Author Topic: Pc Problems (Read 55595 times)

thammondwis · « **on:** October 22, 2010, 04:53:03 AM »

I have been having a few problems on my computer. I hope you can help me.

I keep getting a "Generic Host Process for Win32 Services encountered
a problem" error. I have problems with windows explorer not responding.
Firefox does run, but I get redirected to a different sites when clicking on a link
in Yahoo search. I also had a message when updating windows that the security
patches for .net framework? were not installed on 3 different versions I think.

I ran through steps 1-5 of the read this before requesting help.

Please help,

Thanks,

Tim

Allan · « **Reply #1 on:** October 22, 2010, 05:55:48 AM »

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

thammondwis · « **Reply #2 on:** October 22, 2010, 06:08:53 PM »

Here is the SuperAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/21/2010 at 09:20 PM

Application Version : 4.44.1000

Core Rules Database Version : 5730
Trace Rules Database Version: 3542

Scan type : Complete Scan
Total Scan Time : 02:50:31

Memory items scanned : 525
Memory threats detected : 0
Registry items scanned : 6921
Registry threats detected : 52
File items scanned : 219110
File threats detected : 111

Adware.CouponBar
   HKLM\Software\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
   HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
   HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
   HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories
   HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
   HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
   HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32
   HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32#ThreadingModel
   HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ProgID
   HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Programmable
   HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\TypeLib
   HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\VersionIndependentProgID
   HKCR\TTB000001.TTB000001.1
   HKCR\TTB000001.TTB000001.1\CLSID
   HKCR\TTB000001.TTB000001
   HKCR\TTB000001.TTB000001\CLSID
   HKCR\TTB000001.TTB000001\CurVer
   HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}
   HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0
   HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0
   HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0\win32
   HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\FLAGS
   HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\HELPDIR
   C:\WINDOWS\COUPONBARIE.DLL
   HKLM\Software\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
   HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
   HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
   HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32
   HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32#ThreadingModel
   HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ProgID
   HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\Programmable
   HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\TypeLib
   HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\VersionIndependentProgID
   HKCR\ToolBand.TTB000000.1
   HKCR\ToolBand.TTB000000.1\CLSID
   HKCR\ToolBand.TTB000000
   HKCR\ToolBand.TTB000000\CLSID
   HKCR\ToolBand.TTB000000\CurVer
   C:\WINDOWS\COUPON~1.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
   HKU\S-1-5-21-842925246-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
   HKU\S-1-5-21-842925246-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
   C:\WINDOWS\SYSTEM32\CPNPRT2.CID
   HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}
   HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid
   HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\ProxyStubClsid32
   HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib
   HKCR\Interface\{0D700D4A-F8C1-8888-C5BA-CB09D464A4E8}\TypeLib#Version
   HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}
   HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid
   HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\ProxyStubClsid32
   HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib
   HKCR\Interface\{6D69B86A-B94C-59EE-BCB8-5F5DF46B2BE8}\TypeLib#Version

Adware.Tracking Cookie
   C:\Documents and Settings\Home\Cookies\home@atdmt[2].txt
   C:\Documents and Settings\Home\Cookies\[email protected][2].txt
   C:\Documents and Settings\Home\Cookies\home@doubleclick[1].txt
   C:\Documents and Settings\Home\Cookies\[email protected][1].txt
   a.ads1.msn.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   ads1.msn.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   content3.pornkolt.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   files.streamsex.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   flvplayer2.hardsextube.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   free.porn.sc [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   interclick.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   maxporn.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   media.scanscout.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   media1.break.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   naiadsystems.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   porn.gonzo-movies.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   *censored*.dreammovies.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   sex.magicmovies.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   static.sexsearch.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   video.pornorama.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   www.freshteen.biz [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   www.maxporn.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   www.pornhub.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   www.sexyclips.in [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   www.ziporn.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   xxx.xnxxmovies.com [ C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\#SharedObjects\MJJVADWM ]
   ad.yieldmanager.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\ashxfdvz.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\ashxfdvz.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\ashxfdvz.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\ashxfdvz.default\cookies.sqlite ]
   .doubleclick.net [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\ashxfdvz.default\cookies.sqlite ]
   core.insightexpressai.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VTDYXYFT ]
   crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VTDYXYFT ]
   media.heavy.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VTDYXYFT ]
   media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VTDYXYFT ]
   media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VTDYXYFT ]
   media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VTDYXYFT ]
   msnbcmedia.msn.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VTDYXYFT ]
   objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VTDYXYFT ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VTDYXYFT ]
   www.crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VTDYXYFT ]
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@adecn[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@advertising[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@invitemedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@media6degrees[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@mediabrandsww[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@mediaplex[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@pointroll[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@realmedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@ru4[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@shefinds[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@statcounter[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WYBWAF82 ]
   media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WYBWAF82 ]
   objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WYBWAF82 ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WYBWAF82 ]
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@realmedia[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@statcounter[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt

Trojan.Agent/Gen-Koobface[Bonkers]
   C:\CLASSIC COMBI LOADER\COMBILOADER.EXE
   C:\RFP_ADD-ONS\CLASSIC CARGO LOADER\CARGOLOADER.EXE
   C:\RFP_ADD-ONS\CLASSIC COMBI LOADER\COMBILOADER.EXE

Trojan.Unclassified/Dropper
   E:\BACKUP\TEMP\ALUP398.EXE

thammondwis · « **Reply #3 on:** October 22, 2010, 06:11:09 PM »

Here is the Malewarebyte log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4907

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/21/2010 9:53:52 PM
mbam-log-2010-10-21 (21-53-52).txt

Scan type: Quick scan
Objects scanned: 152198
Time elapsed: 9 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\
{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

thammondwis · « **Reply #4 on:** October 22, 2010, 06:25:15 PM »

I'm having a problem running HJT. It seems to hand up while running the scan. If I click anywhere in the HJT window I get the following message and can only close it by using End Task in the Windows Tak Manager:

This action can not be completed because the other application is busy

thammondwis · « **Reply #5 on:** October 22, 2010, 06:40:21 PM »

I did get HJT to run after rebooting the computer. Also another unusaul behavior I am noticing is that I usually have to double clicking multiple times on the Firefox icon to get Firefox to open.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:36:35 PM, on 10/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\mjusbsp\srvany.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\System32\snmp.exe
f:\autorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Home\Application Data\mjusbsp\st00000\mjsetup.exe
C:\Documents and Settings\Home\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Trend Micro\HiJackThis\Sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQ"&"inst=NwA3AC0ANAAyADUAMAA2ADMANgA5ADUAL
QBUADUALQBCAEEAK
wAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFUA QwBBAEwATAArAA"&"prod=90"&"ver=9.0.856
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Home\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-18\..\Run: [cdloader] "C:\Documents and Settings\NetworkService\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cdloader] "C:\Documents and Settings\NetworkService\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.simnasa.org
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: magicJack - Unknown owner - C:\mjusbsp\srvany.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11379 bytes

thammondwis · « **Reply #6 on:** October 23, 2010, 12:06:37 PM »

For what its worth, I reset internet explorer to the default settings and it seems as if the unusal behaviors I reported previously of both internet explorer and Firefox are not happening anymore.

thammondwis · « **Reply #7 on:** October 24, 2010, 08:13:58 AM »

After running a day or so since resetting internet explorer to default settings, I am still having some of the unusual behavior that I had originally posted but it occurs less frequently now.

I have not had the Win32 error since resetting but came had a new error message:

DualCoreCenter.exe has encountered a problem and needs to close.

SuperDave · « **Reply #8 on:** October 24, 2010, 11:29:03 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

************************************
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.
***************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQ"&"inst=NwA3AC0ANAAyADUAMAA2ADMANgA5ADUAL
QBUADUALQBCAEEAK
wAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFUA QwBBAEwATAArAA"&"prod=90"&"ver=9.0.856
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
O15 - Trusted Zone: http://www.simnasa.org

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

thammondwis · « **Reply #9 on:** October 24, 2010, 01:31:29 PM »

Completed the HJT instructions and here is the Security Check log:

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.4.0
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

thammondwis · « **Reply #10 on:** October 24, 2010, 01:49:58 PM »

I did not complete the Combofix instructions because I received a warning message. I temporarily disabled AVG 2011 but when I ran Combofix, the warning message said Combofix detected that AVG 2011 is active. Any suggestions on how to proceed?

SuperDave · « **Reply #11 on:** October 25, 2010, 01:25:12 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***********************************

Quote

Any suggestions on how to proceed?

Run the scan anyway.

thammondwis · « **Reply #12 on:** October 25, 2010, 07:51:25 PM »

I'm having problems with the Combofix. It started the scan and said it will take about 10 minutes, but could be double that if there is a lot of Maleware. I let it run for over a hour and nothing seemed to be happening. I could not stop or end it even with the task manager. The only thing I could do was turn the power off. I will try rerunning overnite in case it was still working when I shut down the power?

I also ran the program to remove old versions of java. I received a message that it encountered a problem and must shut down. I reran it and it seemed like it worked and gave the following log:

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Oct 25 20:41:09 2010

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\Home\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\Home\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\Home\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Home\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\Home\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\Home\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\Home\Application Data\Sun\Java\jre1.6.0_20

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\JavaPlugin.160_07

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_07

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Oct 25 20:42:19 2010

------------------------------------

Finished reporting.

thammondwis · « **Reply #13 on:** October 25, 2010, 08:10:09 PM »

I noticed something odd. Not sure if it is supposed to be there or not? I was rereading the instructions about ComboFix to make sure I did not miss something and noticed it referenced a log C:\combofix.txt. So I looked in the C:\ directory to see if there was a log there. I did not find a log but there is a "folder" there named commy (which is the name I changed combofix to per the instructions). It does not have a regular folder icon, but has the same icon as the "My Computer" icon in windows explorer. When I click on the commy folder it has the same icons in it that are in My Computer directory ( files, hard drives, removable drives, etc).

thammondwis · « **Reply #14 on:** October 26, 2010, 04:59:30 AM »

I had the same results with ComboFix after running it overnite. I get a message that the scan is started but hangs after that.

Computer Hope Forum

News:

Author Topic: Pc Problems (Read 55595 times)

thammondwis

Pc Problems

Allan

Re: Pc Problems

thammondwis

Re: Pc Problems

thammondwis

Re: Pc Problems

thammondwis

Re: Pc Problems

thammondwis

Re: Pc Problems

thammondwis

Re: Pc Problems

thammondwis

Re: Pc Problems

SuperDave

Re: Pc Problems

thammondwis

Re: Pc Problems

thammondwis

Re: Pc Problems

SuperDave

Re: Pc Problems

thammondwis

Re: Pc Problems

thammondwis

Re: Pc Problems

thammondwis

Re: Pc Problems