WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Resolved] ScriptInocUI Class
Started by
cortspop
, Nov 14 2009 01:41 PM
-
This topic is locked
40 replies to this topic
#1
cortspop
-
- Authentic Member
-
- 162 posts
Authentic Member
Posted 14 November 2009 - 01:41 PM
Register to Remove
#2
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 17 November 2009 - 12:59 PM
Hi cortspop,
My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
Let's start with some cleanup.
JavaRa ...by: Paul McLain and Fred de Vries
Please download JavaRa (Copyright © 2008 RaProducts.org) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!
Use the link below to see how to run the Norton Removal Tool
http://service1.syma...005033108162039
Download Rooter.exe to your desktop
My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
Let's start with some cleanup.
JavaRa ...by: Paul McLain and Fred de Vries
Please download JavaRa (Copyright © 2008 RaProducts.org) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!
- Double-click on JavaRa.exe to start the program.
- From the drop-down menu, choose English or the appropriate language...and click on Select.
- JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
- Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
- A logfile will pop up. Please save it to a convenient location.
- Copy and paste the contents of the JavaRa log, in your next reply.
Use the link below to see how to run the Norton Removal Tool
http://service1.syma...005033108162039
Download Rooter.exe to your desktop
- Then doubleclick it to start the tool
- A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#3
cortspop
-
- Authentic Member
-
- 162 posts
Authentic Member
Posted 17 November 2009 - 07:38 PM
JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Tue Nov 17 19:22:15 2009
Found and removed: C:\Program Files\Java\j2re1.4.2_03
Found and removed: C:\Program Files\Java\jre1.6.0_01
Found and removed: C:\Program Files\Java\jre1.6.0_07
Found and removed: C:\Documents and Settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_01
Found and removed: C:\Documents and Settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_11
Found and removed: C:\Documents and Settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_12
Found and removed: C:\Documents and Settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_13
Found and removed: C:\Documents and Settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_14
Found and removed: C:\Documents and Settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_15
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\JavaPlugin.160_01
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}
Found and removed: Software\Classes\JavaPlugin.160_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01
Found and removed: Software\JavaSoft\Java2D\1.6.0_01
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\
JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Tue Nov 17 19:24:02 2009
------------------------------------
Finished reporting.
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 1, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:71 Go - Free:52 Go )
D:\ [CD_Rom]
.
Scan : 19:32.22
Path : C:\Documents and Settings\Marty Sellers\Desktop\Rooter.exe
User : Marty Sellers ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (568)
______ \??\C:\WINDOWS\system32\csrss.exe (632)
______ \??\C:\WINDOWS\system32\winlogon.exe (656)
______ C:\WINDOWS\system32\services.exe (700)
______ C:\WINDOWS\system32\lsass.exe (712)
______ C:\WINDOWS\system32\svchost.exe (876)
______ C:\WINDOWS\system32\svchost.exe (944)
______ C:\WINDOWS\System32\svchost.exe (1040)
______ C:\WINDOWS\system32\svchost.exe (1112)
______ C:\WINDOWS\system32\svchost.exe (1208)
______ C:\WINDOWS\system32\LEXBCES.EXE (1412)
______ C:\WINDOWS\system32\spoolsv.exe (1440)
______ C:\WINDOWS\system32\LEXPPS.EXE (1448)
______ C:\WINDOWS\system32\svchost.exe (1664)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1696)
______ C:\WINDOWS\system32\CTsvcCDA.EXE (1716)
______ C:\WINDOWS\system32\svchost.exe (1756)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1776)
______ C:\WINDOWS\system32\drivers\KodakCCS.exe (1820)
______ C:\Program Files\Common Files\Motive\McciCMService.exe (1884)
______ C:\WINDOWS\System32\svchost.exe (168)
______ C:\WINDOWS\System32\svchost.exe (196)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (208)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (220)
______ C:\WINDOWS\system32\ScsiAccess.EXE (236)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (436)
______ C:\WINDOWS\Explorer.EXE (748)
______ C:\WINDOWS\system32\svchost.exe (1168)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (1596)
______ C:\Program Files\Analog Devices\Core\smax4pnp.exe (1316)
______ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (1360)
______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (1772)
______ C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (1480)
______ C:\progra~1\vision~1\paperp~1\pptd40nt.exe (2060)
______ C:\WINDOWS\twain_32\paprport\3100b\flatbed.exe (2068)
______ C:\WINDOWS\system32\hkcmd.exe (2112)
______ C:\WINDOWS\system32\igfxpers.exe (2120)
______ C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe (2140)
______ C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (2180)
______ C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe (2224)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (2372)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (2460)
______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (2532)
______ C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe (2536)
______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (2668)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (2704)
______ C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe (2932)
______ C:\Program Files\Messenger\msmsgs.exe (3664)
______ C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (3700)
______ C:\Program Files\DellSupport\DSAgnt.exe (3744)
______ C:\WINDOWS\system32\ctfmon.exe (3780)
______ C:\Program Files\Dell Photo Printer 720\dlbcserv.exe (3996)
______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (2052)
______ C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (2432)
______ C:\Program Files\Webshots\webshots.scr (2308)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3312)
______ C:\WINDOWS\System32\alg.exe (2648)
______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (4084)
______ C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (1296)
______ C:\WINDOWS\system32\wuauclt.exe (1184)
______ C:\WINDOWS\system32\wuauclt.exe (2304)
______ C:\Documents and Settings\Marty Sellers\Desktop\Rooter.exe (160)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41126400 | Length:76429301760)
\Device\Harddisk0\Partition3 (Start_Offset:76470428160 | Length:3520419840)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 19:32.55
.
C:\Rooter$\Rooter_1.txt - (17/11/2009 | 19:32.55)
#4
cortspop
-
- Authentic Member
-
- 162 posts
Authentic Member
Posted 17 November 2009 - 08:04 PM
JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Tue Nov 17 19:22:15 2009
Found and removed: C:\Program Files\Java\j2re1.4.2_03
Found and removed: C:\Program Files\Java\jre1.6.0_01
Found and removed: C:\Program Files\Java\jre1.6.0_07
Found and removed: C:\Documents and Settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_01
Found and removed: C:\Documents and Settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_11
Found and removed: C:\Documents and Settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_12
Found and removed: C:\Documents and Settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_13
Found and removed: C:\Documents and Settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_14
Found and removed: C:\Documents and Settings\Marty Sellers\Application Data\Sun\Java\jre1.6.0_15
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Classes\JavaPlugin.160_01
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}
Found and removed: Software\Classes\JavaPlugin.160_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01
Found and removed: Software\JavaSoft\Java2D\1.6.0_01
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\
JavaRa 1.15 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Tue Nov 17 19:24:02 2009
------------------------------------
Finished reporting.
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 1, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:71 Go - Free:52 Go )
D:\ [CD_Rom]
.
Scan : 19:32.22
Path : C:\Documents and Settings\Marty Sellers\Desktop\Rooter.exe
User : Marty Sellers ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (568)
______ \??\C:\WINDOWS\system32\csrss.exe (632)
______ \??\C:\WINDOWS\system32\winlogon.exe (656)
______ C:\WINDOWS\system32\services.exe (700)
______ C:\WINDOWS\system32\lsass.exe (712)
______ C:\WINDOWS\system32\svchost.exe (876)
______ C:\WINDOWS\system32\svchost.exe (944)
______ C:\WINDOWS\System32\svchost.exe (1040)
______ C:\WINDOWS\system32\svchost.exe (1112)
______ C:\WINDOWS\system32\svchost.exe (1208)
______ C:\WINDOWS\system32\LEXBCES.EXE (1412)
______ C:\WINDOWS\system32\spoolsv.exe (1440)
______ C:\WINDOWS\system32\LEXPPS.EXE (1448)
______ C:\WINDOWS\system32\svchost.exe (1664)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1696)
______ C:\WINDOWS\system32\CTsvcCDA.EXE (1716)
______ C:\WINDOWS\system32\svchost.exe (1756)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1776)
______ C:\WINDOWS\system32\drivers\KodakCCS.exe (1820)
______ C:\Program Files\Common Files\Motive\McciCMService.exe (1884)
______ C:\WINDOWS\System32\svchost.exe (168)
______ C:\WINDOWS\System32\svchost.exe (196)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (208)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (220)
______ C:\WINDOWS\system32\ScsiAccess.EXE (236)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (436)
______ C:\WINDOWS\Explorer.EXE (748)
______ C:\WINDOWS\system32\svchost.exe (1168)
______ C:\PROGRA~1\AVG\AVG8\avgemc.exe (1596)
______ C:\Program Files\Analog Devices\Core\smax4pnp.exe (1316)
______ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (1360)
______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (1772)
______ C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (1480)
______ C:\progra~1\vision~1\paperp~1\pptd40nt.exe (2060)
______ C:\WINDOWS\twain_32\paprport\3100b\flatbed.exe (2068)
______ C:\WINDOWS\system32\hkcmd.exe (2112)
______ C:\WINDOWS\system32\igfxpers.exe (2120)
______ C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe (2140)
______ C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (2180)
______ C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe (2224)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (2372)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (2460)
______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (2532)
______ C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe (2536)
______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (2668)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (2704)
______ C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe (2932)
______ C:\Program Files\Messenger\msmsgs.exe (3664)
______ C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (3700)
______ C:\Program Files\DellSupport\DSAgnt.exe (3744)
______ C:\WINDOWS\system32\ctfmon.exe (3780)
______ C:\Program Files\Dell Photo Printer 720\dlbcserv.exe (3996)
______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (2052)
______ C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (2432)
______ C:\Program Files\Webshots\webshots.scr (2308)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3312)
______ C:\WINDOWS\System32\alg.exe (2648)
______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (4084)
______ C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (1296)
______ C:\WINDOWS\system32\wuauclt.exe (1184)
______ C:\WINDOWS\system32\wuauclt.exe (2304)
______ C:\Documents and Settings\Marty Sellers\Desktop\Rooter.exe (160)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41126400 | Length:76429301760)
\Device\Harddisk0\Partition3 (Start_Offset:76470428160 | Length:3520419840)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 19:32.55
.
C:\Rooter$\Rooter_1.txt - (17/11/2009 | 19:32.55)
#5
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 17 November 2009 - 08:09 PM
cortspop,
Good. No malware there but that tidied things up a bit.
Please post a new DDS log.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#6
cortspop
-
- Authentic Member
-
- 162 posts
Authentic Member
Posted 17 November 2009 - 08:31 PM
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/24/2005 12:43:04 PM
System Uptime: 11/17/2009 5:40:57 AM (15 hours ago)
Motherboard: Dell Computer Corp. | | 0TC666
Processor: Intel® Celeron® CPU 2.53GHz | Microprocessor | 2527/533mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 52.846 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1006: 9/17/2009 9:16:22 PM - Software Distribution Service 3.0
RP1007: 9/18/2009 9:00:21 AM - Software Distribution Service 3.0
RP1008: 9/18/2009 9:23:05 PM - Software Distribution Service 3.0
RP1009: 9/19/2009 9:00:20 AM - Software Distribution Service 3.0
RP1010: 9/20/2009 9:17:20 AM - Software Distribution Service 3.0
RP1011: 9/20/2009 8:55:39 PM - Software Distribution Service 3.0
RP1012: 9/21/2009 9:00:22 AM - Software Distribution Service 3.0
RP1013: 9/21/2009 8:24:47 PM - Software Distribution Service 3.0
RP1014: 9/22/2009 9:00:22 AM - Software Distribution Service 3.0
RP1015: 9/23/2009 9:00:25 AM - Software Distribution Service 3.0
RP1016: 9/23/2009 9:46:47 PM - Software Distribution Service 3.0
RP1017: 9/24/2009 9:00:19 AM - Software Distribution Service 3.0
RP1018: 9/24/2009 9:36:38 PM - Software Distribution Service 3.0
RP1019: 9/25/2009 9:00:26 AM - Software Distribution Service 3.0
RP1020: 9/25/2009 10:38:11 PM - Software Distribution Service 3.0
RP1021: 9/26/2009 10:04:52 PM - Installed Java™ 6 Update 15
RP1022: 9/26/2009 11:21:33 PM - Software Distribution Service 3.0
RP1023: 9/27/2009 9:00:25 AM - Software Distribution Service 3.0
RP1024: 9/27/2009 9:58:43 PM - Software Distribution Service 3.0
RP1025: 9/28/2009 9:00:22 AM - Software Distribution Service 3.0
RP1026: 9/28/2009 9:46:20 PM - Software Distribution Service 3.0
RP1027: 9/29/2009 9:00:25 AM - Software Distribution Service 3.0
RP1028: 9/29/2009 9:48:03 PM - Software Distribution Service 3.0
RP1029: 9/30/2009 9:00:21 AM - Software Distribution Service 3.0
RP1030: 9/30/2009 9:41:22 PM - Software Distribution Service 3.0
RP1031: 10/1/2009 9:00:23 AM - Software Distribution Service 3.0
RP1032: 10/2/2009 9:00:21 AM - Software Distribution Service 3.0
RP1033: 10/3/2009 9:00:29 AM - Software Distribution Service 3.0
RP1034: 10/4/2009 9:00:24 AM - Software Distribution Service 3.0
RP1035: 10/5/2009 8:15:20 AM - Avg8 Update
RP1036: 10/5/2009 8:17:14 AM - Avg8 Update
RP1037: 10/5/2009 9:00:18 AM - Software Distribution Service 3.0
RP1038: 10/5/2009 6:58:47 PM - Software Distribution Service 3.0
RP1039: 10/6/2009 9:00:23 AM - Software Distribution Service 3.0
RP1040: 10/7/2009 8:34:31 AM - Avg8 Update
RP1041: 10/7/2009 9:00:16 AM - Software Distribution Service 3.0
RP1042: 10/7/2009 8:50:57 PM - Software Distribution Service 3.0
RP1043: 10/8/2009 9:00:21 AM - Software Distribution Service 3.0
RP1044: 10/8/2009 9:18:20 PM - Software Distribution Service 3.0
RP1045: 10/9/2009 9:00:24 AM - Software Distribution Service 3.0
RP1046: 10/9/2009 9:40:25 PM - Software Distribution Service 3.0
RP1047: 10/10/2009 9:00:17 AM - Software Distribution Service 3.0
RP1048: 10/10/2009 10:25:15 PM - Software Distribution Service 3.0
RP1049: 10/11/2009 8:51:44 PM - Software Distribution Service 3.0
RP1050: 10/12/2009 9:00:20 AM - Software Distribution Service 3.0
RP1051: 10/12/2009 8:37:44 PM - Software Distribution Service 3.0
RP1052: 10/13/2009 9:00:24 AM - Software Distribution Service 3.0
RP1053: 10/13/2009 7:45:24 PM - Software Distribution Service 3.0
RP1054: 10/14/2009 8:38:37 PM - System Checkpoint
RP1055: 10/14/2009 9:23:35 PM - Software Distribution Service 3.0
RP1056: 10/15/2009 8:48:30 PM - Software Distribution Service 3.0
RP1057: 10/16/2009 9:00:25 AM - Software Distribution Service 3.0
RP1058: 10/16/2009 9:27:57 PM - Software Distribution Service 3.0
RP1059: 10/17/2009 9:00:19 AM - Software Distribution Service 3.0
RP1060: 10/17/2009 9:11:44 AM - Avg8 Update
RP1061: 10/17/2009 11:41:36 PM - Software Distribution Service 3.0
RP1062: 10/18/2009 8:01:03 PM - Software Distribution Service 3.0
RP1063: 10/19/2009 9:00:20 AM - Software Distribution Service 3.0
RP1064: 10/20/2009 9:00:26 AM - Software Distribution Service 3.0
RP1065: 10/20/2009 8:18:02 PM - Software Distribution Service 3.0
RP1066: 10/21/2009 8:09:13 AM - Avg8 Update
RP1067: 10/21/2009 9:00:21 AM - Software Distribution Service 3.0
RP1068: 10/21/2009 7:55:11 PM - Software Distribution Service 3.0
RP1069: 10/22/2009 9:00:22 AM - Software Distribution Service 3.0
RP1070: 10/22/2009 8:44:21 PM - Software Distribution Service 3.0
RP1071: 10/23/2009 9:00:21 AM - Software Distribution Service 3.0
RP1072: 10/23/2009 4:38:57 PM - Software Distribution Service 3.0
RP1073: 10/23/2009 9:54:50 PM - Software Distribution Service 3.0
RP1074: 10/24/2009 8:05:08 AM - Software Distribution Service 3.0
RP1075: 10/25/2009 5:27:54 PM - System Checkpoint
RP1076: 10/25/2009 9:14:16 PM - Software Distribution Service 3.0
RP1077: 10/26/2009 9:00:20 AM - Software Distribution Service 3.0
RP1078: 10/26/2009 9:04:32 PM - Software Distribution Service 3.0
RP1079: 10/27/2009 9:00:25 AM - Software Distribution Service 3.0
RP1080: 10/28/2009 9:00:26 AM - Software Distribution Service 3.0
RP1081: 10/28/2009 8:38:01 PM - Software Distribution Service 3.0
RP1082: 10/29/2009 9:00:22 AM - Software Distribution Service 3.0
RP1083: 10/29/2009 9:47:05 PM - Software Distribution Service 3.0
RP1084: 10/30/2009 9:00:22 AM - Software Distribution Service 3.0
RP1085: 10/30/2009 9:53:45 PM - Software Distribution Service 3.0
RP1086: 10/31/2009 8:25:07 PM - Software Distribution Service 3.0
RP1087: 11/1/2009 10:00:26 AM - Software Distribution Service 3.0
RP1088: 11/1/2009 9:54:39 PM - Software Distribution Service 3.0
RP1089: 11/2/2009 10:00:22 AM - Software Distribution Service 3.0
RP1090: 11/2/2009 10:29:57 PM - Software Distribution Service 3.0
RP1091: 11/3/2009 10:00:22 AM - Software Distribution Service 3.0
RP1092: 11/3/2009 10:55:13 AM - Avg8 Update
RP1093: 11/3/2009 9:06:13 PM - Installed Java™ 6 Update 17
RP1094: 11/3/2009 10:07:41 PM - Software Distribution Service 3.0
RP1095: 11/4/2009 6:43:44 AM - Software Distribution Service 3.0
RP1096: 11/4/2009 6:50:16 AM - Software Distribution Service 3.0
RP1097: 11/4/2009 10:00:21 AM - Software Distribution Service 3.0
RP1098: 11/4/2009 9:00:25 PM - Software Distribution Service 3.0
RP1099: 11/5/2009 10:00:25 AM - Software Distribution Service 3.0
RP1100: 11/5/2009 9:54:56 PM - Software Distribution Service 3.0
RP1101: 11/6/2009 9:08:10 AM - Avg8 Update
RP1102: 11/6/2009 10:00:19 AM - Software Distribution Service 3.0
RP1103: 11/7/2009 10:01:13 AM - Software Distribution Service 3.0
RP1104: 11/7/2009 8:31:20 PM - Software Distribution Service 3.0
RP1105: 11/8/2009 9:15:29 AM - Software Distribution Service 3.0
RP1106: 11/9/2009 9:00:24 AM - Software Distribution Service 3.0
RP1107: 11/10/2009 9:00:29 AM - Software Distribution Service 3.0
RP1108: 11/10/2009 5:04:02 PM - Installed AVG Free 9.0
RP1109: 11/10/2009 8:26:39 PM - Installed AVG Free 9.0
RP1110: 11/10/2009 8:45:44 PM - Software Distribution Service 3.0
RP1111: 11/11/2009 11:07:35 AM - Installed AVG Free 9.0
RP1112: 11/11/2009 8:58:29 PM - Installed AVG Free 9.0
RP1113: 11/11/2009 9:01:03 PM - Software Distribution Service 3.0
RP1114: 11/12/2009 9:00:22 AM - Software Distribution Service 3.0
RP1115: 11/12/2009 10:10:47 PM - Software Distribution Service 3.0
RP1116: 11/13/2009 9:00:22 AM - Software Distribution Service 3.0
RP1117: 11/13/2009 10:32:08 PM - Installed AVG Free 9.0
RP1118: 11/13/2009 11:03:26 PM - Software Distribution Service 3.0
RP1119: 11/14/2009 9:55:05 PM - Software Distribution Service 3.0
RP1120: 11/15/2009 9:01:32 AM - Software Distribution Service 3.0
RP1121: 11/15/2009 8:40:19 PM - Software Distribution Service 3.0
RP1122: 11/16/2009 9:00:26 AM - Software Distribution Service 3.0
RP1123: 11/16/2009 8:36:26 PM - Software Distribution Service 3.0
RP1124: 11/17/2009 9:00:31 AM - Software Distribution Service 3.0
==== Installed Programs ======================
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
AOLIcon
aspi
AT&T Internet Security Wizard 1.5.11
AT&T Toolbar
ATT-PRT22
AudibleManager
AVG 8.5
BellSouth Application Management
BufferChm
CCHelp
CCScore
Copy
CR2
Creative MediaSource
Creative MuVo NX-TX
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Media Experience
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Content Portal
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
ERUNT 1.1j
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
F2200
F2200_Help
FastAccess® DSL Help Center 4.3
FP3 Player
Garmin USB Drivers
Garmin WebUpdater
Get High Speed Internet!
Google Toolbar for Internet Explorer
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Update
HPSSupply
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
Java™ 6 Update 17
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
LimeWire 5.1.2
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
MuVo Driver
NetZeroInstallers
Notifier
OTtBP
PCDLNCH
Photo Click
Picasa 3
PSSWCORE
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer
Scan
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SFR
SFR2
Shop for HP Supplies
SmartWebPrintingOC
Spelling Dictionaries Support For Adobe Reader 9
Status
Toolbox
TrayApp
Unity Web Player
UnloadSupport
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoToolkit01
Visioneer 3100b Scanner Driver
Visioneer PaperPort 6.1
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Webshots Desktop
Webshots Toolbar
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12
Yahoo! Install Manager
==== Event Viewer Messages From Past Week ========
11/11/2009 8:37:47 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/10/2009 8:45:54 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Flash Player (KB923789).
==== End Of File ===========================
DDS (Ver_09-06-26.01) - NTFSx86
Run by Marty Sellers at 20:27:14.17 on Tue 11/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.142 [GMT -6:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\progra~1\vision~1\paperp~1\pptd40nt.exe
C:\WINDOWS\twain_32\paprport\3100b\flatbed.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Documents and Settings\Marty Sellers\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.weather.com/outlook/travel/businesstraveler/local/38834?lswe=38834&lwsa=WeatherLocalUndeclared&from=whatwhere
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search/msie?p={searchTerms}&ei=UTF-8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {C17590D2-ECB4-4B15-8820-F58798DCC118} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [PaperPort PTD] c:\progra~1\vision~1\paperp~1\pptd40nt.exe
mRun: [PP3100b] c:\windows\twain_32\paprport\3100b\flatbed.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SSP Notifier] c:\program files\fisher-price\fp3 player\sspnotifier.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ISW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN
mRun: [HelpCenter4.1] c:\program files\fastaccessdsl\helpcenter43\bin\sprtcmd.exe /P HelpCenter4.1
mRun: [FastAccess Help] c:\program files\bellsouth application management\content\..\Start.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\martys~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer 720\dlbcserv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\6.1.4.37-7288971l\program\runner.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: taxactonline.com\www
Trusted Zone: musicmatch.com\online
DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} - hxxp://community.webshots.com/html/atx/wsaxcontrol.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/27.38/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-25 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-25 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-25 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-25 297752]
S4 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2007-10-5 256096]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-12-29 817304]
=============== Created Last 30 ================
2009-11-17 19:32 <DIR> --d----- C:\Rooter$
2009-11-09 16:25 <DIR> --d----- c:\docume~1\martys~1\applic~1\AVG8
==================== Find3M ====================
2009-10-22 03:19 5,939,712 -------- c:\windows\system32\dllcache\mshtml.dll
2009-10-11 04:17 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 08:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 08:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 15:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 15:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 09:50 348,160 a------- c:\windows\system32\msvcr71.dll
2009-08-28 04:35 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 02:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 02:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-22 14:01 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-11 04:52 17,016,176 a------- c:\documents and settings\marty sellers\ATT_SST_Installer.exe
2005-12-01 23:45 0 a---h--- c:\docume~1\alluse~1\applic~1\gwseh.dat
2008-10-29 16:29 56 ---shr-- c:\windows\system32\80F1DC0D35.sys
2008-10-29 16:29 1,682 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-21 18:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092120080922\index.dat
2009-04-08 18:25 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 20:27:29.09 ===============
#7
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 17 November 2009 - 08:57 PM
cortspop,
Please download the OTM by OldTimer.
Also,
Please go to Kaspersky website and perform an online antivirus scan.
Please download the OTM by OldTimer.
- Save it to your desktop.
- Please double-click OTM.exe to run it.
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator). - Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes :Services McRedirector Symantec Core LC :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6"=- "4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29"=- "C17590D2-ECB4-4B15-8820-F58798DCC118"=- :Files c:\program files\common files\symantec shared c:\program files\common files\mcafee :Commands [purity] [emptytemp] [start explorer] [Reboot]
- Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM
Also,
Please go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
- Please post this log in your next reply.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#8
cortspop
-
- Authentic Member
-
- 162 posts
Authentic Member
Posted 19 November 2009 - 05:42 AM
All processes killed
Error: Unable to interpret <Processes> in the current context!
========== SERVICES/DRIVERS ==========
Service McRedirector stopped successfully!
Service McRedirector deleted successfully!
No service named Symantec Core LC was found to stop!
Unable to stop service Symantec Core LC!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\C17590D2-ECB4-4B15-8820-F58798DCC118 not found.
========== FILES ==========
c:\program files\common files\Symantec Shared\CCPD-LC folder moved successfully.
c:\program files\common files\Symantec Shared folder moved successfully.
c:\program files\common files\McAfee\RedirSvc folder moved successfully.
c:\program files\common files\McAfee folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
User: Marty Sellers
->Temp folder emptied: 748231459 bytes
->Temporary Internet Files folder emptied: 53355534 bytes
->Java cache emptied: 29325140 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Owner
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 378259985 bytes
Windows Temp folder emptied: 33635298 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34794 bytes
RecycleBin emptied: 832473 bytes
Total Files Cleaned = 1186.22 mb
OTM by OldTimer - Version 3.1.2.0 log created on 11182009_201559
Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_8d8.dat moved successfully.
Registry entries deleted on Reboot...
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, November 19, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, November 19, 2009 02:28:04
Records in database: 3238858
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Objects scanned: 70439
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:24:38
No threats found. Scanned area is clean.
Selected area has been scanned.
#9
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 19 November 2009 - 09:21 AM
cortspop,
Now please see if things work correctly.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#10
cortspop
-
- Authentic Member
-
- 162 posts
Authentic Member
Posted 19 November 2009 - 04:38 PM
Seems to be operating a little better maybe. Should I try to install the AVG update now?
Register to Remove
#11
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 19 November 2009 - 05:22 PM
cortspop,
Yep. Give it a go.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#12
cortspop
-
- Authentic Member
-
- 162 posts
Authentic Member
Posted 19 November 2009 - 07:39 PM
No luck. I still get the msg to remove ScriptInocUI Class.
#13
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 19 November 2009 - 08:00 PM
cortspop,
OK. I think I know where it's hiding.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
OK. I think I know where it's hiding.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:reg HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#14
cortspop
-
- Authentic Member
-
- 162 posts
Authentic Member
Posted 19 November 2009 - 08:37 PM
Something is happening when I try to post the log. I get the hourglass sign and the log will not post. I have tried it several times. I even downloaded both of the links and no luck with either one.
#15
cortspop
-
- Authentic Member
-
- 162 posts
Authentic Member
Posted 19 November 2009 - 09:02 PM
Tried to upload the file and got the msg that the file is larger than the available space.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
