11

    Found and removed: Software\Classes\JavaPlugin.160_01

    Found and removed: Software\Classes\JavaPlugin.160_02

    Found and removed: Software\Classes\JavaPlugin.160_03

    Found and removed: Software\Classes\JavaPlugin.160_05

    Found and removed: Software\Classes\JavaPlugin.160_07

    Found and removed: Software\Classes\JavaPlugin.160_14

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\JavaPlugin

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

    Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_14

    Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_14

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_14

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_14

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Thu Jan 06 16:34:37 2011

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    ------------------------------------

    Finished reporting.




    ============
    Eset NOD32 log
    ============
    no log seemed to be produced - here's what was on the screen
    no threats found
    scanned files 88024
    infected files 0
    cleaned files 0
    total scan time 00:33:11


    Hijack log in next post
  13. mcn901

    mcn901 Newcomer, in training Topic Starter

    ============
    HijackThis log #3
    =============
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:44:20 PM, on 06/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Google Update Service (gupdate1ca46d14845d248) (gupdate1ca46d14845d248) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 8801 bytes
  14. mcn901

    mcn901 Newcomer, in training Topic Starter

    PC is working well now. Google redirection to Poland is gone.
    Have proceeded to remove all old versions of Adobe Reader and Java - it would be nice if their installers did this properly.

    If there is nothing else in the last few logs to look at, then this problem should be marked as Resolved.

    Thanks eversomuch for all your help. You guys and TechSpot are Great!
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Sorry for delay- internet was down most of day. Glad to hear about removing hosts. Please replace with this:
    Replace the Host Files
    MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    =======================================
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.