TechSpot

The malware/virus I can't get rid of.

Solved
By iaslp
Mar 15, 2011
Topic Status:
Not open for further replies.
  1. I have a Dell Inspiron 6400 notebook that is about 3 to 4 years old. Problems started last Thursday when the machine locked up while I was on the web and AVG (in the system tray) was trying to update. I rebooted and immediately updated AVG and ran a full system scan overnight. It found some malware in my profile's \Application Data\ folder and the c:\windows\temp folder that it moved to the virus vault. I also updated Malware Bytes and scanned my system, and used Registry Cleaner to scan and clean my registry.

    I still had issues with an advertisement coming up upon launching my web browser, and again usually around 30 to 60 minutes later. I use Mozilla Firefox for all I can on the web, and only use IE8 if the web site isn't written for/doesn't disply well in Firefox. When launched, my home page loads in one tab, and the ad loads in a second tab. I also get a windows dialog box that opens and a sound clip plays saying I've won a $1000 gift card to Walmart. The web site was PrivilegedPrizes.com. The second ad that comes up tells me that my registry has errors, and the web site is pcspeedmaximizer.s3.amazonaws.com.

    Also, anywhere from 30 minutes to 3 hours after restarting and using the web, I would get an alert from AVG that a virus was detected and I would move it to the vault. I've done several re-scans since then but still have the same issues. In that time, one of the infections AVG alerted me to was win32/Alueron.DX (the file was called c:\windows\temp\N.EXN). Since then the alert is always an unknown virus, and the file is c:\windows\temp\EXPLORER.EXE.

    I started fresh yesterday intending to following the 8 steps thread, but when I tried to access the web, the machine locked up. So I used some notes I had written down. Once I got back on the web site, I found out I didn't follow them to the letter, but I did get some different results.

    I rebooted in to safe mode and ran AVG. Several tracking cookies were found and trojan horse PSW.Generic8.AYWC. I ran Malware Bytes while I had it in safe mode, and it found almost 600 files infected.

    After cleaning all that, I still had the popup ad issue and the virus alert for the Explorer.exe file. So I started over today following the 8 steps to the letter, and the logs are below.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6067

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/15/2011 2:27:42 PM
    mbam-log-2011-03-15 (14-27-42).txt

    Scan type: Quick scan
    Objects scanned: 175478
    Time elapsed: 14 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Attach:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/11/2006 3:46:19 PM
    System Uptime: 3/15/2011 2:07:26 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0KD882
    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | Microprocessor | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 81 GiB total, 15.33 GiB free.
    D: is FIXED (NTFS) - 26 GiB total, 24.7 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Dell Wireless 1500 Draft 802.11n WLAN Mini-Card
    Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_00091028&REV_01\4&6C79FC5&0&00E0
    Manufacturer: Broadcom
    Name: Dell Wireless 1500 Draft 802.11n WLAN Mini-Card
    PNP Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_00091028&REV_01\4&6C79FC5&0&00E0
    Service: BCM43XX
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom 440x 10/100 Integrated Controller
    Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
    Manufacturer: Broadcom
    Name: Broadcom 440x 10/100 Integrated Controller
    PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
    Service: bcm4sbxp
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\1923D941444FC000
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\1923D941444FC000
    Service: NIC1394
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Bluetooth LAN Access Server Driver
    Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
    Manufacturer: %V_WIDCOMM%
    Name: Bluetooth LAN Access Server Driver
    PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
    Service: BTWDNDIS
    .
    ==== System Restore Points ===================
    .
    RP1439: 1/20/2011 7:34:57 PM - System Checkpoint
    RP1440: 1/21/2011 8:47:58 PM - System Checkpoint
    RP1441: 1/22/2011 8:54:41 PM - System Checkpoint
    RP1442: 1/23/2011 8:58:49 PM - System Checkpoint
    RP1443: 1/24/2011 10:22:26 PM - System Checkpoint
    RP1444: 1/26/2011 11:45:03 AM - System Checkpoint
    RP1445: 1/27/2011 2:04:27 PM - System Checkpoint
    RP1446: 1/28/2011 6:24:15 PM - System Checkpoint
    RP1447: 1/29/2011 6:57:15 PM - System Checkpoint
    RP1448: 1/30/2011 7:20:09 PM - System Checkpoint
    RP1449: 1/31/2011 7:33:33 PM - System Checkpoint
    RP1450: 2/1/2011 8:19:09 PM - System Checkpoint
    RP1451: 2/2/2011 8:24:51 PM - System Checkpoint
    RP1452: 2/3/2011 9:19:33 PM - System Checkpoint
    RP1453: 2/4/2011 9:22:33 PM - System Checkpoint
    RP1454: 2/5/2011 10:18:38 PM - System Checkpoint
    RP1455: 2/6/2011 11:01:15 PM - System Checkpoint
    RP1456: 2/7/2011 11:32:42 PM - System Checkpoint
    RP1457: 2/9/2011 10:27:59 AM - System Checkpoint
    RP1458: 2/10/2011 12:24:09 PM - System Checkpoint
    RP1459: 2/11/2011 2:08:37 PM - System Checkpoint
    RP1460: 2/12/2011 2:25:10 PM - System Checkpoint
    RP1461: 2/13/2011 2:36:18 PM - System Checkpoint
    RP1462: 2/14/2011 7:23:52 PM - System Checkpoint
    RP1463: 2/15/2011 8:39:58 PM - System Checkpoint
    RP1464: 2/16/2011 9:25:26 PM - System Checkpoint
    RP1465: 2/17/2011 9:29:59 PM - System Checkpoint
    RP1466: 2/18/2011 9:40:45 PM - System Checkpoint
    RP1467: 2/19/2011 9:59:24 PM - System Checkpoint
    RP1468: 2/20/2011 10:56:53 PM - System Checkpoint
    RP1469: 2/22/2011 2:10:13 PM - System Checkpoint
    RP1470: 2/23/2011 2:45:43 PM - System Checkpoint
    RP1471: 2/24/2011 4:05:58 PM - Software Distribution Service 3.0
    RP1472: 2/25/2011 4:09:11 PM - System Checkpoint
    RP1473: 2/26/2011 4:15:38 PM - System Checkpoint
    RP1474: 2/27/2011 5:08:10 PM - System Checkpoint
    RP1475: 2/28/2011 7:44:32 PM - System Checkpoint
    RP1476: 3/1/2011 9:08:48 PM - System Checkpoint
    RP1477: 3/2/2011 7:40:14 PM - Removed BlackBerry Desktop Software 4.5.
    RP1478: 3/2/2011 7:44:33 PM - Removed Roxio Media Manager
    RP1479: 3/3/2011 8:16:40 PM - System Checkpoint
    RP1480: 3/4/2011 8:27:16 PM - System Checkpoint
    RP1481: 3/5/2011 8:45:48 PM - System Checkpoint
    RP1482: 3/6/2011 9:20:24 PM - System Checkpoint
    RP1483: 3/7/2011 10:03:32 PM - System Checkpoint
    RP1484: 3/8/2011 10:22:28 PM - System Checkpoint
    RP1485: 3/9/2011 1:08:05 PM - Software Distribution Service 3.0
    RP1486: 3/9/2011 4:10:30 PM - Software Distribution Service 3.0
    RP1487: 3/10/2011 2:13:22 PM - Configured Camera Window
    RP1488: 3/10/2011 2:14:24 PM - Configured File Viewer Utility 1.2
    RP1489: 3/10/2011 2:14:50 PM - Configured PhotoStitch
    RP1490: 3/10/2011 2:15:07 PM - Configured PhotoStitch
    RP1491: 3/10/2011 2:15:37 PM - Configured RemoteCapture 2.7.0
    RP1492: 3/10/2011 2:16:01 PM - Removed Canon Utilities ZoomBrowser EX
    RP1493: 3/11/2011 3:17:57 PM - System Checkpoint
    RP1494: 3/12/2011 4:54:12 PM - System Checkpoint
    RP1495: 3/13/2011 6:07:57 PM - System Checkpoint
    RP1496: 3/14/2011 10:16:23 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    3Com Cable Connections
    5300_5400_Help
    5300_5400_Readme
    Ad-Aware
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.1.0
    Adobe Shockwave Player 11.5
    Advanced SystemCare 3
    AOLIcon
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    AVG 2011
    Bonjour
    Borland Database Engine 5.01
    BPD_HPSU
    BPDSoftware
    BPDSoftware_Ini
    Broadcom Management Programs
    BufferChm
    Compatibility Pack for the 2007 Office system
    Conexant HDA D110 MDC V.92 Modem
    Critical Update for Windows Media Player 11 (KB959772)
    Crystal Reports 11
    CutePDF Writer 2.8
    Data Lifeguard Tools
    Dell Digital Jukebox Driver
    Dell Media Experience
    Dell Support 3.1
    Dell System Restore
    Dell Wireless WLAN Card
    DeviceManagementQFolder
    Dexterity Shared Components 10.0
    DGOControls
    Digital Content Portal
    Digital Line Detect
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    EE09EF7A-9E8C-4DCC-A615-CFFA8393E31E
    eSupportQFolder
    Express Burn Disc Burning Software
    Express Rip
    Free Video Converter V 1.0
    GDR 2050 for SQL Server Analysis Services 2005 ENU (KB932555)
    GDR 2050 for SQL Server Database Services 2005 ENU (KB932555)
    GDR 2050 for SQL Server Integration Services 2005 ENU (KB932555)
    GDR 2050 for SQL Server Notification Services 2005 ENU (KB932555)
    GDR 2050 for SQL Server Tools and Workstation Components 2005 ENU (KB932555)
    Google Earth Plug-in
    Google SketchUp 8
    Google Update Helper
    GoToMeeting 4.5.0.457
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Imaging Device Functions 7.0
    HP Officejet Pro K5300/5400 Series
    HP Software Update
    HP Solution Center 7.0
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver
    iPod for Windows 2005-10-12
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 23
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    K5400
    Learn.com CoursePlayer
    Learn2 Player (Uninstall Only)
    LimeWire 5.5.16
    Logitech Desktop Messenger
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    MCU
    MediaLife
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Dynamics GP 10.0 (GP 10.0)
    Microsoft Dynamics GP 9.0
    Microsoft Dynamics GP SDK 10.0
    Microsoft Dynamics GP SDK 9.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Office Live Meeting 2007
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Analysis Services
    Microsoft SQL Server 2005 Backward compatibility
    Microsoft SQL Server 2005 Books Online (English)
    Microsoft SQL Server 2005 Integration Services
    Microsoft SQL Server 2005 Notification Services
    Microsoft SQL Server 2005 Tools
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 2005 Premier Partner Edition - ENU
    Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)
    MobileMe Control Panel
    Modem Helper
    MotoHelper 2.0.24 Driver 4.7.1
    MotoHelper MergeModules
    Motorola Mobile Drivers Installation 4.7.1
    Move Media Player
    Mozilla Firefox (3.6.15)
    MPM
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Musicmatch® Jukebox
    NetDiag
    Netflix Movie Viewer
    NetWaiting
    OGA Notifier 2.0.0048.0
    PowerDVD 5.7
    Prism Video Converter
    ProductContext
    QuickSet
    QuickTime
    RealPlayer Basic
    Registry Cleaner 2.1
    RollerCoaster Tycoon 3 Platinum
    Safari
    SearchAssist
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shockwave
    Smart Defrag
    Softoria Capture 1.0
    SolutionCenter
    SQLXML4
    Status
    Synaptics Pointing Device Driver
    Toolbox
    TrayApp
    Tumblebugs
    Tumblebugs 2
    Turbo Lister 2
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URL Assistant
    VBA (2720)
    VC 9.0 Runtime
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WavePad Sound Editor
    WD Diagnostics
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WebIQ Technology Engine
    WebReg
    WIDCOMM Bluetooth Software
    Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip
    ZoneAlarm
    ZoneAlarm Spy Blocker
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/9/2011 3:40:35 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
    3/9/2011 12:21:34 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
    3/9/2011 1:11:53 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2495644).
    3/14/2011 6:02:41 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
    3/14/2011 5:53:38 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
    3/14/2011 5:53:38 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    3/14/2011 5:53:38 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    3/14/2011 5:53:38 PM, error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    3/14/2011 5:53:38 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    3/14/2011 5:53:38 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/14/2011 5:53:38 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/14/2011 5:53:28 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
    3/14/2011 3:24:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    3/14/2011 12:34:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT pxrts RasAcd Rdbss Tcpip vsdatant
    3/14/2011 12:08:18 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CSIScanner service, but this action failed with the following error: An instance of the service is already running.
    3/14/2011 12:08:09 AM, error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    3/14/2011 10:29:39 AM, error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/14/2011 10:29:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net Driver HPZ12 service to connect.
    3/12/2011 11:56:21 AM, error: Service Control Manager [7023] - The Intel CPU Perfermons service terminated with the following error: The system cannot find the file specified.
    3/12/2011 10:55:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Avgldx86 Avgmfx86 Fips intelppm Lbd
    3/11/2011 3:55:34 PM, error: Service Control Manager [7023] - The Intel CPU Perfermons service terminated with the following error: The specified module could not be found.
    3/11/2011 3:55:34 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
    3/11/2011 2:45:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    3/11/2011 2:44:23 PM, error: Service Control Manager [7000] - The KService service failed to start due to the following error: The system cannot find the file specified.
    3/10/2011 2:05:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/10/2011 2:05:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    3/10/2011 2:05:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    3/10/2011 2:03:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    3/10/2011 12:34:15 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
    3/10/2011 10:17:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
    3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    .
    ==== End Of File ===========================
  2. iaslp

    iaslp TS Rookie Topic Starter

    DDS:

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Larry at 14:30:36.18 on Tue 03/15/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.177 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: ZoneAlarm Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Larry\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.allmyfaves.com/
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060905
    uSearchMigratedDefaultURL = hxxp://search.excite.com/search.gw?search={searchTerms}
    uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=hxVtOCNV0UG2A3UdxuuOmEyuR-s
    uInternet Settings,ProxyServer = proxy:8080
    uInternet Settings,ProxyOverride = *.local;<local>
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [MediaLifeService] "c:\program files\logitech\medialife\MediaLifeService.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
    IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: musicmatch.com\online
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159404044468
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {81449547-EB5D-422E-8730-932DC5E412C8} - hxxp://www.howardstern.com/install/uvuplayer.cab
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxps://mgmt.clarisnetworks.com/inc/kaxRemote.dll
    DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - hxxp://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://coke.mycokerewards.com/cabs/Entriq_3_6_0_15_Silent.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 192.168.0.197 HP001B78D60319
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\larry\applic~1\mozilla\firefox\profiles\42uas7h1.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.allmyfaves.com/
    FF - prefs.js: network.proxy.ftp - proxy
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher - proxy
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.http - proxy
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - proxy
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - proxy
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\42uas7h1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\42uas7h1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\larry\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\larry\application data\mozilla\firefox\profiles\42uas7h1.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\larry\application data\mozilla\firefox\profiles\42uas7h1.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
    FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-12 64512]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-9-27 532224]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-9 1405384]
    R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-24 136176]
    S2 itlperf;Intel CPU Perfermons;c:\windows\system32\svchost.exe -k itlsvc [2004-8-11 14336]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-9 15232]
    S3 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2007-3-3 206192]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
    .
    =============== Created Last 30 ================
    .
    2011-03-14 04:07:35 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
    2011-03-14 04:07:33 -------- d-----w- c:\program files\Prevx
    2011-03-14 04:07:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
    2011-03-12 21:45:44 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-03-12 21:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-03-12 21:02:17 -------- d-----w- c:\docume~1\larry\locals~1\applic~1\Sunbelt Software
    2011-03-12 20:59:26 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE}
    2011-03-12 20:57:17 -------- d-----w- c:\program files\Lavasoft
    2011-03-12 16:52:41 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
    2011-03-12 16:52:41 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2011-03-12 16:52:40 912344 ----a-w- c:\program files\mozilla firefox\firefox.exe
    2011-03-12 16:52:40 249856 ----a-w- c:\program files\mozilla firefox\freebl3.dll
    2011-03-12 16:52:40 107480 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
    2011-03-12 16:52:39 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
    2011-03-12 16:20:47 -------- d-----w- c:\program files\Registry Cleaner
    2011-03-11 20:37:08 -------- d-----w- c:\docume~1\larry\applic~1\Uryg
    2011-03-11 20:37:08 -------- d-----w- c:\docume~1\larry\applic~1\Asidqo
    2011-03-03 01:06:32 -------- d-----w- c:\program files\common files\Motorola Shared
    2011-03-03 01:06:03 -------- d-----w- c:\program files\Motorola
    2011-03-03 00:02:39 256 ----a-w- c:\documents and settings\larry\pool.bin
    .
    ==================== Find3M ====================
    .
    2011-03-03 00:09:05 256 ----a-w- c:\windows\system32\pool.bin
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: Hitachi_HTS541612J9SA00 rev.SBDOC74P -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    kernel: MBR read successfully
    _asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x100; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSW ; JMP FAR 0x0:0x62c; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHitachi_HTS541612J9SA00_________________SBDOC74P#5&19c84639&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8716327F
    user & kernel MBR OK
    .
    ============= FINISH: 14:38:35.93 ===============
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll help you sort through the malware.

    One of you biggest vulnerabilities is having 8 outdated versions of Java! Unfortunately, Java updates don't overwrite the previous version so you have to uninstall in Add/Remove Programs an/or delete them from the ad-ons. But you have too many, so please run this:

    Please download JavaRa and unzip it to your desktop.

    Important***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.
    Then download and install then most current version and update of Java Runtime Environment (JRE) HERE.
    This removes all the Java updates including v6u23 which was the current version until about a week ago- so go ahead with the download.
    ============================================
    Adobe Reader is also outdated, also a vulnerability: Go here: Adobe Reader Update often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    ========================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ===============================
    You will need to uninstall AVG to run Combofix. You can put either on of these free AV programs on the system while AVG is uninstalled:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version

    Download AppRemover and save to the desktop]
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      http://www.appremover.com/about/chooseuninstall.gif/image_preview[/img[*] Click on [b]Next[/b] after choice has been made
      [*] Check the AVG program you want to uninstall
      [*] After uninstall shows complete, follow online prompts to Exit the program.[/list]
      ===================================
      [b]Download Combofix to your desktop from one of these locations:[/b][b][url=http://www.bleepingcomputer.com/download/anti-virus/combofix]HERE[/url] or [url=http://www.forospyware.com/sUBs/ComboFix.exe]HERE[/b][/url][list]
      [*]Double click [B]combofix.exe[/B] & follow the prompts.
      [*]ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is advised to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      [b]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/b]
      [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      [*]Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [img]http://img.photobucket.com/albums/v706/ried7/whatnext.png
    5. .Click on Yes, to continue scanning for malware
    6. .If Combofix asks you to update the program, allow
    7. .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    8. .Close any open browsers.
    9. .Double click combofix.exe & follow the prompts to run.
    10. When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =====================================
    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  4. iaslp

    iaslp TS Rookie Topic Starter

    Hi Bobbye,

    Thanks for your time with this.

    I updated my Adobe Reader to ten (X).

    I launched JavaRa from the desktop with all other programs closed. Ran it according to instructions and several status windows went by. Then I got the message "JavaRa has encountered a problem and needs to close. We are sorry for the inconvenience." I clicked the Debug button on the window and noted "An unhandled win32 exception occurred in JavaRa.exe [4712]"

    It was suggesting I use Visual Studio to open the file, which I have because I do some light VBA customs, but I'm certainly no developer, so I didn't bother.

    Should I proceed with the Eset virus scan, or get this cleared up first?

    Larry
  5. iaslp

    iaslp TS Rookie Topic Starter

    Update for Bobbye

    I re-booted and re-ran JavaRa and it ran to completion. I then proceeded with all the other steps you asked. Below are the logs.

    JavaRa:

    JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Mar 15 18:50:21 2011

    Found and removed: C:\Program Files\Java\jre1.5.0_06Found and removed: C:\Program Files\Java\jre1.5.0_09Found and removed: C:\Program Files\Java\jre1.5.0_10Found and removed: C:\Program Files\Java\jre1.5.0_11Found and removed: C:\Program Files\Java\jre1.6.0_02Found and removed: C:\Program Files\Java\jre1.6.0_03Found and removed: C:\Program Files\Java\jre1.6.0_05Found and removed: C:\Program Files\Java\jre1.6.0_07Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_11Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_12Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_13Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_14Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_15Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_17Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_18Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_19Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_20Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_23Found and removed: Applications\java.exeFound and removed: Applications\javaw.exeFound and removed: JavaPlugin.FamilyVersionSupportFound and removed: Installer\Products\8A0F842331866D117AB7000B0D610007Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}Found and removed: JavaScriptFound and removed: JavaScript AuthorFound and removed: JavaScript1.1Found and removed: JavaScript1.1 AuthorFound and removed: JavaScript1.2Found and removed: JavaScript1.2 AuthorFound and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}Found and removed: Software\Classes\JavaPlugin.150_06Found and removed: Software\Classes\JavaPlugin.150_09Found and removed: Software\Classes\JavaPlugin.150_10Found and removed: Software\Classes\JavaPlugin.150_11Found and removed: Software\Classes\JavaPlugin.160_02Found and removed: Software\Classes\JavaPlugin.160_03Found and removed: Software\Classes\JavaPlugin.160_05Found and removed: Software\Classes\JavaPlugin.160_07Found and removed: Software\JavaSoft\Java UpdateFound and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_06Found and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_09Found and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_11Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_07Found and removed: Software\JavaSoft\Java2D\1.5.0_06Found and removed: Software\JavaSoft\Java2D\1.5.0_09Found and removed: Software\JavaSoft\Java2D\1.5.0_10Found and removed: Software\JavaSoft\Java2D\1.5.0_11Found and removed: SOFTWARE\Classes\JavaPluginFound and removed: SOFTWARE\Classes\JavaPlugin.150_06Found and removed: SOFTWARE\Classes\JavaPlugin.150_09Found and removed: SOFTWARE\Classes\JavaPlugin.150_10Found and removed: SOFTWARE\Classes\JavaPlugin.150_11Found and removed: SOFTWARE\Classes\JavaPlugin.160_02Found and removed: SOFTWARE\Classes\JavaPlugin.160_03Found and removed: SOFTWARE\Classes\JavaPlugin.160_05Found and removed: SOFTWARE\Classes\JavaPlugin.160_07Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Wed Mar 16 00:50:07 2011

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}------------------------------------Finished reporting.

    Eset Log:

    C:\Documents and Settings\Larry\My Documents\Programs\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application
    C:\Documents and Settings\Larry\My Documents\Programs\Setup_FreeVideoConverter.exe Win32/Adware.Toolbar.Dealio application
    C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
    C:\WINDOWS\system32\la1.vbe Win32/IRCBot.UE trojan
    C:\WINDOWS\system32\la2.vbe probably a variant of VBS/TrojanDownloader.Agent.LOBWVMT trojan
  6. iaslp

    iaslp TS Rookie Topic Starter

    ComboFix:

    ComboFix 11-03-15.03 - Larry 03/16/2011 12:16:03.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.573 [GMT -4:00]
    Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Larry\g2mdlhlpx.exe
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\system32\Ijl11.dll
    c:\windows\system32\pst.dat
    .
    .
    \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_ITLPERF
    -------\Service_itlperf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-16 to 2011-03-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-16 14:51 . 2011-03-16 14:51 -------- d-----w- c:\documents and settings\Larry\Application Data\Avira
    2011-03-16 14:43 . 2011-01-10 18:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-16 14:43 . 2011-01-10 18:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-16 14:43 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-03-16 14:43 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-03-16 14:43 . 2011-03-16 14:43 -------- d-----w- c:\program files\Avira
    2011-03-16 14:43 . 2011-03-16 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-03-16 05:04 . 2011-03-16 05:04 -------- d-----w- c:\program files\ESET
    2011-03-15 22:18 . 2011-03-15 22:18 -------- d-----w- c:\program files\Common Files\Adobe
    2011-03-15 22:11 . 2011-03-15 22:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-03-14 04:07 . 2011-03-14 04:07 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
    2011-03-14 04:07 . 2011-03-14 04:07 -------- d-----w- c:\program files\Prevx
    2011-03-14 04:07 . 2011-03-15 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
    2011-03-12 22:28 . 2011-03-12 22:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-03-12 21:02 . 2011-03-12 21:02 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Sunbelt Software
    2011-03-12 19:43 . 2011-03-12 19:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2011-03-12 19:43 . 2011-03-12 19:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    2011-03-12 16:52 . 2011-03-03 18:16 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
    2011-03-12 16:52 . 2011-03-03 18:16 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
    2011-03-12 16:52 . 2011-03-03 18:16 912344 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
    2011-03-12 16:52 . 2011-03-03 18:16 107480 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
    2011-03-12 16:52 . 2011-03-03 16:07 249856 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll
    2011-03-12 16:52 . 2011-03-03 18:16 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
    2011-03-12 16:20 . 2011-03-14 19:47 -------- d-----w- c:\program files\Registry Cleaner
    2011-03-11 20:37 . 2011-03-11 20:40 -------- d-----w- c:\documents and settings\Larry\Application Data\Asidqo
    2011-03-11 20:37 . 2011-03-11 20:37 -------- d-----w- c:\documents and settings\Larry\Application Data\Uryg
    2011-03-03 01:06 . 2011-03-03 01:06 -------- d-----w- c:\program files\Common Files\Motorola Shared
    2011-03-03 01:06 . 2011-03-03 01:06 -------- d-----w- c:\program files\Motorola
    2011-03-03 00:02 . 2011-03-03 00:08 256 ----a-w- c:\documents and settings\Larry\pool.bin
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-12 21:06 . 2009-11-12 22:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2004-08-11 22:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2004-08-11 22:11 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-11 22:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-11 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-11 22:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-11 22:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 23:09 . 2009-02-10 23:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2009-02-10 23:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 17:26 . 2004-08-11 22:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 67128]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-06-22 1384448]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "MediaLifeService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-13 110739]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-5 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-8 67128]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-10-5 450560]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Dell\\Media Experience\\PCM2.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/16/2011 10:43 AM 135336]
    R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 12:47 PM 202048]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2010 3:26 PM 136176]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/3/2007 3:58 PM 206192]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 6:00 PM 14336]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    getPlusHelper REG_MULTI_SZ getPlusHelper
    itlsvc REG_MULTI_SZ itlperf
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2010-08-12 c:\windows\Tasks\expressburnShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-08-09 19:18]
    .
    2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:26]
    .
    2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:26]
    .
    2006-09-11 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 00:12]
    .
    2011-03-03 c:\windows\Tasks\MotoHelper MUM.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
    .
    2011-03-16 c:\windows\Tasks\MotoHelper Routing.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
    .
    2011-03-09 c:\windows\Tasks\MotoHelper Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
    .
    2011-03-16 c:\windows\Tasks\User_Feed_Synchronization-{4CCA0039-BE1F-4A40-AEA1-218C6FEB23AC}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    2010-08-19 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-08-09 19:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.allmyfaves.com/
    uSearchMigratedDefaultURL = hxxp://search.excite.com/search.gw?search={searchTerms}
    uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=hxVtOCNV0UG2A3UdxuuOmEyuR-s
    uInternet Settings,ProxyServer = proxy:8080
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
    Trusted Zone: musicmatch.com\online
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {81449547-EB5D-422E-8730-932DC5E412C8} - hxxp://www.howardstern.com/install/uvuplayer.cab
    DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
    DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - hxxp://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
    FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\42uas7h1.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.allmyfaves.com/
    FF - prefs.js: network.proxy.ftp - proxy
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher - proxy
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.http - proxy
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - proxy
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - proxy
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
    FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Smart Defrag_is1 - c:\program files\IObit\IObit SmartDefrag\unins000.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-16 12:33
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @DACL=(02 0010)
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @DACL=(02 0010)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(704)
    c:\windows\System32\BCMLogon.dll
    .
    - - - - - - - > 'explorer.exe'(4072)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
    c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-16 12:42:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-16 16:42
    .
    Pre-Run: 17,338,892,288 bytes free
    Post-Run: 17,255,198,720 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 7E9743D760E000B31E38CCCE125DE40E

    Again, thanks for your time, Bobbye.

    Larry
  7. iaslp

    iaslp TS Rookie Topic Starter

    Almost 24-hours since I finished running all apps requested and I have had no issues yet. Advertisements have gone from Firefox, and no more alerts of a virus being found and quarantined. Keeping my fingers crossed...Larry
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I bet the system said Thank You after you ran JavaRa! That was a lot of files! Did you remember to update to the current v6u24 after running it?

    For the entries in Eset: Please download OTMovit by Old Timer[/b] and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Documents and Settings\Larry\My Documents\Programs\Setup_FreeConverter.exe 
      C:\Documents and Settings\Larry\My Documents\Programs\Setup_FreeVideoConverter.exe 
      C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL 
      C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL 
      C:\WINDOWS\system32\la1.vbe 
      C:\WINDOWS\system32\la2.vbe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ==========================================
    Please run this Security Check:

    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ===========================================
    When finished, please tell me what antivirus program you're going to keep on the system.[/B=======================================================
    Are there your settings?
    And these?
    Why?
    We'll finish up with Combofix script after I know.
  9. iaslp

    iaslp TS Rookie Topic Starter

    Add/Remove Programs shows 4 Java entries presently. I have Java 6 Update 2, Java 6 Update 24, Java 6 Update 3, and Java 6 Update 5. Should I run JavaRa again? And a Java program JUSched (?) gives me an error it wants to report to Microsoft soon after I boot up.

    OTMoveIt log:

    All processes killed
    ========== FILES ==========
    File/Folder C:\Documents and Settings\Larry\My Documents\Programs\Setup_FreeConverter.exe not found.
    File/Folder C:\Documents and Settings\Larry\My Documents\Programs\Setup_FreeVideoConverter.exe not found.
    DllUnregisterServer procedure not found in C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL
    C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL moved successfully.
    C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL moved successfully.
    C:\WINDOWS\system32\la1.vbe moved successfully.
    C:\WINDOWS\system32\la2.vbe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Larry
    ->Temp folder emptied: 802437 bytes
    ->Temporary Internet Files folder emptied: 47981166 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 106529214 bytes
    ->Flash cache emptied: 3026 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33557 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 615667 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 2655428619 bytes

    Total Files Cleaned = 2,681.00 mb



    The FreeConverter and FreeVideoConverter files were not found because I deleted them manually last week. I had downloaded them a long time ago and was no longer using them.


    Security Check Log:

    Results of screen317's Security Check version 0.99.9
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Avira AntiVir Personal - Free Antivirus
    ESET Online Scanner v3
    ZoneAlarm
    ZoneAlarm Spy Blocker
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Registry Cleaner 2.1
    Java(TM) 6 Update 24
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 10.2.152.32
    Adobe Reader X (10.0.1)
    Mozilla Firefox (3.6.15)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    Zone Labs ZoneAlarm zlclient.exe
    ``````````End of Log````````````


    I was using AVG anti-virus, but, after this experience, I have lost confidence in them. Right now I still have Avira loaded from your previous recommendation. If you consider it to be a good program, I'll stick with it. Also, as you will see in the above log, I have Registry Cleaner installed. I used it prior to working with you on TechSpot. Do you have any insight as to how good this registry cleaner is? Or do you have a different reccomendation?

    As for your question about the uInternet settings and the FF-Prefs.js, I have no idea what any of that is. I don't know what they are settings for, or what any of those statements mean.

    Thaniks again Bobbye.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome. Just a bit more cleaning up to do:

    Remove all:
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7


    Recommend remove this:
    Registry Cleaner 2.1 > Most of us don't recommend using any Registry cleaner.
    =====================================
    Re: AV> Avira and Avast are both good and free.
    I stopped recommending (and using) AVG when they went to v8!
    =======================================
    Total Files Cleaned = 2,681.00 mb in OTM
    Are you doing any regular maintenance on the system, This is a huge amount of files!
    ========================================
    I intentionally remove the ZoneAlarm 'spy bar'!
    ===================================
    Did you look into those port 8080 settings in Firefox?
  11. iaslp

    iaslp TS Rookie Topic Starter

    > Did you look into those port 8080 settings in Firefox?

    I don't know what that means. At the bottom of my previous post, I was saying about the uInternet settings and the FF-Prefs.js, I have no idea what any of that is. I don't know what they are settings for, or what any of those statements mean. Is there another thread that explains what it is and where I go to check the settings?

    I now have only the Java 6 Update 24 listed in my add/remove programs.

    Like most people, I usually don't get concerned with maintenance as long as the machine is running well. I'm good about keeping the temp folder in my profile and the one in the Windows folder clean. I probably don't run Malware Bytes as often as I should. I guess I never felt like I was visiting the kind of sites that would mess my machine up in the first place, but I know better now.

    I also intend to check into the Virtual PC software and try to setup a virtual machine to use for browsing the web.

    Please let me know what to do next...Larry
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    But what many people don't realize is that good maintenance habits can keep the machine running well! This includes, deleting temporary internet files and Cookies, Disc Cleanup, Error Check and Defrag, running the security scans. And occasionally, a check of what's running- and uninstalling what you don't use.
    =======================================
    Let's clean up those ports in Firefox:> Reset your browser proxies
    1. Open Firefox, click on "Tools" then "Options" and then on "Advanced".
    2. Click on the "Network" tab, and then on the "Settings" button.
    3. Please make sure that the "No Proxy" option is selected.
    ==============================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys
    Folder::
    c:\program files\Registry Cleaner
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=-
    DDS::
    uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=hxVtOCNV0UG2A3UdxuuOmEyuR-s
    uInternet Settings,ProxyServer = proxy:8080
    uInternet Settings,ProxyOverride = *.local;<local>
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    Driver::
    Lavasoft Kernexplorer 
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Recommend you remove the following Scheduled Tasks as follows:
    1. Click "Start" and "Programs" or "All Programs."
    2. Point to "Accessories", and then "System Tools."
    3. Click "Scheduled Tasks."
    4. Right click the task that you want to remove from the list> Click "Delete" for each
      [o]ISP signup reminder (set 2006)
      [o]ExpressBurn
      [o]WavePad
    5. A "Confirm File Delete" dialog box may pop up. If so, click "Yes."
    ==============================================
    Recommend removing this Domain from Trusted Zone:
    Trusted Zone: musicmatch.com\online

    Recommend uninstalling this Dell preload:
    URL Assistant: Uninstall in Safe Mode

    Add new Site Advisor: (AVG removed)
    The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.
  13. iaslp

    iaslp TS Rookie Topic Starter

    "No Proxy" was already selected in the Firefox settings.

    ComboFix log is below:

    ComboFix 11-03-24.06 - Larry 03/25/2011 12:29:57.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.514 [GMT -4:00]
    Running from: c:\documents and settings\Larry\My Documents\Programs\PC Maintenance\ComboFix.exe
    Command switches used :: c:\documents and settings\Larry\My Documents\Programs\PC Maintenance\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    FILE ::
    "c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\bae\BAE.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_LAVASOFT_KERNEXPLORER
    -------\Service_Lavasoft Kernexplorer
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-21 16:16 . 2011-03-21 16:16 -------- d-----w- C:\_OTM
    2011-03-16 22:08 . 2011-03-16 22:10 77 ----a-w- c:\documents and settings\Larry\Mydocs backup.bat
    2011-03-16 14:51 . 2011-03-16 14:51 -------- d-----w- c:\documents and settings\Larry\Application Data\Avira
    2011-03-16 14:43 . 2011-03-17 20:04 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-16 14:43 . 2011-01-10 18:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-16 14:43 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-03-16 14:43 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-03-16 14:43 . 2011-03-16 14:43 -------- d-----w- c:\program files\Avira
    2011-03-16 14:43 . 2011-03-16 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-03-16 05:04 . 2011-03-16 05:04 -------- d-----w- c:\program files\ESET
    2011-03-15 22:18 . 2011-03-15 22:18 -------- d-----w- c:\program files\Common Files\Adobe
    2011-03-15 22:11 . 2011-03-15 22:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-03-14 04:07 . 2011-03-14 04:07 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
    2011-03-14 04:07 . 2011-03-14 04:07 -------- d-----w- c:\program files\Prevx
    2011-03-14 04:07 . 2011-03-15 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
    2011-03-12 22:28 . 2011-03-12 22:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-03-12 21:02 . 2011-03-12 21:02 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Sunbelt Software
    2011-03-12 19:43 . 2011-03-12 19:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2011-03-12 19:43 . 2011-03-12 19:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    2011-03-12 16:52 . 2011-03-03 18:16 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
    2011-03-12 16:52 . 2011-03-03 18:16 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
    2011-03-12 16:52 . 2011-03-03 18:16 912344 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
    2011-03-12 16:52 . 2011-03-03 18:16 107480 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
    2011-03-12 16:52 . 2011-03-03 16:07 249856 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll
    2011-03-12 16:52 . 2011-03-03 18:16 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
    2011-03-11 20:37 . 2011-03-11 20:40 -------- d-----w- c:\documents and settings\Larry\Application Data\Asidqo
    2011-03-11 20:37 . 2011-03-11 20:37 -------- d-----w- c:\documents and settings\Larry\Application Data\Uryg
    2011-03-03 01:06 . 2011-03-03 01:06 -------- d-----w- c:\program files\Common Files\Motorola Shared
    2011-03-03 01:06 . 2011-03-03 01:06 -------- d-----w- c:\program files\Motorola
    2011-03-03 00:02 . 2011-03-03 00:08 256 ----a-w- c:\documents and settings\Larry\pool.bin
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-12 21:06 . 2009-11-12 22:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-03 01:40 . 2010-05-24 20:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 23:19 . 2007-07-31 03:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58 . 2004-08-11 22:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2004-08-11 22:11 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-11 22:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-11 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-11 22:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 67128]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-06-22 1384448]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "MediaLifeService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-13 110739]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-5 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-8 67128]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-10-5 450560]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Dell\\Media Experience\\PCM2.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/16/2011 10:43 AM 135336]
    R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 12:47 PM 202048]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2010 3:26 PM 136176]
    S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/3/2007 3:58 PM 206192]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 6:00 PM 14336]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    getPlusHelper REG_MULTI_SZ getPlusHelper
    itlsvc REG_MULTI_SZ itlperf
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:26]
    .
    2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:26]
    .
    2011-03-25 c:\windows\Tasks\MotoHelper MUM.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
    .
    2011-03-25 c:\windows\Tasks\MotoHelper Routing.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
    .
    2011-03-09 c:\windows\Tasks\MotoHelper Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
    .
    2011-03-25 c:\windows\Tasks\User_Feed_Synchronization-{4CCA0039-BE1F-4A40-AEA1-218C6FEB23AC}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.allmyfaves.com/
    uSearchMigratedDefaultURL = hxxp://search.excite.com/search.gw?search={searchTerms}
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
    Trusted Zone: musicmatch.com\online
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {81449547-EB5D-422E-8730-932DC5E412C8} - hxxp://www.howardstern.com/install/uvuplayer.cab
    DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
    DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - hxxp://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
    FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\42uas7h1.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.allmyfaves.com/
    FF - prefs.js: network.proxy.ftp - proxy
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher - proxy
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.http - proxy
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - proxy
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - proxy
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
    FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-25 12:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @DACL=(02 0010)
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @DACL=(02 0010)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(708)
    c:\windows\System32\BCMLogon.dll
    .
    - - - - - - - > 'explorer.exe'(1224)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\bcmwltry.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
    c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-25 13:13:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-25 17:13
    ComboFix2.txt 2011-03-16 16:42
    .
    Pre-Run: 41,882,882,048 bytes free
    Post-Run: 41,867,591,680 bytes free
    .
    - - End Of File - - 51B6BB54E640DF2A2520E5ABD525F5A2





    Also removed all suggested scheduled tasks from the system tools.

    I COULD NOT find musicmatch.com\online in my Trusted Zone. Can you tell me how to navigate to the window where I should see it?

    Also, I COULD NOT uninstall the Dell URL Assistant, even though I booted up in safe mode and logged in as the administrator. When I click the Change/Remove button you can see the add/remove window title bar quickly go to the background and then reactivate. The mouse arrow turns to the hour-glass for that 1/4 of a second, but nothing else ever happens.

    I installed the WOT add-in for Firefox.

    Thanks Bobbye
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Question: Do you know what either of these Directories are for? Did you set them up?
    c:\documents and settings\Larry\Application Data\Asidqo
    c:\documents and settings\Larry\Application Data\Uryg

    Date and time for both are 2011-03-11 20:37
    ======================================
    Please run this Security Check again:

    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ================================
    It looks like you have the FoxyProxy addon or extension in Firefox. Please go to Tools> Addons> Click on PlugIns> if you see FoxyProxy, highlight it and disable. If not seen in PlugIns, click on Extensions and check these.
    ==================================
    You also need to update Firefox: Mozilla Firefox (3.6.15) should now be v3.6.19.
  15. iaslp

    iaslp TS Rookie Topic Starter

    You said:

    Question: Do you know what either of these Directories are for? Did you set them up?
    c:\documents and settings\Larry\Application Data\Asidqo
    c:\documents and settings\Larry\Application Data\Uryg
    Date and time for both are 2011-03-11 20:37

    I did not set them up and don't know what they were for. Both folders were empty, so I deleted both of them.

    I ran Security Check as requested. I noticed in the resulting log, which I've posted below, that it found an older version of Java again, Java(TM) 6 Update 7. I could not find a listing for this in add/remove programs, so I ran JavaRa again as well. And I've posted JavaRa's log file below.

    Security Check:

    Results of screen317's Security Check version 0.99.10
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Avira AntiVir Personal - Free Antivirus
    ESET Online Scanner v3
    ZoneAlarm
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 10.2.152.32
    Adobe Reader X (10.0.1)
    Mozilla Firefox (3.6.16) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    Zone Labs ZoneAlarm zlclient.exe
    ``````````End of Log````````````

    Removed Java Ra log
    Finished reporting.
  16. iaslp

    iaslp TS Rookie Topic Starter

    Removing redundant Java Ra log.
    Finished reporting.
    ===========================

    Finally, I could not find any references to Foxy Proxy in my Firefox add-ins, extensions, or applications windows or tabs. I did find some older outdated Java add-ins that I uninstalled.

    And I still can't remove the Dell URL Assistant, in safe mode or normally via add/remove.

    Larry
  17. iaslp

    iaslp TS Rookie Topic Starter

    Realized I posted the entire Java log, and not just today's update. Sorry...
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Good work: Found and removed: C:\Program Files\Java\jre1.6.0_07

    Did you do this?
    If not, please do so. And since you updated Firefox, after you check for FoxyPro, please rescan with Combofix. If the ports are still open, I'll try to close them manually with script.
  19. iaslp

    iaslp TS Rookie Topic Starter

    I could not find any references to Foxy Proxy in my Firefox add-ins, extensions, or applications windows or tabs. I did find some older outdated Java add-ins that I uninstalled.

    And I still can't remove the Dell URL Assistant, in safe mode or normally via add/remove.

    ComboFix Log:

    ComboFix 11-04-10.04 - Larry 04/11/2011 14:26:46.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.519 [GMT -4:00]
    Running from: c:\documents and settings\Larry\My Documents\Programs\PC Maintenance\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Larry\Application Data\PriceGong
    c:\documents and settings\Larry\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Larry\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Larry\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-07 14:49 . 2011-04-07 14:49 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
    2011-04-06 16:35 . 2011-04-06 16:35 164880 ---ha-w- c:\documents and settings\Larry\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
    2011-04-06 16:33 . 2011-04-06 16:33 -------- d-----w- c:\program files\Microsoft Virtual PC
    2011-04-05 20:23 . 2011-04-05 20:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-04-05 03:38 . 2011-04-05 03:47 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Deployment
    2011-03-30 18:03 . 2011-03-30 18:03 -------- d-----w- c:\documents and settings\Larry\Application Data\Ashampoo
    2011-03-30 18:03 . 2011-04-07 14:34 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\MyAshampoo
    2011-03-30 18:03 . 2011-04-10 14:44 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\ConduitEngine
    2011-03-30 18:03 . 2011-03-30 18:04 -------- d-----w- c:\program files\ConduitEngine
    2011-03-30 18:03 . 2011-03-30 18:04 -------- d-----w- c:\program files\MyAshampoo
    2011-03-30 18:02 . 2011-03-30 18:02 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\ashampoo
    2011-03-30 18:02 . 2011-03-30 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
    2011-03-30 17:28 . 2011-03-30 17:28 -------- d-----w- c:\documents and settings\Larry\Application Data\Nero
    2011-03-30 17:14 . 2011-03-30 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
    2011-03-30 16:37 . 2011-03-30 16:37 -------- d-----w- c:\program files\Smart File Advisor
    2011-03-30 16:37 . 2011-03-30 16:37 -------- d-----w- c:\program files\Smart Projects
    2011-03-21 16:16 . 2011-03-21 16:16 -------- d-----w- C:\_OTM
    2011-03-16 22:08 . 2011-03-16 22:10 77 ----a-w- c:\documents and settings\Larry\Mydocs backup.bat
    2011-03-16 14:51 . 2011-03-16 14:51 -------- d-----w- c:\documents and settings\Larry\Application Data\Avira
    2011-03-16 14:43 . 2011-03-17 20:04 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-16 14:43 . 2011-01-10 18:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-16 14:43 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-03-16 14:43 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-03-16 14:43 . 2011-03-16 14:43 -------- d-----w- c:\program files\Avira
    2011-03-16 14:43 . 2011-03-16 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-03-16 05:04 . 2011-03-16 05:04 -------- d-----w- c:\program files\ESET
    2011-03-15 22:18 . 2011-03-15 22:18 -------- d-----w- c:\program files\Common Files\Adobe
    2011-03-15 22:11 . 2011-03-15 22:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-03-14 04:07 . 2011-03-14 04:07 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
    2011-03-14 04:07 . 2011-03-14 04:07 -------- d-----w- c:\program files\Prevx
    2011-03-14 04:07 . 2011-03-15 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
    2011-03-12 22:28 . 2011-03-12 22:28 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2011-03-12 22:28 . 2011-03-12 22:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-03-12 21:02 . 2011-03-12 21:02 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Sunbelt Software
    2011-03-12 19:43 . 2011-03-12 19:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2011-03-12 19:43 . 2011-03-12 19:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-12 21:06 . 2009-11-12 22:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-03 00:08 . 2011-03-03 00:02 256 ----a-w- c:\documents and settings\Larry\pool.bin
    2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-03 01:40 . 2010-05-24 20:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 23:19 . 2007-07-31 03:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58 . 2004-08-11 22:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2004-08-11 22:11 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-11 22:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 67128]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-06-22 1384448]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "MediaLifeService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-13 110739]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
    "Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-03-02 280312]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-5 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-8 67128]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-10-5 450560]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Dell\\Media Experience\\PCM2.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/16/2011 10:43 AM 135336]
    R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 12:47 PM 202048]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2010 3:26 PM 136176]
    S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/3/2007 3:58 PM 206192]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 6:00 PM 14336]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    getPlusHelper REG_MULTI_SZ getPlusHelper
    itlsvc REG_MULTI_SZ itlperf
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:26]
    .
    2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:26]
    .
    2011-03-25 c:\windows\Tasks\MotoHelper MUM.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
    .
    2011-04-11 c:\windows\Tasks\MotoHelper Routing.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
    .
    2011-03-09 c:\windows\Tasks\MotoHelper Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
    .
    2011-04-11 c:\windows\Tasks\User_Feed_Synchronization-{4CCA0039-BE1F-4A40-AEA1-218C6FEB23AC}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.allmyfaves.com/
    uSearchMigratedDefaultURL = hxxp://search.excite.com/search.gw?search={searchTerms}
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {81449547-EB5D-422E-8730-932DC5E412C8} - hxxp://www.howardstern.com/install/uvuplayer.cab
    DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
    DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - hxxp://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
    FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\42uas7h1.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.allmyfaves.com/
    FF - prefs.js: network.proxy.ftp - proxy
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher - proxy
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.http - proxy
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - proxy
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - proxy
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
    FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-11 14:34
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @DACL=(02 0010)
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @DACL=(02 0010)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(884)
    c:\windows\System32\BCMLogon.dll
    .
    Completion time: 2011-04-11 15:29:36
    ComboFix-quarantined-files.txt 2011-04-11 19:29
    ComboFix2.txt 2011-03-25 17:13
    ComboFix3.txt 2011-03-16 16:42
    .
    Pre-Run: 39,515,521,024 bytes free
    Post-Run: 39,552,217,088 bytes free
    .
    - - End Of File - - 66BF00BC92B87B9BE7FA13F0D56E2A72
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Installing new programs while trying to clean a system should not be done. We are still in the process of cleaning and you installed all of the following:
    1. c:\program files\ConduitEngine>> (3/30) module of Conduit Open that allows users to add apps directly to their browser without a community toolbar.
      [*]c:\program files\MyAshampoo (3/30)
      [*]c:\program files\Smart File Advisor>> (3/30)Smart File Advisor will help you find appropriate programs to open your files using Filefacts.net web site database
      [*]c:\program files\Smart Projects>> (3/30) CD/DVD optical media file rescue & recovery.
      [*]c:\program files\Microsoft Virtual PC>> (4/6) The Virtual Server 2005 virtual machine technology allows you to run multiple operating systems simultaneously on a single physical computer.
    Not only did they add the above entries to the system, but they also added these Registry entries:
    1. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll"
      [*][HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
      [*][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
      [*][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
      [*][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll"
      "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll"
      [*][HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
      [*][HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
      [*][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll"
      [*][HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
      [*][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe"]

    MyAshampoo Toolbar - a Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
    ==================================================
    So not only do Port 8080 entries remain, but your system has been changed. As far as I can determine, using the proxy override to Port 8080 requires requires an explicit "default port override" to request a web browser to connect to port 8080 rather than the HTTP default of port 80.

    Please tell me how the system is running now.
  21. iaslp

    iaslp TS Rookie Topic Starter

    The Conduit Engine and AShampoo toolbar were installed when I updated to the latest version of Firefox. After the browser update finished, it requested permission to update the add-ins, and I had a new toolbar when it was finished. What I had noticed was the difference in my Google searches, and the ads the page had on it.

    I found an article that I used to remove the conduit engine and reset my default search engine information here:

    http://thesietch.org/mysietch/keith/2010/12/08/how-to-remove-conduit-engine-search-from-firefox-3-x/

    I also had installed Web Of Trust to Firefox on your recommendation, and I thought the Smart File Advisor was part of that, Otherwise, I'm not sure where it came from, but I removed it.

    The Smart Projects is ISObuster, which is a legitimate data recovery tool, and you know what Microsoft Virtual PC is.

    I manually checked the registry for the new entries you noted and removed any I found.

    The machine has been running fine since the initial runs of JavaRa, the eset on-line virus scan, and CombFix on March 16.

    As I stated when I first sought help in mid-March, I use this computer for business, and I have the need to install and test different software when looking for a solution for my customers. Much of that software is from Microsoft; some of it is not. Virtual PC is recommended on this site as a way of working with different system environments without risking the operation and security of your actual system. Which is why I installed it, so I could get on with my business. Now I have need to install MS Office 2007 for a project that requires MS Access 2007. To the degree that Microsoft can be trusted ;-) , should I not be alright installing such software?

    Larry
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Every download screen should be carefully examined for any pre-checked items. All of those pre checked boxes should be unchecked before you proceed with the download. I would also encourage you to try and download from the home site, when possible. I would be surprised if Mozilla put the Conduit Engine and AShampoo on the system.

    When you are being helped in a forum such as this, you should only act on the instructions of the helper. That person is working with logs entries that may be changed when an outside source is used or when you make a registry change. I had script made out for you to run based on the Combofix log. However, since you have made some changes on your own, you would need to rescan and give me a new Combofix log.

    You might want to add Easy List to Firefox. It's an additional ad filter that works with AdBlockPlus.
    =======================================
    If you want me to remove remaining entries, please run Combofix again. If not, since the original problems have been resolved, you can remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    Let me know if you have any more questions.

    The system is clean and you can go ahead with the Office install.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.