Solved The malware/virus I can't get rid of.

Status
Not open for further replies.
I

iaslp

Posts: 14   +0
I have a Dell Inspiron 6400 notebook that is about 3 to 4 years old. Problems started last Thursday when the machine locked up while I was on the web and AVG (in the system tray) was trying to update. I rebooted and immediately updated AVG and ran a full system scan overnight. It found some malware in my profile's \Application Data\ folder and the c:\windows\temp folder that it moved to the virus vault. I also updated Malware Bytes and scanned my system, and used Registry Cleaner to scan and clean my registry.

I still had issues with an advertisement coming up upon launching my web browser, and again usually around 30 to 60 minutes later. I use Mozilla Firefox for all I can on the web, and only use IE8 if the web site isn't written for/doesn't disply well in Firefox. When launched, my home page loads in one tab, and the ad loads in a second tab. I also get a windows dialog box that opens and a sound clip plays saying I've won a $1000 gift card to Walmart. The web site was PrivilegedPrizes.com. The second ad that comes up tells me that my registry has errors, and the web site is pcspeedmaximizer.s3.amazonaws.com.

Also, anywhere from 30 minutes to 3 hours after restarting and using the web, I would get an alert from AVG that a virus was detected and I would move it to the vault. I've done several re-scans since then but still have the same issues. In that time, one of the infections AVG alerted me to was win32/Alueron.DX (the file was called c:\windows\temp\N.EXN). Since then the alert is always an unknown virus, and the file is c:\windows\temp\EXPLORER.EXE.

I started fresh yesterday intending to following the 8 steps thread, but when I tried to access the web, the machine locked up. So I used some notes I had written down. Once I got back on the web site, I found out I didn't follow them to the letter, but I did get some different results.

I rebooted in to safe mode and ran AVG. Several tracking cookies were found and trojan horse PSW.Generic8.AYWC. I ran Malware Bytes while I had it in safe mode, and it found almost 600 files infected.

After cleaning all that, I still had the popup ad issue and the virus alert for the Explorer.exe file. So I started over today following the 8 steps to the letter, and the logs are below.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6067

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/15/2011 2:27:42 PM
mbam-log-2011-03-15 (14-27-42).txt

Scan type: Quick scan
Objects scanned: 175478
Time elapsed: 14 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/11/2006 3:46:19 PM
System Uptime: 3/15/2011 2:07:26 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0KD882
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | Microprocessor | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 81 GiB total, 15.33 GiB free.
D: is FIXED (NTFS) - 26 GiB total, 24.7 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1500 Draft 802.11n WLAN Mini-Card
Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_00091028&REV_01\4&6C79FC5&0&00E0
Manufacturer: Broadcom
Name: Dell Wireless 1500 Draft 802.11n WLAN Mini-Card
PNP Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_00091028&REV_01\4&6C79FC5&0&00E0
Service: BCM43XX
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
Service: bcm4sbxp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1923D941444FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1923D941444FC000
Service: NIC1394
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: %V_WIDCOMM%
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS
.
==== System Restore Points ===================
.
RP1439: 1/20/2011 7:34:57 PM - System Checkpoint
RP1440: 1/21/2011 8:47:58 PM - System Checkpoint
RP1441: 1/22/2011 8:54:41 PM - System Checkpoint
RP1442: 1/23/2011 8:58:49 PM - System Checkpoint
RP1443: 1/24/2011 10:22:26 PM - System Checkpoint
RP1444: 1/26/2011 11:45:03 AM - System Checkpoint
RP1445: 1/27/2011 2:04:27 PM - System Checkpoint
RP1446: 1/28/2011 6:24:15 PM - System Checkpoint
RP1447: 1/29/2011 6:57:15 PM - System Checkpoint
RP1448: 1/30/2011 7:20:09 PM - System Checkpoint
RP1449: 1/31/2011 7:33:33 PM - System Checkpoint
RP1450: 2/1/2011 8:19:09 PM - System Checkpoint
RP1451: 2/2/2011 8:24:51 PM - System Checkpoint
RP1452: 2/3/2011 9:19:33 PM - System Checkpoint
RP1453: 2/4/2011 9:22:33 PM - System Checkpoint
RP1454: 2/5/2011 10:18:38 PM - System Checkpoint
RP1455: 2/6/2011 11:01:15 PM - System Checkpoint
RP1456: 2/7/2011 11:32:42 PM - System Checkpoint
RP1457: 2/9/2011 10:27:59 AM - System Checkpoint
RP1458: 2/10/2011 12:24:09 PM - System Checkpoint
RP1459: 2/11/2011 2:08:37 PM - System Checkpoint
RP1460: 2/12/2011 2:25:10 PM - System Checkpoint
RP1461: 2/13/2011 2:36:18 PM - System Checkpoint
RP1462: 2/14/2011 7:23:52 PM - System Checkpoint
RP1463: 2/15/2011 8:39:58 PM - System Checkpoint
RP1464: 2/16/2011 9:25:26 PM - System Checkpoint
RP1465: 2/17/2011 9:29:59 PM - System Checkpoint
RP1466: 2/18/2011 9:40:45 PM - System Checkpoint
RP1467: 2/19/2011 9:59:24 PM - System Checkpoint
RP1468: 2/20/2011 10:56:53 PM - System Checkpoint
RP1469: 2/22/2011 2:10:13 PM - System Checkpoint
RP1470: 2/23/2011 2:45:43 PM - System Checkpoint
RP1471: 2/24/2011 4:05:58 PM - Software Distribution Service 3.0
RP1472: 2/25/2011 4:09:11 PM - System Checkpoint
RP1473: 2/26/2011 4:15:38 PM - System Checkpoint
RP1474: 2/27/2011 5:08:10 PM - System Checkpoint
RP1475: 2/28/2011 7:44:32 PM - System Checkpoint
RP1476: 3/1/2011 9:08:48 PM - System Checkpoint
RP1477: 3/2/2011 7:40:14 PM - Removed BlackBerry Desktop Software 4.5.
RP1478: 3/2/2011 7:44:33 PM - Removed Roxio Media Manager
RP1479: 3/3/2011 8:16:40 PM - System Checkpoint
RP1480: 3/4/2011 8:27:16 PM - System Checkpoint
RP1481: 3/5/2011 8:45:48 PM - System Checkpoint
RP1482: 3/6/2011 9:20:24 PM - System Checkpoint
RP1483: 3/7/2011 10:03:32 PM - System Checkpoint
RP1484: 3/8/2011 10:22:28 PM - System Checkpoint
RP1485: 3/9/2011 1:08:05 PM - Software Distribution Service 3.0
RP1486: 3/9/2011 4:10:30 PM - Software Distribution Service 3.0
RP1487: 3/10/2011 2:13:22 PM - Configured Camera Window
RP1488: 3/10/2011 2:14:24 PM - Configured File Viewer Utility 1.2
RP1489: 3/10/2011 2:14:50 PM - Configured PhotoStitch
RP1490: 3/10/2011 2:15:07 PM - Configured PhotoStitch
RP1491: 3/10/2011 2:15:37 PM - Configured RemoteCapture 2.7.0
RP1492: 3/10/2011 2:16:01 PM - Removed Canon Utilities ZoomBrowser EX
RP1493: 3/11/2011 3:17:57 PM - System Checkpoint
RP1494: 3/12/2011 4:54:12 PM - System Checkpoint
RP1495: 3/13/2011 6:07:57 PM - System Checkpoint
RP1496: 3/14/2011 10:16:23 PM - System Checkpoint
.
==== Installed Programs ======================
.
3Com Cable Connections
5300_5400_Help
5300_5400_Readme
Ad-Aware
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Advanced SystemCare 3
AOLIcon
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG 2011
Bonjour
Borland Database Engine 5.01
BPD_HPSU
BPDSoftware
BPDSoftware_Ini
Broadcom Management Programs
BufferChm
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports 11
CutePDF Writer 2.8
Data Lifeguard Tools
Dell Digital Jukebox Driver
Dell Media Experience
Dell Support 3.1
Dell System Restore
Dell Wireless WLAN Card
DeviceManagementQFolder
Dexterity Shared Components 10.0
DGOControls
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
EE09EF7A-9E8C-4DCC-A615-CFFA8393E31E
eSupportQFolder
Express Burn Disc Burning Software
Express Rip
Free Video Converter V 1.0
GDR 2050 for SQL Server Analysis Services 2005 ENU (KB932555)
GDR 2050 for SQL Server Database Services 2005 ENU (KB932555)
GDR 2050 for SQL Server Integration Services 2005 ENU (KB932555)
GDR 2050 for SQL Server Notification Services 2005 ENU (KB932555)
GDR 2050 for SQL Server Tools and Workstation Components 2005 ENU (KB932555)
Google Earth Plug-in
Google SketchUp 8
Google Update Helper
GoToMeeting 4.5.0.457
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 7.0
HP Officejet Pro K5300/5400 Series
HP Software Update
HP Solution Center 7.0
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2005-10-12
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 23
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
K5400
Learn.com CoursePlayer
Learn2 Player (Uninstall Only)
LimeWire 5.5.16
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware
MCU
MediaLife
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Dynamics GP 10.0 (GP 10.0)
Microsoft Dynamics GP 9.0
Microsoft Dynamics GP SDK 10.0
Microsoft Dynamics GP SDK 9.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Live Meeting 2007
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Notification Services
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)
MobileMe Control Panel
Modem Helper
MotoHelper 2.0.24 Driver 4.7.1
MotoHelper MergeModules
Motorola Mobile Drivers Installation 4.7.1
Move Media Player
Mozilla Firefox (3.6.15)
MPM
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
NetDiag
Netflix Movie Viewer
NetWaiting
OGA Notifier 2.0.0048.0
PowerDVD 5.7
Prism Video Converter
ProductContext
QuickSet
QuickTime
RealPlayer Basic
Registry Cleaner 2.1
RollerCoaster Tycoon 3 Platinum
Safari
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Smart Defrag
Softoria Capture 1.0
SolutionCenter
SQLXML4
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Tumblebugs
Tumblebugs 2
Turbo Lister 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VBA (2720)
VC 9.0 Runtime
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WavePad Sound Editor
WD Diagnostics
WebCyberCoach 3.2 Dell
WebFldrs XP
WebIQ Technology Engine
WebReg
WIDCOMM Bluetooth Software
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
ZoneAlarm
ZoneAlarm Spy Blocker
.
==== Event Viewer Messages From Past Week ========
.
3/9/2011 3:40:35 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
3/9/2011 12:21:34 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
3/9/2011 1:11:53 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2495644).
3/14/2011 6:02:41 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
3/14/2011 5:53:38 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 5:53:38 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 5:53:38 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 5:53:38 PM, error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/14/2011 5:53:38 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/14/2011 5:53:38 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/14/2011 5:53:38 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/14/2011 5:53:28 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
3/14/2011 3:24:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/14/2011 12:34:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT pxrts RasAcd Rdbss Tcpip vsdatant
3/14/2011 12:08:18 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CSIScanner service, but this action failed with the following error: An instance of the service is already running.
3/14/2011 12:08:09 AM, error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/14/2011 10:29:39 AM, error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/14/2011 10:29:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net Driver HPZ12 service to connect.
3/12/2011 11:56:21 AM, error: Service Control Manager [7023] - The Intel CPU Perfermons service terminated with the following error: The system cannot find the file specified.
3/12/2011 10:55:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Avgldx86 Avgmfx86 Fips intelppm Lbd
3/11/2011 3:55:34 PM, error: Service Control Manager [7023] - The Intel CPU Perfermons service terminated with the following error: The specified module could not be found.
3/11/2011 3:55:34 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
3/11/2011 2:45:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
3/11/2011 2:44:23 PM, error: Service Control Manager [7000] - The KService service failed to start due to the following error: The system cannot find the file specified.
3/10/2011 2:05:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/10/2011 2:05:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/10/2011 2:05:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/10/2011 2:03:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/10/2011 12:34:15 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
3/10/2011 10:17:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/10/2011 10:17:07 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================
 
DDS:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Larry at 14:30:36.18 on Tue 03/15/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.177 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Larry\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.allmyfaves.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060905
uSearchMigratedDefaultURL = hxxp://search.excite.com/search.gw?search={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=hxVtOCNV0UG2A3UdxuuOmEyuR-s
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = *.local;<local>
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [MediaLifeService] "c:\program files\logitech\medialife\MediaLifeService.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159404044468
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {81449547-EB5D-422E-8730-932DC5E412C8} - hxxp://www.howardstern.com/install/uvuplayer.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxps://mgmt.clarisnetworks.com/inc/kaxRemote.dll
DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - hxxp://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://coke.mycokerewards.com/cabs/Entriq_3_6_0_15_Silent.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 192.168.0.197 HP001B78D60319
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\larry\applic~1\mozilla\firefox\profiles\42uas7h1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.allmyfaves.com/
FF - prefs.js: network.proxy.ftp - proxy
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\42uas7h1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\42uas7h1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\larry\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\larry\application data\mozilla\firefox\profiles\42uas7h1.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\larry\application data\mozilla\firefox\profiles\42uas7h1.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-12 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-9-27 532224]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-9 1405384]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-24 136176]
S2 itlperf;Intel CPU Perfermons;c:\windows\system32\svchost.exe -k itlsvc [2004-8-11 14336]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-9 15232]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2007-3-3 206192]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
.
=============== Created Last 30 ================
.
2011-03-14 04:07:35 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-03-14 04:07:33 -------- d-----w- c:\program files\Prevx
2011-03-14 04:07:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2011-03-12 21:45:44 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-12 21:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-12 21:02:17 -------- d-----w- c:\docume~1\larry\locals~1\applic~1\Sunbelt Software
2011-03-12 20:59:26 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE}
2011-03-12 20:57:17 -------- d-----w- c:\program files\Lavasoft
2011-03-12 16:52:41 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-03-12 16:52:41 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-03-12 16:52:40 912344 ----a-w- c:\program files\mozilla firefox\firefox.exe
2011-03-12 16:52:40 249856 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2011-03-12 16:52:40 107480 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2011-03-12 16:52:39 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2011-03-12 16:20:47 -------- d-----w- c:\program files\Registry Cleaner
2011-03-11 20:37:08 -------- d-----w- c:\docume~1\larry\applic~1\Uryg
2011-03-11 20:37:08 -------- d-----w- c:\docume~1\larry\applic~1\Asidqo
2011-03-03 01:06:32 -------- d-----w- c:\program files\common files\Motorola Shared
2011-03-03 01:06:03 -------- d-----w- c:\program files\Motorola
2011-03-03 00:02:39 256 ----a-w- c:\documents and settings\larry\pool.bin
.
==================== Find3M ====================
.
2011-03-03 00:09:05 256 ----a-w- c:\windows\system32\pool.bin
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS541612J9SA00 rev.SBDOC74P -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x100; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSW ; JMP FAR 0x0:0x62c; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHitachi_HTS541612J9SA00_________________SBDOC74P#5&19c84639&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8716327F
user & kernel MBR OK
.
============= FINISH: 14:38:35.93 ===============
 
Welcome to TechSpot! I'll help you sort through the malware.

One of you biggest vulnerabilities is having 8 outdated versions of Java! Unfortunately, Java updates don't overwrite the previous version so you have to uninstall in Add/Remove Programs an/or delete them from the ad-ons. But you have too many, so please run this:

Please download JavaRa and unzip it to your desktop.

Important***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that
    a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
Then download and install then most current version and update of Java Runtime Environment (JRE) HERE.
This removes all the Java updates including v6u23 which was the current version until about a week ago- so go ahead with the download.
============================================
Adobe Reader is also outdated, also a vulnerability: Go here: Adobe Reader Update often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
========================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
===============================
You will need to uninstall AVG to run Combofix. You can put either on of these free AV programs on the system while AVG is uninstalled:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version

Download AppRemover and save to the desktop]
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    https://www.techspot.com/downloads/5514-appremover.htmlabout/chooseuninstall.gif/image_preview[/img[*] Click on [b]Next[/b] after choice has been made
    [*] Check the AVG program you want to uninstall
    [*] After uninstall shows complete, follow online prompts to Exit the program.[/list]
    ===================================
    [b]Download Combofix to your desktop from one of these locations:[/b][b][url=http://www.bleepingcomputer.com/download/anti-virus/combofix]HERE[/url] or [url=http://www.forospyware.com/sUBs/ComboFix.exe]HERE[/b][/url][list]
    [*]Double click [B]combofix.exe[/B] & follow the prompts.
    [*]ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is advised to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    [b]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/b]
    [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    [*]Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    [img]http://img.photobucket.com/albums/v706/ried7/whatnext.png
  5. .Click on Yes, to continue scanning for malware
  6. .If Combofix asks you to update the program, allow
  7. .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  8. .Close any open browsers.
  9. .Double click combofix.exe & follow the prompts to run.
  10. When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=====================================
Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Hi Bobbye,

Thanks for your time with this.

I updated my Adobe Reader to ten (X).

I launched JavaRa from the desktop with all other programs closed. Ran it according to instructions and several status windows went by. Then I got the message "JavaRa has encountered a problem and needs to close. We are sorry for the inconvenience." I clicked the Debug button on the window and noted "An unhandled win32 exception occurred in JavaRa.exe [4712]"

It was suggesting I use Visual Studio to open the file, which I have because I do some light VBA customs, but I'm certainly no developer, so I didn't bother.

Should I proceed with the Eset virus scan, or get this cleared up first?

Larry
 
Update for Bobbye

I re-booted and re-ran JavaRa and it ran to completion. I then proceeded with all the other steps you asked. Below are the logs.

JavaRa:

JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Mar 15 18:50:21 2011

Found and removed: C:\Program Files\Java\jre1.5.0_06Found and removed: C:\Program Files\Java\jre1.5.0_09Found and removed: C:\Program Files\Java\jre1.5.0_10Found and removed: C:\Program Files\Java\jre1.5.0_11Found and removed: C:\Program Files\Java\jre1.6.0_02Found and removed: C:\Program Files\Java\jre1.6.0_03Found and removed: C:\Program Files\Java\jre1.6.0_05Found and removed: C:\Program Files\Java\jre1.6.0_07Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_11Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_12Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_13Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_14Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_15Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_17Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_18Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_19Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_20Found and removed: C:\Documents and Settings\Larry\Application Data\Sun\Java\jre1.6.0_23Found and removed: Applications\java.exeFound and removed: Applications\javaw.exeFound and removed: JavaPlugin.FamilyVersionSupportFound and removed: Installer\Products\8A0F842331866D117AB7000B0D610007Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}Found and removed: JavaScriptFound and removed: JavaScript AuthorFound and removed: JavaScript1.1Found and removed: JavaScript1.1 AuthorFound and removed: JavaScript1.2Found and removed: JavaScript1.2 AuthorFound and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}Found and removed: Software\Classes\JavaPlugin.150_06Found and removed: Software\Classes\JavaPlugin.150_09Found and removed: Software\Classes\JavaPlugin.150_10Found and removed: Software\Classes\JavaPlugin.150_11Found and removed: Software\Classes\JavaPlugin.160_02Found and removed: Software\Classes\JavaPlugin.160_03Found and removed: Software\Classes\JavaPlugin.160_05Found and removed: Software\Classes\JavaPlugin.160_07Found and removed: Software\JavaSoft\Java UpdateFound and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_06Found and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_09Found and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_11Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_07Found and removed: Software\JavaSoft\Java2D\1.5.0_06Found and removed: Software\JavaSoft\Java2D\1.5.0_09Found and removed: Software\JavaSoft\Java2D\1.5.0_10Found and removed: Software\JavaSoft\Java2D\1.5.0_11Found and removed: SOFTWARE\Classes\JavaPluginFound and removed: SOFTWARE\Classes\JavaPlugin.150_06Found and removed: SOFTWARE\Classes\JavaPlugin.150_09Found and removed: SOFTWARE\Classes\JavaPlugin.150_10Found and removed: SOFTWARE\Classes\JavaPlugin.150_11Found and removed: SOFTWARE\Classes\JavaPlugin.160_02Found and removed: SOFTWARE\Classes\JavaPlugin.160_03Found and removed: SOFTWARE\Classes\JavaPlugin.160_05Found and removed: SOFTWARE\Classes\JavaPlugin.160_07Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Wed Mar 16 00:50:07 2011

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}------------------------------------Finished reporting.

Eset Log:

C:\Documents and Settings\Larry\My Documents\Programs\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application
C:\Documents and Settings\Larry\My Documents\Programs\Setup_FreeVideoConverter.exe Win32/Adware.Toolbar.Dealio application
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application
C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\WINDOWS\system32\la1.vbe Win32/IRCBot.UE trojan
C:\WINDOWS\system32\la2.vbe probably a variant of VBS/TrojanDownloader.Agent.LOBWVMT trojan
 
ComboFix:

ComboFix 11-03-15.03 - Larry 03/16/2011 12:16:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.573 [GMT -4:00]
Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Larry\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Ijl11.dll
c:\windows\system32\pst.dat
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-16 to 2011-03-16 )))))))))))))))))))))))))))))))
.
.
2011-03-16 14:51 . 2011-03-16 14:51 -------- d-----w- c:\documents and settings\Larry\Application Data\Avira
2011-03-16 14:43 . 2011-01-10 18:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-16 14:43 . 2011-01-10 18:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-16 14:43 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-03-16 14:43 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-03-16 14:43 . 2011-03-16 14:43 -------- d-----w- c:\program files\Avira
2011-03-16 14:43 . 2011-03-16 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-03-16 05:04 . 2011-03-16 05:04 -------- d-----w- c:\program files\ESET
2011-03-15 22:18 . 2011-03-15 22:18 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-15 22:11 . 2011-03-15 22:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-14 04:07 . 2011-03-14 04:07 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-03-14 04:07 . 2011-03-14 04:07 -------- d-----w- c:\program files\Prevx
2011-03-14 04:07 . 2011-03-15 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2011-03-12 22:28 . 2011-03-12 22:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-12 21:02 . 2011-03-12 21:02 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Sunbelt Software
2011-03-12 19:43 . 2011-03-12 19:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-03-12 19:43 . 2011-03-12 19:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-03-12 16:52 . 2011-03-03 18:16 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-03-12 16:52 . 2011-03-03 18:16 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-03-12 16:52 . 2011-03-03 18:16 912344 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2011-03-12 16:52 . 2011-03-03 18:16 107480 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2011-03-12 16:52 . 2011-03-03 16:07 249856 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll
2011-03-12 16:52 . 2011-03-03 18:16 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2011-03-12 16:20 . 2011-03-14 19:47 -------- d-----w- c:\program files\Registry Cleaner
2011-03-11 20:37 . 2011-03-11 20:40 -------- d-----w- c:\documents and settings\Larry\Application Data\Asidqo
2011-03-11 20:37 . 2011-03-11 20:37 -------- d-----w- c:\documents and settings\Larry\Application Data\Uryg
2011-03-03 01:06 . 2011-03-03 01:06 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-03-03 01:06 . 2011-03-03 01:06 -------- d-----w- c:\program files\Motorola
2011-03-03 00:02 . 2011-03-03 00:08 256 ----a-w- c:\documents and settings\Larry\pool.bin
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 21:06 . 2009-11-12 22:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-11 22:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 22:11 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 22:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 22:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 22:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:09 . 2009-02-10 23:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-02-10 23:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-11 22:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 67128]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-06-22 1384448]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"MediaLifeService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-13 110739]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-5 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-8 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-10-5 450560]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\Media Experience\\PCM2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/16/2011 10:43 AM 135336]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 12:47 PM 202048]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2010 3:26 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/3/2007 3:58 PM 206192]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 6:00 PM 14336]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
itlsvc REG_MULTI_SZ itlperf
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2010-08-12 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-08-09 19:18]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:26]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:26]
.
2006-09-11 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 00:12]
.
2011-03-03 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2011-03-16 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2011-03-09 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2011-03-16 c:\windows\Tasks\User_Feed_Synchronization-{4CCA0039-BE1F-4A40-AEA1-218C6FEB23AC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
2010-08-19 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-08-09 19:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.allmyfaves.com/
uSearchMigratedDefaultURL = hxxp://search.excite.com/search.gw?search={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=hxVtOCNV0UG2A3UdxuuOmEyuR-s
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = *.local;<local>
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {81449547-EB5D-422E-8730-932DC5E412C8} - hxxp://www.howardstern.com/install/uvuplayer.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - hxxp://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\42uas7h1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.allmyfaves.com/
FF - prefs.js: network.proxy.ftp - proxy
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Smart Defrag_is1 - c:\program files\IObit\IObit SmartDefrag\unins000.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-16 12:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-03-16 12:42:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-16 16:42
.
Pre-Run: 17,338,892,288 bytes free
Post-Run: 17,255,198,720 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7E9743D760E000B31E38CCCE125DE40E

Again, thanks for your time, Bobbye.

Larry
 
Almost 24-hours since I finished running all apps requested and I have had no issues yet. Advertisements have gone from Firefox, and no more alerts of a virus being found and quarantined. Keeping my fingers crossed...Larry
 
I bet the system said Thank You after you ran JavaRa! That was a lot of files! Did you remember to update to the current v6u24 after running it?

For the entries in Eset: Please download OTMovit by Old Timer[/b] and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files 
C:\Documents and Settings\Larry\My Documents\Programs\Setup_FreeConverter.exe 
C:\Documents and Settings\Larry\My Documents\Programs\Setup_FreeVideoConverter.exe 
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL 
C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL 
C:\WINDOWS\system32\la1.vbe 
C:\WINDOWS\system32\la2.vbe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==========================================
Please run this Security Check:

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===========================================
When finished, please tell me what antivirus program you're going to keep on the system.[/B=======================================================
Are there your settings?
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=hxVtOCNV0UG2A3UdxuuOmEyuR-s
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = *.local;<local>
Click to expand...
And these?
FF - prefs.js: network.proxy.ftp - proxy
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy
FF - prefs.js: network.proxy.ssl_port - 8080
Click to expand...

Why?
We'll finish up with Combofix script after I know.
 
Add/Remove Programs shows 4 Java entries presently. I have Java 6 Update 2, Java 6 Update 24, Java 6 Update 3, and Java 6 Update 5. Should I run JavaRa again? And a Java program JUSched (?) gives me an error it wants to report to Microsoft soon after I boot up.

OTMoveIt log:

All processes killed
========== FILES ==========
File/Folder C:\Documents and Settings\Larry\My Documents\Programs\Setup_FreeConverter.exe not found.
File/Folder C:\Documents and Settings\Larry\My Documents\Programs\Setup_FreeVideoConverter.exe not found.
DllUnregisterServer procedure not found in C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL moved successfully.
C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL moved successfully.
C:\WINDOWS\system32\la1.vbe moved successfully.
C:\WINDOWS\system32\la2.vbe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Larry
->Temp folder emptied: 802437 bytes
->Temporary Internet Files folder emptied: 47981166 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 106529214 bytes
->Flash cache emptied: 3026 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33557 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 615667 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2655428619 bytes

Total Files Cleaned = 2,681.00 mb



The FreeConverter and FreeVideoConverter files were not found because I deleted them manually last week. I had downloaded them a long time ago and was no longer using them.


Security Check Log:

Results of screen317's Security Check version 0.99.9
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
ZoneAlarm
ZoneAlarm Spy Blocker
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Registry Cleaner 2.1
Java(TM) 6 Update 24
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader X (10.0.1)
Mozilla Firefox (3.6.15)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````


I was using AVG anti-virus, but, after this experience, I have lost confidence in them. Right now I still have Avira loaded from your previous recommendation. If you consider it to be a good program, I'll stick with it. Also, as you will see in the above log, I have Registry Cleaner installed. I used it prior to working with you on TechSpot. Do you have any insight as to how good this registry cleaner is? Or do you have a different reccomendation?

As for your question about the uInternet settings and the FF-Prefs.js, I have no idea what any of that is. I don't know what they are settings for, or what any of those statements mean.

Thaniks again Bobbye.
 
You're welcome. Just a bit more cleaning up to do:

Remove all:
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Do you have any insight as to how good this registry cleaner is? Or do you have a different reccomendation?
Click to expand...
Recommend remove this:
Registry Cleaner 2.1 > Most of us don't recommend using any Registry cleaner.
=====================================
Re: AV> Avira and Avast are both good and free.
I stopped recommending (and using) AVG when they went to v8!
=======================================
Total Files Cleaned = 2,681.00 mb in OTM
Are you doing any regular maintenance on the system, This is a huge amount of files!
========================================
I intentionally remove the ZoneAlarm 'spy bar'!
===================================
Did you look into those port 8080 settings in Firefox?
 
> Did you look into those port 8080 settings in Firefox?

I don't know what that means. At the bottom of my previous post, I was saying about the uInternet settings and the FF-Prefs.js, I have no idea what any of that is. I don't know what they are settings for, or what any of those statements mean. Is there another thread that explains what it is and where I go to check the settings?

I now have only the Java 6 Update 24 listed in my add/remove programs.

Like most people, I usually don't get concerned with maintenance as long as the machine is running well. I'm good about keeping the temp folder in my profile and the one in the Windows folder clean. I probably don't run Malware Bytes as often as I should. I guess I never felt like I was visiting the kind of sites that would mess my machine up in the first place, but I know better now.

I also intend to check into the Virtual PC software and try to setup a virtual machine to use for browsing the web.

Please let me know what to do next...Larry
 
"No Proxy" was already selected in the Firefox settings.

ComboFix log is below:

ComboFix 11-03-24.06 - Larry 03/25/2011 12:29:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.514 [GMT -4:00]
Running from: c:\documents and settings\Larry\My Documents\Programs\PC Maintenance\ComboFix.exe
Command switches used :: c:\documents and settings\Larry\My Documents\Programs\PC Maintenance\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\bae\BAE.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Service_Lavasoft Kernexplorer
.
.
((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
.
.
2011-03-21 16:16 . 2011-03-21 16:16 -------- d-----w- C:\_OTM
2011-03-16 22:08 . 2011-03-16 22:10 77 ----a-w- c:\documents and settings\Larry\Mydocs backup.bat
2011-03-16 14:51 . 2011-03-16 14:51 -------- d-----w- c:\documents and settings\Larry\Application Data\Avira
2011-03-16 14:43 . 2011-03-17 20:04 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-16 14:43 . 2011-01-10 18:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-16 14:43 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-03-16 14:43 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-03-16 14:43 . 2011-03-16 14:43 -------- d-----w- c:\program files\Avira
2011-03-16 14:43 . 2011-03-16 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-03-16 05:04 . 2011-03-16 05:04 -------- d-----w- c:\program files\ESET
2011-03-15 22:18 . 2011-03-15 22:18 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-15 22:11 . 2011-03-15 22:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-14 04:07 . 2011-03-14 04:07 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-03-14 04:07 . 2011-03-14 04:07 -------- d-----w- c:\program files\Prevx
2011-03-14 04:07 . 2011-03-15 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2011-03-12 22:28 . 2011-03-12 22:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-12 21:02 . 2011-03-12 21:02 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Sunbelt Software
2011-03-12 19:43 . 2011-03-12 19:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-03-12 19:43 . 2011-03-12 19:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-03-12 16:52 . 2011-03-03 18:16 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-03-12 16:52 . 2011-03-03 18:16 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-03-12 16:52 . 2011-03-03 18:16 912344 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2011-03-12 16:52 . 2011-03-03 18:16 107480 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2011-03-12 16:52 . 2011-03-03 16:07 249856 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll
2011-03-12 16:52 . 2011-03-03 18:16 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2011-03-11 20:37 . 2011-03-11 20:40 -------- d-----w- c:\documents and settings\Larry\Application Data\Asidqo
2011-03-11 20:37 . 2011-03-11 20:37 -------- d-----w- c:\documents and settings\Larry\Application Data\Uryg
2011-03-03 01:06 . 2011-03-03 01:06 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-03-03 01:06 . 2011-03-03 01:06 -------- d-----w- c:\program files\Motorola
2011-03-03 00:02 . 2011-03-03 00:08 256 ----a-w- c:\documents and settings\Larry\pool.bin
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 21:06 . 2009-11-12 22:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 01:40 . 2010-05-24 20:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19 . 2007-07-31 03:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2004-08-11 22:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 22:11 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 22:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 22:00 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 67128]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-06-22 1384448]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"MediaLifeService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-13 110739]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-5 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-8 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-10-5 450560]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\Media Experience\\PCM2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/16/2011 10:43 AM 135336]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 12:47 PM 202048]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2010 3:26 PM 136176]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/3/2007 3:58 PM 206192]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 6:00 PM 14336]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
itlsvc REG_MULTI_SZ itlperf
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:26]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:26]
.
2011-03-25 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2011-03-25 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2011-03-09 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2011-03-25 c:\windows\Tasks\User_Feed_Synchronization-{4CCA0039-BE1F-4A40-AEA1-218C6FEB23AC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.allmyfaves.com/
uSearchMigratedDefaultURL = hxxp://search.excite.com/search.gw?search={searchTerms}
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {81449547-EB5D-422E-8730-932DC5E412C8} - hxxp://www.howardstern.com/install/uvuplayer.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - hxxp://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\42uas7h1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.allmyfaves.com/
FF - prefs.js: network.proxy.ftp - proxy
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-25 12:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(1224)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-03-25 13:13:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-25 17:13
ComboFix2.txt 2011-03-16 16:42
.
Pre-Run: 41,882,882,048 bytes free
Post-Run: 41,867,591,680 bytes free
.
- - End Of File - - 51B6BB54E640DF2A2520E5ABD525F5A2





Also removed all suggested scheduled tasks from the system tools.

I COULD NOT find musicmatch.com\online in my Trusted Zone. Can you tell me how to navigate to the window where I should see it?

Also, I COULD NOT uninstall the Dell URL Assistant, even though I booted up in safe mode and logged in as the administrator. When I click the Change/Remove button you can see the add/remove window title bar quickly go to the background and then reactivate. The mouse arrow turns to the hour-glass for that 1/4 of a second, but nothing else ever happens.

I installed the WOT add-in for Firefox.

Thanks Bobbye
 
Question: Do you know what either of these Directories are for? Did you set them up?
c:\documents and settings\Larry\Application Data\Asidqo
c:\documents and settings\Larry\Application Data\Uryg
Date and time for both are 2011-03-11 20:37
======================================
Please run this Security Check again:

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
================================
It looks like you have the FoxyProxy addon or extension in Firefox. Please go to Tools> Addons> Click on PlugIns> if you see FoxyProxy, highlight it and disable. If not seen in PlugIns, click on Extensions and check these.
==================================
You also need to update Firefox: Mozilla Firefox (3.6.15) should now be v3.6.19.
 
You said:

Question: Do you know what either of these Directories are for? Did you set them up?
c:\documents and settings\Larry\Application Data\Asidqo
c:\documents and settings\Larry\Application Data\Uryg
Date and time for both are 2011-03-11 20:37

I did not set them up and don't know what they were for. Both folders were empty, so I deleted both of them.

I ran Security Check as requested. I noticed in the resulting log, which I've posted below, that it found an older version of Java again, Java(TM) 6 Update 7. I could not find a listing for this in add/remove programs, so I ran JavaRa again as well. And I've posted JavaRa's log file below.

Security Check:

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
ZoneAlarm
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader X (10.0.1)
Mozilla Firefox (3.6.16) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

Removed Java Ra log
Finished reporting.
 
Removing redundant Java Ra log.
Finished reporting.
===========================

Finally, I could not find any references to Foxy Proxy in my Firefox add-ins, extensions, or applications windows or tabs. I did find some older outdated Java add-ins that I uninstalled.

And I still can't remove the Dell URL Assistant, in safe mode or normally via add/remove.

Larry
 
Good work: Found and removed: C:\Program Files\Java\jre1.6.0_07

Did you do this?
It looks like you have the FoxyProxy addon or extension in Firefox. Please go to Tools> Addons> Click on PlugIns> if you see FoxyProxy, highlight it and disable. If not seen in PlugIns, click on Extensions and check these.
Click to expand...

If not, please do so. And since you updated Firefox, after you check for FoxyPro, please rescan with Combofix. If the ports are still open, I'll try to close them manually with script.
 
I could not find any references to Foxy Proxy in my Firefox add-ins, extensions, or applications windows or tabs. I did find some older outdated Java add-ins that I uninstalled.

And I still can't remove the Dell URL Assistant, in safe mode or normally via add/remove.

ComboFix Log:

ComboFix 11-04-10.04 - Larry 04/11/2011 14:26:46.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.519 [GMT -4:00]
Running from: c:\documents and settings\Larry\My Documents\Programs\PC Maintenance\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Larry\Application Data\PriceGong
c:\documents and settings\Larry\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Larry\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Larry\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-07 14:49 . 2011-04-07 14:49 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2011-04-06 16:35 . 2011-04-06 16:35 164880 ---ha-w- c:\documents and settings\Larry\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2011-04-06 16:33 . 2011-04-06 16:33 -------- d-----w- c:\program files\Microsoft Virtual PC
2011-04-05 20:23 . 2011-04-05 20:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-04-05 03:38 . 2011-04-05 03:47 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Deployment
2011-03-30 18:03 . 2011-03-30 18:03 -------- d-----w- c:\documents and settings\Larry\Application Data\Ashampoo
2011-03-30 18:03 . 2011-04-07 14:34 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\MyAshampoo
2011-03-30 18:03 . 2011-04-10 14:44 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\ConduitEngine
2011-03-30 18:03 . 2011-03-30 18:04 -------- d-----w- c:\program files\ConduitEngine
2011-03-30 18:03 . 2011-03-30 18:04 -------- d-----w- c:\program files\MyAshampoo
2011-03-30 18:02 . 2011-03-30 18:02 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\ashampoo
2011-03-30 18:02 . 2011-03-30 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2011-03-30 17:28 . 2011-03-30 17:28 -------- d-----w- c:\documents and settings\Larry\Application Data\Nero
2011-03-30 17:14 . 2011-03-30 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-03-30 16:37 . 2011-03-30 16:37 -------- d-----w- c:\program files\Smart File Advisor
2011-03-30 16:37 . 2011-03-30 16:37 -------- d-----w- c:\program files\Smart Projects
2011-03-21 16:16 . 2011-03-21 16:16 -------- d-----w- C:\_OTM
2011-03-16 22:08 . 2011-03-16 22:10 77 ----a-w- c:\documents and settings\Larry\Mydocs backup.bat
2011-03-16 14:51 . 2011-03-16 14:51 -------- d-----w- c:\documents and settings\Larry\Application Data\Avira
2011-03-16 14:43 . 2011-03-17 20:04 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-16 14:43 . 2011-01-10 18:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-16 14:43 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-03-16 14:43 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-03-16 14:43 . 2011-03-16 14:43 -------- d-----w- c:\program files\Avira
2011-03-16 14:43 . 2011-03-16 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-03-16 05:04 . 2011-03-16 05:04 -------- d-----w- c:\program files\ESET
2011-03-15 22:18 . 2011-03-15 22:18 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-15 22:11 . 2011-03-15 22:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-14 04:07 . 2011-03-14 04:07 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-03-14 04:07 . 2011-03-14 04:07 -------- d-----w- c:\program files\Prevx
2011-03-14 04:07 . 2011-03-15 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2011-03-12 22:28 . 2011-03-12 22:28 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-03-12 22:28 . 2011-03-12 22:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-12 21:02 . 2011-03-12 21:02 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Sunbelt Software
2011-03-12 19:43 . 2011-03-12 19:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-03-12 19:43 . 2011-03-12 19:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 21:06 . 2009-11-12 22:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-03 00:08 . 2011-03-03 00:02 256 ----a-w- c:\documents and settings\Larry\pool.bin
2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 01:40 . 2010-05-24 20:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19 . 2007-07-31 03:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2004-08-11 22:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 22:11 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 22:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 67128]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-06-22 1384448]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"MediaLifeService"="c:\program files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-13 110739]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-03-02 280312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-5 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-8 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-10-5 450560]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\Media Experience\\PCM2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/16/2011 10:43 AM 135336]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 12:47 PM 202048]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2010 3:26 PM 136176]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/3/2007 3:58 PM 206192]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 6:00 PM 14336]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
itlsvc REG_MULTI_SZ itlperf
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:26]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:26]
.
2011-03-25 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2011-04-11 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2011-03-09 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07 16:47]
.
2011-04-11 c:\windows\Tasks\User_Feed_Synchronization-{4CCA0039-BE1F-4A40-AEA1-218C6FEB23AC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.allmyfaves.com/
uSearchMigratedDefaultURL = hxxp://search.excite.com/search.gw?search={searchTerms}
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {81449547-EB5D-422E-8730-932DC5E412C8} - hxxp://www.howardstern.com/install/uvuplayer.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} - hxxp://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cab
FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\42uas7h1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyAshampoo Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.allmyfaves.com/
FF - prefs.js: network.proxy.ftp - proxy
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: SortPlaces: sortplaces@andyhalford.com - %profile%\extensions\sortplaces@andyhalford.com
FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-11 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-04-11 15:29:36
ComboFix-quarantined-files.txt 2011-04-11 19:29
ComboFix2.txt 2011-03-25 17:13
ComboFix3.txt 2011-03-16 16:42
.
Pre-Run: 39,515,521,024 bytes free
Post-Run: 39,552,217,088 bytes free
.
- - End Of File - - 66BF00BC92B87B9BE7FA13F0D56E2A72
 
Installing new programs while trying to clean a system should not be done. We are still in the process of cleaning and you installed all of the following:
  1. c:\program files\ConduitEngine>> (3/30) module of Conduit Open that allows users to add apps directly to their browser without a community toolbar.
    [*]c:\program files\MyAshampoo (3/30)
    [*]c:\program files\Smart File Advisor>> (3/30)Smart File Advisor will help you find appropriate programs to open your files using Filefacts.net web site database
    [*]c:\program files\Smart Projects>> (3/30) CD/DVD optical media file rescue & recovery.
    [*]c:\program files\Microsoft Virtual PC>> (4/6) The Virtual Server 2005 virtual machine technology allows you to run multiple operating systems simultaneously on a single physical computer.
Not only did they add the above entries to the system, but they also added these Registry entries:
  1. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll"
    [*][HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    [*][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    [*][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
    [*][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll"
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll"
    [*][HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    [*][HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [*][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll"
    [*][HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    [*][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe"]

MyAshampoo Toolbar - a Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
==================================================
So not only do Port 8080 entries remain, but your system has been changed. As far as I can determine, using the proxy override to Port 8080 requires requires an explicit "default port override" to request a web browser to connect to port 8080 rather than the HTTP default of port 80.

Please tell me how the system is running now.
 
The Conduit Engine and AShampoo toolbar were installed when I updated to the latest version of Firefox. After the browser update finished, it requested permission to update the add-ins, and I had a new toolbar when it was finished. What I had noticed was the difference in my Google searches, and the ads the page had on it.

I found an article that I used to remove the conduit engine and reset my default search engine information here:

http://thesietch.org/mysietch/keith/2010/12/08/how-to-remove-conduit-engine-search-from-firefox-3-x/

I also had installed Web Of Trust to Firefox on your recommendation, and I thought the Smart File Advisor was part of that, Otherwise, I'm not sure where it came from, but I removed it.

The Smart Projects is ISObuster, which is a legitimate data recovery tool, and you know what Microsoft Virtual PC is.

I manually checked the registry for the new entries you noted and removed any I found.

The machine has been running fine since the initial runs of JavaRa, the eset on-line virus scan, and CombFix on March 16.

As I stated when I first sought help in mid-March, I use this computer for business, and I have the need to install and test different software when looking for a solution for my customers. Much of that software is from Microsoft; some of it is not. Virtual PC is recommended on this site as a way of working with different system environments without risking the operation and security of your actual system. Which is why I installed it, so I could get on with my business. Now I have need to install MS Office 2007 for a project that requires MS Access 2007. To the degree that Microsoft can be trusted ;-) , should I not be alright installing such software?

Larry
 
The Conduit Engine and AShampoo toolbar were installed when I updated to the latest version of Firefox.
Click to expand...
Every download screen should be carefully examined for any pre-checked items. All of those pre checked boxes should be unchecked before you proceed with the download. I would also encourage you to try and download from the home site, when possible. I would be surprised if Mozilla put the Conduit Engine and AShampoo on the system.

When you are being helped in a forum such as this, you should only act on the instructions of the helper. That person is working with logs entries that may be changed when an outside source is used or when you make a registry change. I had script made out for you to run based on the Combofix log. However, since you have made some changes on your own, you would need to rescan and give me a new Combofix log.

You might want to add Easy List to Firefox. It's an additional ad filter that works with AdBlockPlus.
=======================================
If you want me to remove remaining entries, please run Combofix again. If not, since the original problems have been resolved, you can remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
Let me know if you have any more questions.

The system is clean and you can go ahead with the Office install.
 
Status
Not open for further replies.

Similar threads

A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
392
trparky
T
D
Microsoft reveals how much Windows 10 Extended Security Updates will cost
Replies
16
Views
248
Gezzer
G
A
Windows 10 Enterprise and Education editions will soon enter end of life status
Replies
12
Views
244
Lounds
L

Latest posts

Back