Solved Google search page appears to be fraudulent, searches result in foreign language

Status
Not open for further replies.

mcn901

Posts: 10   +0
System affected (friend's not mine): Windows XP Home Edition Version 2002 Service Pack 3

Problem: appears Unique to Google Search home page.
Internet Explorer and Firefox both behave the same
When I go to www.google.ca I get what appears to be a Google search page but it is NOT the one from google.ca
- the google logo does not say "Google Canada"
- there is no "option for french"
- most of the links like "Advanced search options" just blink and the same page comes up, sometimes with a missing Google logo
- when I enter a search term and hit enter, it delivers a "results" page with links, but in a foreign language (not french)
- other internet sites operate normally
- trying to join techspot.com from that machine does not display the image needed for image verification
I am running AVG 2011, MalwareBytes 1.50.1.1100, windows firewall

Ran the 8 steps as per instructions

==================
AVG scan log
=================
"Scan ""Whole computer scan"" completed."
"Warnings";"8";"8";"0"
"Folders selected for scanning:";"Whole computer scan"
"Scan started:";"January 6, 2011, 4:15:01 AM"
"Scan finished:";"January 6, 2011, 4:58:38 AM (43 minute(s) 37 second(s))"
"Total object scanned:";"1015509"
"User who launched the scan:";"Larry"

"Warnings"
"";"File";"Infection";"Result"
"";"C:\Documents and Settings\Larry\Cookies\larry@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"";"C:\Documents and Settings\Larry\Cookies\larry@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Healed"
"";"C:\Documents and Settings\Larry\Cookies\larry@mediaplex[2].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"";"C:\Documents and Settings\Larry\Cookies\larry@mediaplex[2].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
"";"C:\Documents and Settings\Larry\Cookies\larry@mediaplex[2].txt";"Found Tracking cookie.Mediaplex";"Healed"
"";"C:\Documents and Settings\Larry\Cookies\larry@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\Larry\Cookies\larry@atdmt[2].txt:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\Larry\Cookies\larry@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Healed"

======================
MBAM Log
======================
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5469

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/01/2011 7:20:41 AM
mbam-log-2011-01-06 (07-20-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 248261
Time elapsed: 1 hour(s), 23 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

================
GMER log
================
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-06 07:52:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3160811AS rev.3.AAE
Running: lrdv8m8z.exe; Driver: C:\DOCUME~1\Larry\LOCALS~1\Temp\kflcrpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

====================
DDS log
====================

DDS (Ver_10-12-12.02) - NTFSx86
Run by Larry at 7:57:18.25 on 06/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.2495.1756 [GMT -7:00]

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Larry\Desktop\lrdv8m8z.exe
C:\Documents and Settings\Larry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
AppInit_DLLs: c:\windows\system32\zawolam.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 89.149.230.137 www.google.com
Hosts: 89.149.230.137 www.google.de
Hosts: 89.149.230.137 www.google.fr
Hosts: 89.149.230.137 www.google.co.uk
Hosts: 89.149.230.137 www.google.com.br

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
S2 gupdate1ca46d14845d248;Google Update Service (gupdate1ca46d14845d248);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

=============== Created Last 30 ================

2011-01-06 11:06:01 -------- d-----w- c:\docume~1\larry\applic~1\Malwarebytes
2011-01-06 10:52:17 -------- d-sh--w- c:\documents and settings\larry\PrivacIE
2011-01-05 23:55:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-05 19:38:16 -------- d--h--w- C:\$AVG
2011-01-05 18:24:11 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-01-05 18:23:20 -------- d-----w- c:\windows\system32\drivers\AVG
2011-01-05 18:23:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-01-05 18:17:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-05 16:09:36 90112 ----a-w- c:\windows\unvise32.exe
2011-01-05 16:07:12 -------- d-----w- c:\program files\Starry Night Enthusiast 4.5
2011-01-05 15:08:26 -------- d-----w- C:\Hubble Site Light
2011-01-05 13:42:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2011-01-05 13:42:45 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-01-05 13:42:44 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-01-05 13:42:44 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-01-05 13:42:32 -------- d-----w- c:\program files\NVIDIA Corporation
2011-01-05 13:41:02 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-01-04 22:43:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-04 22:43:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-04 22:43:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-04 22:43:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-04 22:31:51 -------- d-----w- c:\windows\pss
2010-12-15 10:17:18 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 10:15:16 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-08 11:12:38 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2008-10-30 18:26:50 16156056 ----a-w- c:\program files\jre-6u10-windows-i586-p.exe
2006-12-13 21:32:39 2904959 ----a-w- c:\program files\java3d-1_4_0_01-windows-i586.exe

============= FINISH: 7:57:33.57 ===============

ATTACH Log too big - will add after this
 
ATTACH log part 1 for the problem PC

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 06/11/2006 2:33:12 PM
System Uptime: 06/01/2011 5:54:32 AM (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | A8N-VM CSM
Processor: AMD Athlon(tm) 64 Processor 3500+ | CPU 1 | 2210/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 105.489 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP720: 09/10/2010 3:04:28 AM - System Checkpoint
RP721: 10/10/2010 4:04:28 AM - System Checkpoint
RP722: 11/10/2010 5:04:28 AM - System Checkpoint
RP723: 12/10/2010 6:04:28 AM - System Checkpoint
RP724: 13/10/2010 7:04:30 AM - System Checkpoint
RP725: 14/10/2010 3:00:31 AM - Software Distribution Service 3.0
RP726: 18/10/2010 4:27:22 PM - System Checkpoint
RP727: 19/10/2010 5:21:20 PM - System Checkpoint
RP728: 20/10/2010 6:21:25 PM - System Checkpoint
RP729: 21/10/2010 7:21:20 PM - System Checkpoint
RP730: 25/10/2010 4:10:44 PM - System Checkpoint
RP731: 26/10/2010 4:12:43 PM - System Checkpoint
RP732: 27/10/2010 4:32:45 PM - System Checkpoint
RP733: 28/10/2010 5:30:45 PM - System Checkpoint
RP734: 29/10/2010 5:32:42 PM - System Checkpoint
RP735: 30/10/2010 6:46:42 PM - System Checkpoint
RP736: 31/10/2010 7:32:42 PM - System Checkpoint
RP737: 01/11/2010 8:32:43 PM - System Checkpoint
RP738: 02/11/2010 9:32:42 PM - System Checkpoint
RP739: 03/11/2010 10:32:43 PM - System Checkpoint
RP740: 08/11/2010 10:14:25 AM - System Checkpoint
RP741: 09/11/2010 10:35:04 AM - System Checkpoint
RP742: 10/11/2010 1:35:18 PM - System Checkpoint
RP743: 11/11/2010 3:00:24 AM - Software Distribution Service 3.0
RP744: 12/11/2010 3:35:02 AM - System Checkpoint
RP745: 13/11/2010 4:35:02 AM - System Checkpoint
RP746: 14/11/2010 5:34:52 AM - System Checkpoint
RP747: 15/11/2010 6:34:52 AM - System Checkpoint
RP748: 16/11/2010 7:34:52 AM - System Checkpoint
RP749: 17/11/2010 8:34:52 AM - System Checkpoint
RP750: 18/11/2010 9:34:53 AM - System Checkpoint
RP751: 19/11/2010 10:34:52 AM - System Checkpoint
RP752: 20/11/2010 11:34:52 AM - System Checkpoint
RP753: 21/11/2010 12:34:48 PM - System Checkpoint
RP754: 22/11/2010 1:55:07 PM - System Checkpoint
RP755: 23/11/2010 3:24:30 PM - System Checkpoint
RP756: 24/11/2010 3:57:31 PM - System Checkpoint
RP757: 25/11/2010 4:57:34 PM - System Checkpoint
RP758: 26/11/2010 5:57:31 PM - System Checkpoint
RP759: 27/11/2010 6:57:33 PM - System Checkpoint
RP760: 28/11/2010 7:57:48 PM - System Checkpoint
RP761: 29/11/2010 8:57:33 PM - System Checkpoint
RP762: 30/11/2010 9:57:33 PM - System Checkpoint
RP763: 01/12/2010 10:57:32 PM - System Checkpoint
RP764: 03/12/2010 12:25:15 AM - System Checkpoint
RP765: 04/12/2010 5:22:01 AM - System Checkpoint
RP766: 06/12/2010 9:54:18 AM - System Checkpoint
RP767: 07/12/2010 10:31:33 AM - System Checkpoint
RP768: 08/12/2010 11:30:27 AM - System Checkpoint
RP769: 09/12/2010 12:42:27 PM - System Checkpoint
RP770: 13/12/2010 12:53:57 PM - System Checkpoint
RP771: 14/12/2010 1:30:47 PM - System Checkpoint
RP772: 15/12/2010 3:00:17 PM - System Checkpoint
RP773: 16/12/2010 3:00:20 AM - Software Distribution Service 3.0
RP774: 20/12/2010 11:45:12 AM - System Checkpoint
RP775: 21/12/2010 12:28:39 PM - System Checkpoint
RP776: 22/12/2010 2:34:12 PM - System Checkpoint
RP777: 03/01/2011 12:03:19 PM - System Checkpoint
RP778: 05/01/2011 5:52:08 AM - Software Distribution Service 3.0
RP779: 05/01/2011 6:40:01 AM - Software Distribution Service 3.0
RP780: 05/01/2011 10:23:21 AM - Software Distribution Service 3.0
RP781: 05/01/2011 11:12:04 AM - Removed Safari
RP782: 05/01/2011 11:13:14 AM - Removed McAfee VirusScan Enterprise
RP783: 05/01/2011 11:22:45 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP784: 05/01/2011 11:22:55 AM - Installed AVG 2011
RP785: 05/01/2011 11:23:13 AM - Installed AVG 2011
RP786: 05/01/2011 1:35:43 PM - Removed Google Earth.
RP787: 05/01/2011 1:47:58 PM - Removed Apple Mobile Device Support

==== Hosts File Hijack ======================

Hosts: 89.149.230.137 www.google.com
Hosts: 89.149.230.137 www.google.de
Hosts: 89.149.230.137 www.google.fr
Hosts: 89.149.230.137 www.google.co.uk
Hosts: 89.149.230.137 www.google.com.br
Hosts: 89.149.230.137 www.google.it
Hosts: 89.149.230.137 www.google.es
Hosts: 89.149.230.137 www.google.co.jp
Hosts: 89.149.230.137 www.google.com.mx
Hosts: 89.149.230.137 www.google.ca
Hosts: 89.149.230.137 www.google.com.au
Hosts: 89.149.230.137 www.google.nl
Hosts: 89.149.230.137 www.google.co.za
Hosts: 89.149.230.137 www.google.be
Hosts: 89.149.230.137 www.google.gr
Hosts: 89.149.230.137 www.google.at
Hosts: 89.149.230.137 www.google.se
Hosts: 89.149.230.137 www.google.ch
Hosts: 89.149.230.137 www.google.pt
Hosts: 89.149.230.137 www.google.dk
Hosts: 89.149.230.137 www.google.fi
Hosts: 89.149.230.137 www.google.ie
Hosts: 89.149.230.137 www.google.no
Hosts: 89.149.230.137 search.yahoo.com
Hosts: 89.149.230.137 us.search.yahoo.com
Hosts: 89.149.230.137 uk.search.yahoo.com
Hosts: 89.149.230.137 www.bing.com

==== Installed Programs ======================

32 Bit HP CIO Components Installer
8500A909_eDocs
8500A909_Help
8500A909a
8500A909g
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
Akamai NetSession Interface
Apple Application Support
Apple Software Update
ArcSoft PhotoImpression 5
Athlon 64 Processor Driver
AusLogics Disk Defrag
AusLogics Registry Cleaner
AVG 2011
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Destination Component
DeviceDiscovery
DocMgr
DocProc
EPSON CX 4200 4800 Guide
EPSON Printer Software
EPSON Scan
Fax
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB888111
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB921108)
Hotfix for Windows Media Format SDK (KB922814)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 14
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 5.4.4 (Basic)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Run Time Lib Setup
Mozilla Firefox (3.6.2)
MPM
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
Network
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
PowerDVD
ProductContext
QuickTime
RealPlayer
RealUpgrade 1.0
Rhapsody Player Engine
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SkyMap Pro 11
SmartWebPrinting
SolutionCenter
SoundMAX
SSH Secure Shell
Starry Night Enthusiast 4.5 (Freeman)
Status
Suite Specific
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB912452)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIREO - The VIRtual Educational Observatory (Version 1.400)
VLC media player 1.1.5
WebFldrs XP
WebReg
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Hotfix - KB895181
Windows Media Player 10 Hotfix - KB888656
Windows Media Player 11
Windows XP Service Pack 3
WinZip
 
ATTACH log part 2 for the problem PC

==== Event Viewer Messages From Past Week ========

06/01/2011 5:52:54 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
06/01/2011 5:52:54 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
06/01/2011 5:52:54 AM, error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s).
06/01/2011 5:52:05 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.
06/01/2011 5:52:05 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
05/01/2011 9:28:56 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.
05/01/2011 7:57:49 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 25 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:57:28 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:57:22 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:57:12 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:57:07 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:57:01 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:56:56 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:56:50 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:56:45 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:56:39 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:56:32 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:56:06 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:55:56 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:55:48 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:55:43 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:55:32 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:55:27 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:55:21 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:55:16 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:55:08 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:54:50 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:54:45 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:54:38 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:54:32 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:54:22 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 7:53:39 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
05/01/2011 6:11:28 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Akamai NetSession Interface service to connect.
05/01/2011 6:11:27 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 117 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:11:22 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 116 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:11:17 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 115 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:11:11 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 114 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:11:06 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 113 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:11:00 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 112 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:10:55 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 111 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:10:47 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 110 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:10:42 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 109 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:10:35 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 108 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:10:18 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 107 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:10:10 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 106 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:10:05 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 105 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:10:00 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 104 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:09:55 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 103 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:09:47 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 102 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:09:42 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 101 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:09:34 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 100 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:09:28 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 99 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:09:23 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 98 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:09:18 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 97 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:09:01 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 96 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:08:56 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 95 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:08:51 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 94 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:08:46 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 93 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:08:38 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 92 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:08:33 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 91 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:08:29 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 90 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:08:23 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 89 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:08:18 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 88 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:08:13 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 87 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:08:08 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 86 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:08:03 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 85 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:07:45 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 84 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:07:40 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 83 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:07:34 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 82 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:07:24 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 81 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:07:13 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 80 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:07:07 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 79 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:07:01 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 78 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:06:55 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 77 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:06:37 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 76 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:06:31 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 75 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:06:25 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 74 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:06:19 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 73 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:06:14 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 72 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:06:05 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 71 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:06:00 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 70 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:05:53 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 69 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:05:47 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 68 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:05:42 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 67 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:05:36 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 66 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:05:15 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 65 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:05:09 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 64 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:05:00 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 63 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:04:54 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 62 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:04:44 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 61 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:04:39 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 60 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:04:34 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 59 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:04:28 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 58 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:04:23 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 57 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:04:03 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 56 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:03:57 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 55 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:03:51 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 54 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:03:45 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 53 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:03:39 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 52 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:03:32 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 51 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:03:26 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 50 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:03:21 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 49 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:03:16 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 48 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:03:07 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 47 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:02:44 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 46 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:02:33 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 45 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:02:26 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 44 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:02:20 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 43 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:02:15 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 42 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:02:10 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 41 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:02:01 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 40 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:01:53 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 39 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:01:48 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 38 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:01:27 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 37 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:01:18 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 36 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:01:13 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 35 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:01:07 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 34 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:01:02 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 33 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:00:57 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 32 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:00:52 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 31 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:00:47 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 30 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:00:42 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 29 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:00:37 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 28 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:00:20 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 27 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 6:00:12 AM, error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 26 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05/01/2011 5:16:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Avgldx86 Avgmfx86 Avgtdix Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
05/01/2011 2:16:46 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate1ca46d14845d248) service failed to start due to the following error: The system cannot find the path specified.
05/01/2011 11:14:49 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
05/01/2011 10:47:55 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2751'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
05/01/2011 1:32:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
05/01/2011 1:31:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
05/01/2011 1:28:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Avgldx86 Avgmfx86 Avgtdix Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
05/01/2011 1:28:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
05/01/2011 1:28:36 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/01/2011 1:28:36 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/01/2011 1:28:36 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
05/01/2011 1:28:36 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/01/2011 1:28:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
05/01/2011 1:28:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
05/01/2011 1:27:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================
 
Welcome to TechSpot! The Host files on your friend's computer have been hijacked. The searches are being directed to a web site in Poland. And he has the Akamai NetSession Interface ("NetSession Interface") set but it isn't working> whether the 2 are related, remains to be seen. This interface is a secure networking service that is installed for improving the speed, reliability and efficiency of content downloaded from the Internet. The NetSession Interface downloads only files specifically authorized by you, or for the purpose of automatically updating itself- however if the Service isn't running or it can't update, it will not be of any use. He should review this http://www.akamai.com/eula

This shows a status of Running, Automatic, but it does not appear to be working. Install date is 2004. Please ask if this is still being used.
=================================================
Please run the following in the order given:
Step one:
You will need to do a DNS Flush, then reset your router.
Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)
Exit the Command prompt when finished and shut the system down.-
Step two:

  • [1]. Shut down your computer, and any other computer connected to your router.
    [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
    [3]. Unplug the router. Wait sixty seconds.
    [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
    [5].With the router unplugged, start your computer.
    [6].Connect to the router again. The turn the router back on.
    [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
    [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
Step three:
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
===============================================
Step four:Follow with Download Combofix to your desktop from one of these locations:
Link 1
Link 2
http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=========================================
After I review these logs, I will have you remove multiple outdated Java and Adobe Reader programs which present vulnerabilities to the system.
 
Thanks very much for your quick reply.

To reset her router I will have to go to her site (I brought the PC to my house to work on it for the last 2 days). Since I cannot get access to her site for 2-3 hours I estimate that I will finish the steps you gave me in about 3 hours. I will post the results then.
 
Steps done as advised
ComboFix required that I uninstall AVG 2011 . Done. It ran as expected.

HijackThis Log
==========
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:25:22 PM, on 06/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 89.149.230.137 www.google.com
O1 - Hosts: 89.149.230.137 www.google.de
O1 - Hosts: 89.149.230.137 www.google.fr
O1 - Hosts: 89.149.230.137 www.google.co.uk
O1 - Hosts: 89.149.230.137 www.google.com.br
O1 - Hosts: 89.149.230.137 www.google.it
O1 - Hosts: 89.149.230.137 www.google.es
O1 - Hosts: 89.149.230.137 www.google.co.jp
O1 - Hosts: 89.149.230.137 www.google.com.mx
O1 - Hosts: 89.149.230.137 www.google.ca
O1 - Hosts: 89.149.230.137 www.google.com.au
O1 - Hosts: 89.149.230.137 www.google.nl
O1 - Hosts: 89.149.230.137 www.google.co.za
O1 - Hosts: 89.149.230.137 www.google.be
O1 - Hosts: 89.149.230.137 www.google.gr
O1 - Hosts: 89.149.230.137 www.google.at
O1 - Hosts: 89.149.230.137 www.google.se
O1 - Hosts: 89.149.230.137 www.google.ch
O1 - Hosts: 89.149.230.137 www.google.pt
O1 - Hosts: 89.149.230.137 www.google.dk
O1 - Hosts: 89.149.230.137 www.google.fi
O1 - Hosts: 89.149.230.137 www.google.ie
O1 - Hosts: 89.149.230.137 www.google.no
O1 - Hosts: 89.149.230.137 search.yahoo.com
O1 - Hosts: 89.149.230.137 us.search.yahoo.com
O1 - Hosts: 89.149.230.137 uk.search.yahoo.com
O1 - Hosts: 89.149.230.137 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\zawolam.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1ca46d14845d248) (gupdate1ca46d14845d248) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11358 bytes

===========

===========
ComboFix Log
============
ComboFix 11-01-04.01 - Larry 06/01/2011 13:52:57.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.2495.2011 [GMT -7:00]
Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
.

2011-01-06 20:24 . 2011-01-06 20:25 -------- d-----w- C:\HijackThis
2011-01-06 10:51 . 2011-01-06 10:52 -------- d-----w- c:\documents and settings\Larry
2011-01-05 23:55 . 2011-01-05 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-05 19:38 . 2011-01-05 19:38 -------- d-----w- C:\$AVG
2011-01-05 18:25 . 2011-01-05 18:25 -------- d-----w- c:\documents and settings\JH\Application Data\AVG10
2011-01-05 18:24 . 2011-01-05 18:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-05 18:23 . 2011-01-06 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-01-05 18:17 . 2011-01-05 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-05 16:09 . 2003-03-16 06:15 90112 ----a-w- c:\windows\unvise32.exe
2011-01-05 16:07 . 2011-01-05 18:07 -------- d-----w- c:\program files\Starry Night Enthusiast 4.5
2011-01-05 15:21 . 2011-01-05 15:22 -------- d-----w- c:\documents and settings\JH\Application Data\vlc
2011-01-05 15:08 . 2011-01-05 15:18 -------- d-----w- C:\Hubble Site Light
2011-01-05 13:55 . 2011-01-05 13:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-01-05 13:42 . 2011-01-05 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-01-05 13:42 . 2011-01-05 13:42 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-01-05 13:42 . 2011-01-05 13:42 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-01-05 13:42 . 2011-01-05 13:42 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-01-05 13:42 . 2011-01-05 13:42 -------- d-----w- c:\program files\NVIDIA Corporation
2011-01-05 13:41 . 2008-07-08 15:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-01-04 22:44 . 2011-01-04 22:44 -------- d-----w- c:\documents and settings\JH\Application Data\Malwarebytes
2011-01-04 22:43 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-04 22:43 . 2011-01-04 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-04 22:43 . 2011-01-05 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-04 22:43 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-04 21:46 . 2011-01-05 01:10 -------- d-----w- c:\documents and settings\Administrator
2010-12-15 10:17 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 10:15 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2006-10-16 18:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2008-10-30 18:26 . 2008-10-30 18:25 16156056 ----a-w- c:\program files\jre-6u10-windows-i586-p.exe
2006-12-13 21:32 . 2006-12-13 21:32 2904959 ----a-w- c:\program files\java3d-1_4_0_01-windows-i586.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1151:TCP"= 1151:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 5:00 AM 14336]
S2 gupdate1ca46d14845d248;Google Update Service (gupdate1ca46d14845d248);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1465058494-2243138800-104724495-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1465058494-2243138800-104724495-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1465058494-2243138800-104724495-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1465058494-2243138800-104724495-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1465058494-2243138800-104724495-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1465058494-2243138800-104724495-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-06 c:\windows\Tasks\User_Feed_Synchronization-{A82AFFAB-A6B3-4602-9697-EBB76F0243B1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 13:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3184)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-06 13:57:18
ComboFix-quarantined-files.txt 2011-01-06 20:57

Pre-Run: 113,340,682,240 bytes free
Post-Run: 113,303,916,544 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 23C8B051C919889238514B7B556FA5CE
 
Also - user does no\t know of or use the Akamai NetSession Interface for any reason.
Shall I uninstallit now or later?
 
Forgot to include in above - the router at this remote site is part of a corporate network - a 19inch rack mounted professional microwave network router.
I am unable to gain access and reset it.
 
There are over 200 errors in the Event Viewer for the Akamai NetSession Interface service. There are globally open ports in the firewall for Akamai. There are drivers running and updates being attempted. Install shows 2004. It is curious how this program could continue running for 6 years and not used.

The router setup also makes me wonder if this is a work computer and would therefore have an IT person available. I can have you remove the entries, but without the reset, I don't know if the host hijack will be eliminated.
==================================================
Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: 89.149.230.137 www.google.com
O1 - Hosts: 89.149.230.137 www.google.de
O1 - Hosts: 89.149.230.137 www.google.fr
O1 - Hosts: 89.149.230.137 www.google.co.uk
O1 - Hosts: 89.149.230.137 www.google.com.br
O1 - Hosts: 89.149.230.137 www.google.it
O1 - Hosts: 89.149.230.137 www.google.es
O1 - Hosts: 89.149.230.137 www.google.co.jp
O1 - Hosts: 89.149.230.137 www.google.com.mx
O1 - Hosts: 89.149.230.137 www.google.ca
O1 - Hosts: 89.149.230.137 www.google.com.au
O1 - Hosts: 89.149.230.137 www.google.nl
O1 - Hosts: 89.149.230.137 www.google.co.za
O1 - Hosts: 89.149.230.137 www.google.be
O1 - Hosts: 89.149.230.137 www.google.gr
O1 - Hosts: 89.149.230.137 www.google.at
O1 - Hosts: 89.149.230.137 www.google.se
O1 - Hosts: 89.149.230.137 www.google.ch
O1 - Hosts: 89.149.230.137 www.google.pt
O1 - Hosts: 89.149.230.137 www.google.dk
O1 - Hosts: 89.149.230.137 www.google.fi
O1 - Hosts: 89.149.230.137 www.google.ie
O1 - Hosts: 89.149.230.137 www.google.no
O1 - Hosts: 89.149.230.137 search.yahoo.com
O1 - Hosts: 89.149.230.137 us.search.yahoo.com
O1 - Hosts: 89.149.230.137 uk.search.yahoo.com
O1 - Hosts: 89.149.230.137 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\zawolam.dll


Close all Windows except HijackThis and click on "Fix Checked."
======================================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
Code:
File::
c:\program files\jre-6u10-windows-i586-p.exe
c:\program files\java3d-1_4_0_01-windows-i586.exe
c:\windows\System32\svchost.exe -k Akamai.
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"1151:TCP"=-
"5000:UDP"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Akamai"
Driver::
Akamai
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please go on to next reply when through.
 
Continue here after HIJT and the Combofix script:

There are 9 outdated versions of Java on the system and no current version. All of these are a vulnerability to the system. The following program with remove all of the Java entries. When it has finished, follow the direction for updating to the current version:

Please download JavaRa and unzip it to your desktop.

Important!
***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that
    a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
Then download and install then most current version and update of Java Runtime
Environment (JRE)
HERE.
======================================
The Adobe Reader v7 is also outdated and a vulnerability. Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates (v7.0) as they are vulnerabilities.
======================================
Please ask the user if they know what this file is:
C:\Documents and Settings\Larry\Desktop\lrdv8m8z.exe
=====================================

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
=========================================
Repeat the scan with HijackThis.
Paste all logs into next reply.
 
Re router and IT person available - available remotely perhaps but the IT people are, shall we say, not that experienced.
- Desktop file lrdv8m8z.exe is the random name of GMER as downloaded earlier today

Sorry for the delay - took a while to do all the steps and run the scans

I will uninstall Akamai

Ran HijackThis again - no "do system scan only" - just a scan button
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe - appeared in the log but not a checkbox item
- shall I delete this manually?

O20 - AppInit_DLLs: C:\WINDOWS\system32\zawolam.dll - did not appear this time
- checked all other Hijack items and fixed them - HJ log#2 below

ran CFscript as directed - it ran and rebooted the machine (including doing a disk check after the reboot) -CF log#2 below

Ran JavaRa as directed - it ran and worked for a while, then:
JavaRa has encountered a problem and needs to close ... Please tell Microsoft about this problem
Error signature
AppName: javara.exe AppVer: 1.16.1.1763 ModName: ntdll.dll
ModVer: 5.1.2600.5755 Offset: 0000100b
C:\DOCUME~1\Larry\LOCALS~1\Temp\f4ef_appcompat.txt - I saved this error info file (an 8K XML file)

- in Program Files/Java there is now only jre6
- tried running it again - success and log created looks like it deleted 8 of 9 - JR#1 log below

- Windows Add/Remove programs still thinks there are multiple J2SE Runtime Environment 5.0 Update 9, 10, and 11
as well as Java(TM) 6 Update 2,3,5,14 and Java(TM) SE Runtime Environment 6 Update 1
- I did not try to uninstall these via add/remove programs - should I? (some may be just leftover links to uninstalls that no longer exist)

- I will download current JAVA runtime environment in a short while

- uninstalled Adobe Reader 7.0.8 - I can install current version later

- uninstalled Akamai NetSession. - successful

- run Eset NOD32 Online AntiVirus scan - clean - log below

- repeated Hijack This - log HJ #3 below

Again, thanks for all your help, and to those who create the powerful tools you use to help us unfortunate victims.


Logs follow:

===========
HijackThis #2
===========
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:51:51 PM, on 06/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 89.149.230.137 www.google.com
O1 - Hosts: 89.149.230.137 www.google.de
O1 - Hosts: 89.149.230.137 www.google.fr
O1 - Hosts: 89.149.230.137 www.google.co.uk
O1 - Hosts: 89.149.230.137 www.google.com.br
O1 - Hosts: 89.149.230.137 www.google.it
O1 - Hosts: 89.149.230.137 www.google.es
O1 - Hosts: 89.149.230.137 www.google.co.jp
O1 - Hosts: 89.149.230.137 www.google.com.mx
O1 - Hosts: 89.149.230.137 www.google.ca
O1 - Hosts: 89.149.230.137 www.google.com.au
O1 - Hosts: 89.149.230.137 www.google.nl
O1 - Hosts: 89.149.230.137 www.google.co.za
O1 - Hosts: 89.149.230.137 www.google.be
O1 - Hosts: 89.149.230.137 www.google.gr
O1 - Hosts: 89.149.230.137 www.google.at
O1 - Hosts: 89.149.230.137 www.google.se
O1 - Hosts: 89.149.230.137 www.google.ch
O1 - Hosts: 89.149.230.137 www.google.pt
O1 - Hosts: 89.149.230.137 www.google.dk
O1 - Hosts: 89.149.230.137 www.google.fi
O1 - Hosts: 89.149.230.137 www.google.ie
O1 - Hosts: 89.149.230.137 www.google.no
O1 - Hosts: 89.149.230.137 search.yahoo.com
O1 - Hosts: 89.149.230.137 us.search.yahoo.com
O1 - Hosts: 89.149.230.137 uk.search.yahoo.com
O1 - Hosts: 89.149.230.137 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Google Update Service (gupdate1ca46d14845d248) (gupdate1ca46d14845d248) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9959 bytes

=========
ComboFix #2
=========

ComboFix 11-01-04.01 - Larry 06/01/2011 16:00:51.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.2495.1830 [GMT -7:00]
Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Larry\Desktop\CFscript.txt

FILE ::
"c:\program files\java3d-1_4_0_01-windows-i586.exe"
"c:\program files\jre-6u10-windows-i586-p.exe"
"c:\windows\System32\svchost.exe -k Akamai."
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\java3d-1_4_0_01-windows-i586.exe
c:\program files\jre-6u10-windows-i586-p.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AKAMAI
-------\Service_Akamai


((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
.

2011-01-06 20:24 . 2011-01-06 22:58 -------- d-----w- C:\HijackThis
2011-01-06 10:51 . 2011-01-06 10:52 -------- d-----w- c:\documents and settings\Larry
2011-01-05 23:55 . 2011-01-05 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-05 19:38 . 2011-01-05 19:38 -------- d-----w- C:\$AVG
2011-01-05 18:25 . 2011-01-05 18:25 -------- d-----w- c:\documents and settings\JH\Application Data\AVG10
2011-01-05 18:24 . 2011-01-05 18:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-05 18:23 . 2011-01-06 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-01-05 18:17 . 2011-01-05 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-05 16:09 . 2003-03-16 06:15 90112 ----a-w- c:\windows\unvise32.exe
2011-01-05 16:07 . 2011-01-05 18:07 -------- d-----w- c:\program files\Starry Night Enthusiast 4.5
2011-01-05 15:21 . 2011-01-05 15:22 -------- d-----w- c:\documents and settings\JH\Application Data\vlc
2011-01-05 15:08 . 2011-01-05 15:18 -------- d-----w- C:\Hubble Site Light
2011-01-05 13:55 . 2011-01-05 13:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-01-05 13:42 . 2011-01-05 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-01-05 13:42 . 2011-01-05 13:42 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-01-05 13:42 . 2011-01-05 13:42 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-01-05 13:42 . 2011-01-05 13:42 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-01-05 13:42 . 2011-01-05 13:42 -------- d-----w- c:\program files\NVIDIA Corporation
2011-01-05 13:41 . 2008-07-08 15:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-01-04 22:44 . 2011-01-04 22:44 -------- d-----w- c:\documents and settings\JH\Application Data\Malwarebytes
2011-01-04 22:43 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-04 22:43 . 2011-01-04 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-04 22:43 . 2011-01-05 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-04 22:43 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-04 21:46 . 2011-01-05 01:10 -------- d-----w- c:\documents and settings\Administrator
2010-12-15 10:17 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 10:15 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2006-10-16 18:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-01-06_20.55.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-06 23:05 . 2011-01-06 23:05 16384 c:\windows\Temp\Perflib_Perfdata_694.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

S2 gupdate1ca46d14845d248;Google Update Service (gupdate1ca46d14845d248);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1465058494-2243138800-104724495-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1465058494-2243138800-104724495-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1465058494-2243138800-104724495-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1465058494-2243138800-104724495-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1465058494-2243138800-104724495-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1465058494-2243138800-104724495-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-06 c:\windows\Tasks\User_Feed_Synchronization-{A82AFFAB-A6B3-4602-9697-EBB76F0243B1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 16:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-01-06 16:08:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-06 23:08
ComboFix2.txt 2011-01-06 20:57

Pre-Run: 113,316,990,976 bytes free
Post-Run: 113,185,746,944 bytes free

- - End Of File - - 844DAA4B386D802CB4DF83AC9784F30B


===========
JavaRa log
===========
JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jan 06 16:16:55 2011

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: Applications\javaw.exe

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: Installer\Products\8A0F842331866D117AB7000B0D610007

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: Software\Classes\JavaPlugin.150_09

Found and removed: Software\Classes\JavaPlugin.150_10

Found and removed: Software\Classes\JavaPlugin.150_11

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\JavaPlugin.160_07

Found and removed: Software\Classes\JavaPlugin.160_14

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

Found and removed: SOFTWARE\Classes\JavaPlugin.160_14

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_14

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_14

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_14

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Jan 06 16:34:37 2011

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

------------------------------------

Finished reporting.




============
Eset NOD32 log
============
no log seemed to be produced - here's what was on the screen
no threats found
scanned files 88024
infected files 0
cleaned files 0
total scan time 00:33:11


Hijack log in next post
 
============
HijackThis log #3
=============
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:44:20 PM, on 06/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Google Update Service (gupdate1ca46d14845d248) (gupdate1ca46d14845d248) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8801 bytes
 
PC is working well now. Google redirection to Poland is gone.
Have proceeded to remove all old versions of Adobe Reader and Java - it would be nice if their installers did this properly.

If there is nothing else in the last few logs to look at, then this problem should be marked as Resolved.

Thanks eversomuch for all your help. You guys and TechSpot are Great!
 
Sorry for delay- internet was down most of day. Glad to hear about removing hosts. Please replace with this:
Replace the Host Files
MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
=======================================
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
 
Status
Not open for further replies.
Back