Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: Malware or system corruption? Windows XP  (Read 16153 times)

0 Members and 1 Guest are viewing this topic.

jkolak

    Topic Starter


    Hopeful
    • Thanked: 23
    Re: Malware or system corruption? Windows XP
    « Reply #15 on: January 20, 2010, 02:52:07 PM »
    Fresh HJT log attached.

    Thanks for all you do.

    John

    [Saving space, attachment deleted by admin]
    « Last Edit: January 21, 2010, 03:37:08 AM by jkolak »
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Malware or system corruption? Windows XP
    « Reply #16 on: January 20, 2010, 04:27:33 PM »
    Hello John. I'm sorry I never got back to you sooner. Very busy. If there are no other issues, it's time for some cleanup. You can uninstall HJT, ESET but you can keep SAS and MBAM. Update them and run them about once a week depending on your on-line browsing.
    --------------------------------------------------------------------------------
    Clean out your temporary internet files and temp files.

    Download TFC by OldTimer to your desktop.

    Double-click TFC.exe to run it.

    Note: If you are running on Vista, right-click on the file and choose Run As Administrator

    TFC will close all programs when run, so make sure you have saved all your work before you begin.

    * Click the Start button to begin the cleaning process.
    * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
    * Please let TFC run uninterrupted until it is finished.

    Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
    ---------------------------------------------------------------------------------------------
    * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
    * Now type Combofix /uninstall in the runbox
    * Make sure there's a space between Combofix and /Uninstall
    * Then hit Enter

    * The above procedure will:
    * Delete the following:
    * ComboFix and its associated files and folders.
    * Reset the clock settings.
    * Hide file extensions, if required.
    * Hide System/Hidden files, if required.
    * Set a new, clean Restore Point.
    ----------------------------------------------------------------------------------------------
    Use the Secunia Software Inspector to check for out of date software.

    •Click Start Now

    •Check the box next to Enable thorough system inspection.

    •Click Start

    •Allow the scan to finish and scroll down to see if any updates are needed.
    •Update anything listed.
    .
    ----------

    Go to Microsoft Windows Update and get all critical updates.

    ----------

    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

    SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
    * Using SpywareBlaster to protect your computer from Spyware and Malware
    * If you don't know what ActiveX controls are, see here

    Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

    Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
    Safe Surfing!
    « Last Edit: January 23, 2010, 03:20:08 PM by evilfantasy »
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: Malware or system corruption? Windows XP
    « Reply #17 on: January 21, 2010, 05:57:04 PM »
    Do you have an XP CD?

    If so, place it in your CD ROM drive and follow the instructions below:

    • Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
      • Let this run undisturbed until the window with the blue  progress bar goes away
    SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

    ----------

    Create An Uninstall List

    * Start HijackThis
    * Click on the Open the Misc Tools section
    * Click on the Open Uninstall Manager button.
    * Click on the Save list button and specify where you would like to save this file and click Save.
    *  When you press Save button a notepad will open with the contents of that file.
    * Copy and paste that list in your reply.
    .
    ----------

    Also let us know how things are now.
    Logged

    jkolak

      Topic Starter


      Hopeful
      • Thanked: 23
      Re: Malware or system corruption? Windows XP
      « Reply #18 on: January 23, 2010, 02:21:19 PM »
      Hi EF,

      Thanks for stopping by my thread. I appreciate all you and SD you for me.

      After running SFC, I've spent the last 48 hours verifying the operability of my installed applications so I can give a better quality report.

      It's good you asked about the uninstall report. I was going in that direction anyway because I needed to check for additional program corruption. At the beginning of the thread I reported problems with Google Chrome being corrupted, as well as frequent dirty disk Chkdsk generations.

      I don't know if this was a consequence of my infection or doing a repair install with an old XP disk (I forgot I had upgraded to a larger SATA drive).

      I actually verified every program on the Start Menu. You don't really appreciate how much MS has bundled in until you start going through all of them.

      Most of the programs all ran. Four programs had errors, but reinstalling got them running again. Three more had errors, but I didn't care about them anymore and just uninstalled them. Two or three more programs showed up in the wrong folder in the Start Menu. These entries were just deleted.

      I've had some uninstallable situations in Add/Remove programs in the past, but with the issue of drive corruption, I decided to tackle this issue with Revo. By the way, Revo and Winamp both gave this error on installation, but both programs seem to run okay anyway:

      "The procedure entry point IsThreadDesktopComposited could not be located in the dynamic link library USER32.dll"

      I'm surprised the HJT scan does not show an entry for JAVA(TM) 6 Update 7 that shows up in my Add/Remove Programs. It won't delete in there, and Revo can't get it either.

      I wondered if there was some cross-corruption between the two JAVA's, and since we had the Kaspersky issue in Reply # 14, I decided to run Kaspersky again. I guess that scanner is just problematic anyway from what I hear. It halted and fussed, but eventually I got a good scan out of it again. Didn't repeat the freeze and HDD flurry like before.

      So I wanted to track the issue of SAS halting on the "Unexpected error". It did halt once or twice on my, but I haven't been able to get it to duplicate that behavior anymore. Maybe it's because I uninstalled WMP. But I also uninstalled before the new halts. The reason I uninstalled WMP is that it wouldn't run because of an error message that the version number encountered was different from the version number expected.

      So, I'm thinking I'm getting out of the woods here, but one of the programs that was corrupted along with Chrome back in the beginning was Download Accelerator Plus, and it is one that had to be reinstalled to get it running again - and so I was alarmed at my SAS test scan to find Trojan.Agent /Gen pop up. I'm thinking, "Oh no, don't tell me it's that Karaplayer.exe. Or maybe on of the OEM programs I never run because I tested everything today." When finished, it turned out to be SBSEARCH.DLL - from Download Accelerator Plus. Looking at the keys, it's the browser hijack changing the home page and default search to SpeedBit Search.

      Well, I've noticed that before, and it really annoyed me, but I don't consider it real malware. It's been on CNET for 10 weeks, in the top 20 for a while, and now at # 36. CNET certifies everything as "Safe, Tested and Spyware Free". So I guess it just depends on where you draw the line at Malware. Sure, done without my permission for the purpose of commercial gain, but I don't think it is in the same league as the things that were done to harm my computer in this thread.

      So I removed DAP and reinstalled to see if I had just missed unchecking a box to decline the hijack, but there was nothing, and on rescanning it reappeared. So I let SAS remove it again, but haven't removed DAP again. So I hope I am safe now.

      So, additional duplications in my Add/Remove list are 2 copies of Google Earth and 3 copies of C++ Redistributable. I also see that Neroxml is on the HJT list, but not in my Add/Remove list. I just removed Nero as one of the programs that needed to be reinstalled.

      That's all I can think of for now. Logs posted below. Any thoughts on the possible false positives in Reply # 14?

      Thanks again.

      -------------------------

      HJT Uninstall Log
           
      Sansa Media Converter
      7-Zip 4.57
      ACDSee 9 Photo Manager
      Adobe Acrobat 4.0
      Adobe Flash Player 10 ActiveX
      Adobe Flash Player 10 Plugin
      Adobe Reader 9.3
      Apple Application Support
      Apple Mobile Device Support
      Apple Software Update
      Atheros Communications Inc.(R) L2 Fast Ethernet Driver
      Avira AntiVir Personal - Free Antivirus
      Bentley Publishers - eBahn®
      Bonjour
      Canon MP Navigator EX 1.0
      Canon MX310 series
      Canon My Printer
      Canon Utilities Easy-PhotoPrint EX
      Canon Utilities Solution Menu
      DivX Codec
      DivX Web Player
      ESET Online Scanner v3
      FLAC 1.2.1b (remove only)
      Free Video Converter V 2.5
      FurthurNET 1.7.5
      Google Earth
      Google Earth
      Google Update Helper
      HijackThis 2.0.2
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
      Hotfix for Windows XP (KB961118)
      Intel(R) Graphics Media Accelerator Driver
      iTunes
      Java(TM) 6 Update 18
      Malwarebytes' Anti-Malware
      MemTurbo
      Microsoft .NET Framework 2.0 Service Pack 2
      Microsoft .NET Framework 3.0 Service Pack 2
      Microsoft .NET Framework 3.5 SP1
      Microsoft .NET Framework 3.5 SP1
      Microsoft Silverlight
      Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
      Microsoft Visual C++ 2005 Redistributable
      Microsoft Visual C++ 2005 Redistributable
      Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
      Mozilla Firefox (3.0.16)
      MSXML 4.0 SP2 (KB954430)
      MSXML 4.0 SP2 (KB973688)
      neoDVDstandard4
      neroxml
      Nokia Connectivity Cable Driver
      OpenOffice.org 3.1
      Opera 10.10
      PeaZip 2.3a
      Personal Ancestral File 5
      Picasa 3
      PIXMA Extended Survey Program
      Presto! PageManager 7.15.16
      QuickTime
      RealPlayer
      Realtek High Definition Audio Driver
      Revo Uninstaller Pro 2.0.5
      Roland Virtual Sound Canvas 3.2
      Samsung ML-4500 Series Driver
      ScanSoft OmniPage SE 4
      Security Update for CAPICOM (KB931906)
      Security Update for CAPICOM (KB931906)
      Security Update for Windows XP (KB958869)
      Security Update for Windows XP (KB970430)
      Security Update for Windows XP (KB975467)
      Serif 3DPlus 2.0
      Serif DrawPlus 4.0
      Serif PagePlus SE 1.0
      Serif PhotoPlus 6.0
      SiSoftware Sandra Lite 2009
      SpeedBit Video Accelerator
      Spybot - Search & Destroy
      Stella 2.6.1
      SUPERAntiSpyware Free Edition
      Switch Sound File Converter
      ThaiSoftware Dictionary V3.0
      The KMPlayer (remove only)
      Ulead VideoStudio 10
      Update for Windows XP (KB968389)
      Update for Windows XP (KB971737)
      VC80CRTRedist - 8.0.50727.762
      VCRedistSetup
      Winamp
      Windows Essentials Media Codec Pack 1.0
      Windows Live OneCare safety scanner
      Windows Live Sign-in Assistant
      Windows Media Format 11 runtime
      Windows Media Format Runtime
      WinRAR archiver
      WOT for Internet Explorer
      XP_Key_Changer 2.0.0
      Xvid 1.2.1 final uninstall
      XviD MPEG-4 Codec

      ---------------------------------

      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 01/24/2010 at 02:08 AM

      Application Version : 4.33.1000

      Core Rules Database Version : 4510
      Trace Rules Database Version: 2322

      Scan type       : Complete Scan
      Total Scan Time : 00:05:04

      Memory items scanned      : 506
      Memory threats detected   : 0
      Registry items scanned    : 5420
      Registry threats detected : 22
      File items scanned        : 0
      File threats detected     : 1

      Trojan.Agent/Gen
         HKLM\Software\Classes\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
         HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
         HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
         HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32
         HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32#ThreadingModel
         HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\ProgID
         HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\Programmable
         HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\TypeLib
         HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\VersionIndependentProgID
         HKCR\SearchHook.SrchHook.1
         HKCR\SearchHook.SrchHook.1\CLSID
         HKCR\SearchHook.SrchHook
         HKCR\SearchHook.SrchHook\CLSID
         HKCR\SearchHook.SrchHook\CurVer
         HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}
         HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0
         HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0
         HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0\win32
         HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\FLAGS
         HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\HELPDIR
         C:\PROGRA~1\DAP\SBSEARCH.DLL
         HKU\S-1-5-21-682003330-492894223-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4F10C1D-87C7-404A-B4B3-000000000000}
         HKU\S-1-5-21-682003330-492894223-1957994488-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{F4F10C1D-87C7-404A-B4B3-000000000000}

      Logged

      evilfantasy

      • Malware Removal Specialist
      • Moderator


        • Genius
      • Calm like a bomb
        • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: Malware or system corruption? Windows XP
      « Reply #19 on: January 23, 2010, 03:19:22 PM »
      Remove the old version(s)
       
      Download JavaRa
      * Unzip the file and open the JavaRa.exe
      * Click Remove Older Versions
      * JavaRa will search for and remove any outdated version of Java and remove any that are found.
      * Click Additional Tasks
      * Place a check next to Remove Useless JRE Files and click Go
      * Exit JavaRa
      * Delete the JavaRa files from the desktop

      ----------

      Open Malwarebytes' Anti-Malware.

      * Click the Update tab.
      * Click Check for Updates
      * If an update is found, it will download and install.
      * Click the Scanner tab.
      * Select Perform Quick Scan, then click Scan.
      * The scan may take some time to finish,so please be patient.
      * When the scan is complete, click OK, then Show Results to view the results.
      * Make sure that everything is checked, and click Remove Selected.
      * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
      * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
      * Copy & Paste the entire report in your next reply.

      Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

      ----------

      Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

      • Open the folder and run Dial-a-fix.exe
      • 2 windows will open. Close the one in the background labeled Restrictive Policies
      • Check the box in section 1, Empty temp folders.
      • Check the box in section 2, Fix Windows Installer.
      • Check the box in section 3, Fix Windows Update.
      • Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
      • Check all boxes in section 5, labeled Registration Center.
      • Click Go
      • OK any error messages if received, but write them down and post them here.
      • Restart the computer when done.
      .
      How is the computer running now?
      Logged

      jkolak

        Topic Starter


        Hopeful
        • Thanked: 23
        Re: Malware or system corruption? Windows XP
        « Reply #20 on: January 24, 2010, 10:23:46 AM »
        JavaRa removed more registry keys, but JAVA(TM) 6 Update 7 (133MB) persists in the Add/Remove programs list. I can't find it anywhere. Lots of Java folders around the system, but none this size, or that look like they don't belong where they are, so I have attached this log below as well. There's a dozen blank logs at the end because it took me a while to figure out that it was appending to the log rather than creating a new one each run.

        MBAM gave a clean scan, but it couldn't connect to update, asking me to report to them an Error Code 732 (0,0). I had this happen last month, and they sent me a list of possible causes, one of which was server congestion due to their upgrade release. The problem went away, so I figured that was it. I was thinking along the same lines tonight, but this also harks back to the original issues I had while still infected, i.e., erratic connectivity. In fact, just yesterday I was thinking how much smoother the internet was working when it started acting up again. The reason I mention this is that MBAM was able to update after running Dial-a-Fix. So I wonder if some of the malware damage was still waiting to be repaired. It is interesting to go through this process and learn that while Windows has some self-repair capabilities, some of these things require special tools. MS might be well to follow forums like this and upgrade their self-repair capabilities, or hire developers of these special tools. Clean MBAM log attached below.

        Dial-a-Fix ran as expected. I have attached the list of error messages below. Since this post, and this thread, deal with corruption issues, I should address the three error possibilities reported: 1 - Corruption, 2 - Not DLL Install-able, 3 - Not registerable. Since some of these errors may pertain to Windows Update, before assuming corruption, I should address the possibility that "Not registerable" could be happening because Windows has locked files because I have not dealt with the WGA issue. Product key registration failed because of the mismatch between the product key type and the Windows CD type (Retail - Full - No SP versus MSDN - Upgrade - SP3). I thought it best not to address this until we are finished because last time I had an issue like this, I had to call MS on the 800 number. I did not want to commit to this until we were sure this repair is finished and successful. If you would like me to take care of this at this time, I will. My next step in this regard was to try to use a Key Changer in order to see if it would accept my product key now that the installation is finished and stable.

        Otherwise, networking on the LAN seems improved over yesterday. Yesterday the other XP computer (Athlon) on the LAN could not even see this computer, and from the beginning of this thread I have had difficulty opening SharedDocs on the other computer to transfer back and forth all the tools and logs used in this thread. Today I checked all the computers and can summarize them as follows. The computer being treated in this thread is the Celeron:

        From

        Celeron to Athlon XP - Smooth

        Celeron to Q6600 Vista - Slower, but works.

        Celeron to P4 Vista - Blank password issue.

        Q6600 Vista to Celeron - Password mismatch issue - won't tell me how to resolve it.

        P4 Vista and Athlon XP to Celeron - both have the same error message as follows:

        "SharedDocs is not accessable. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. Access is denied."

        In the Properties tab, both of the following boxes are checked:

        - Share this folder on the network and

        - Allow network users to change my files

        In other issues, Revo and Winamp both continue to give the same error when run, but both programs still seem to run okay anyway:

        "The procedure entry point IsThreadDesktopComposited could not be located in the dynamic link library USER32.dll"

        Also, running my program checks yesterday, I noticed in System Information -> Hardware Resources -> Conflicts/Sharing that there are 6 listings, 2 Memory and 4 IRQ. 5 are double shares, IRQ 10 has 6 shares, but in Device Manger, all report no conflicts. So I suppose BIOS or Windows is managing sharing. It seems a bit much. Should I do something about it? Reset ESCD Config in BIOS?

        Should duplicate Google Earth and C++ entries be removed?

        My overall subjective feeling about how the computer is doing is that it has come a long way since where it was, even running better than before the infection, now that it is cleaner and healed. It has reminded of how I felt when I first got it - about how much faster it felt than the Athlon 2500 I used before - which surprised me, because when I first got the Athlon with XP way back when, it was not far from being state of the art at the time, and I was really proud of how fast it performed. So with this Celeron running at the same MHz, I was surprised how much faster it felt, and then I started to learn about increases in FSB speeds over the years, and etc. So I really feel good now about the system. It has that "smooth as butter" feeling when clicking on things and interacting with the internet that it hasn't had for a long time.

        That's all I can think of for now.

        Thanks.

        Logs follow:

        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Tue Dec 08 14:19:45 2009

        Found and removed: C:\Program Files\Java\jre1.6.0_04

        Found and removed: C:\Program Files\Java\jre1.6.0_05

        Found and removed: C:\Program Files\Java\jre1.6.0_07

        Found and removed: C:\Program Files\Java\jre1.6.0_13

        Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_04

        Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_11

        Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_12

        Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_13

        Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_14

        Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_15

        Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004

        Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004

        Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

        Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Classes\JavaPlugin.160_04

        Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

        Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

        Found and removed: Software\Classes\JavaPlugin.160_04

        Found and removed: Software\Classes\JavaPlugin.160_05

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

        Found and removed: Software\JavaSoft\Java2D\1.6.0_04

        Found and removed: Software\JavaSoft\Java2D\1.6.0_05

        Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

        Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\bin\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_04.b12\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Tue Dec 08 14:20:20 2009

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Tue Dec 08 14:20:40 2009

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Fri Jan 22 03:15:23 2010

        Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_17

        Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004

        Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004

        Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

        Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Classes\JavaPlugin.160_04

        Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

        Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

        Found and removed: Software\Classes\JavaPlugin.160_04

        Found and removed: Software\Classes\JavaPlugin.160_05

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

        Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_04.b12\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:19:04 2010

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:21:04 2010

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:28:22 2010

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:29:04 2010

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:34:17 2010

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:47:23 2010

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:48:17 2010

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:49:55 2010

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:50:18 2010

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:54:13 2010

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:54:35 2010

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:57:20 2010

        ------------------------------------

        Finished reporting.



        JavaRa 1.15 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Sun Jan 24 20:57:55 2010

        ------------------------------------

        Finished reporting.



        Malwarebytes' Anti-Malware 1.44
        Database version: 3626
        Windows 5.1.2600 Service Pack 3
        Internet Explorer 6.0.2900.5512

        1/24/2010 10:59:34 PM
        mbam-log-2010-01-24 (22-59-34).txt

        Scan type: Quick Scan
        Objects scanned: 141336
        Time elapsed: 5 minute(s), 16 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 0
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 0

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        (No malicious items detected)

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        (No malicious items detected)



        Dial-a-fix

        Error -2147467259 was encountered while trying to unregister C:\WINDOWS\system32\msxml3.dll. The error text is: Unspecified Error.
        Dial-a-fix currently has no suggestions for this error code. Please email [email protected] with a copy of the lop pane and any details you can provide about this error.

        Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

        Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

        Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Your version of imgutil.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

        Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Your version of inseng.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

        Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Your version of inseng.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

        Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Your version of mshtml.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

        Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Your version of mshtml.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

        Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Your version of msrating.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

        Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Your version of occache.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

        Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Your version of occache.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

        Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Your version of pngfilt.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

        Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Your version of webcheck.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.

        Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Your version of webcheck.dll is: 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.
        « Last Edit: January 24, 2010, 10:38:39 AM by jkolak »
        Logged

        evilfantasy

        • Malware Removal Specialist
        • Moderator


          • Genius
        • Calm like a bomb
          • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: Malware or system corruption? Windows XP
        « Reply #21 on: January 24, 2010, 10:34:26 AM »
        Delete An Uninstall Entry

        • Start HijackThis
        • Click on the Open the Misc Tools section
        • Click on the Open Uninstall Manager button.
        • Highlight the entry you want to remove. JAVA(TM) 6 Update 7
        • Click Delete this entry
        .
        ----------

        You may need to check with Mozilla on the other errors. https://support.mozilla.com/en-US/forum/1/478629

        For the remaining Windows issues, slow transfers and passwords start a new topic in the Windows forum. I'm pretty sure the malware is gone. We can run another scan for a double check if you like.


        Download, update and run a-squared Free edition

        At the main menu, click Scan Now, there will be 4 options, choose Deep Scan and then click Scan

        * If malware is found, click the button Remove Selected Malware
        * If malware is found, select all found and click Quarantine selected objects
        * Click Save Report. Save the report to somewhere convenient, such as your desktop
        * Add the report as an attachment in your next post.
        Logged

        jkolak

          Topic Starter


          Hopeful
          • Thanked: 23
          Re: Malware or system corruption? Windows XP
          « Reply #22 on: January 24, 2010, 03:02:23 PM »
          JAVA(TM) 6 Update 7 does not appear in the HJT Uninstall Manager. Since JavaRa removed so much on the 2nd and 3rd runs, this issue is no longer a concern to me. I was afraid that a Java exploit was preventing its removal, but it appears JavaRa reports that there is no longer anything left on the HDD of this version of Java.


          So I see the Revo/Winamp error message is a system-wide thing, not application specific. I should have known since it occurs on two unrelated applications.

          The Mozilla thread was inadvertently closed by someone, but was reopened here:

          https://support.mozilla.com/en-US/forum/1/401389

          Since the Mozilla thread is speculative, you might prefer to refer people to the Microsoft solution instead:

          http://support.microsoft.com/kb/969155

          It concerns a Vista file accidentally installed in XP by some MS applications. The solution is just to delete it.

          So it's not a malware issue, so it is no longer of concern. The solution fixed both Winamp and Revo on my computer.

          As for the a-squared scan, the scan results really have me thinking about what this experience is teaching me about false positives. As I mentioned in Reply # 14,

          Quote
          I didn't pay much attention to the issue of false positives in the past. I just assumed AV publishers had their signature lists and that they just worked. A random match of data bits that match seemed too small a chance to worry about. But I've been following the CNET reviews of security software recently, and I noticed for the first time that the percentage of false positives is a rating factor. Also, upon installing Avira last month, I was surprised at their candor concerning the chances of false positives with respect to the sensitivity settings chosen. In fact, it is the first program I have ever seen with sensitivity settings.

          That together with what I learned from my Jotti's scans, also in Reply #14, and reviews of AV products at the Virus Bulletin web site, has me realizing that every anti-malware product has a small percentages of false positives, and therefore, mathematically, or statistically speaking, the more different brands of scanners you expose your system to, the more you are exposing yourself to the chance of a false positive.

          The reason I bring up this issue here is because of the items found by a-squared.

          The tracking cookies - that's fine. I delete them every chance I get.

          The inprocserver32 tracing detection - there is a big discussion of this on the Kaspersky forum:

          http://forum.kaspersky.com/lofiversion/index.php/t48032.html

          to the point of one post even accusing Emsisoft of false positives in the free edition to drive sales of the the paid edition. Whether or not that's an overreaction, the entire thread discussion shows there is not a consensus as to whether or not these keys should be deleted.

          Next there is Presto Pagemanager. This is off my Installation Disk that came with my Canon printer/scanner.

          Next is the Setup.exe for one of the Serif applications downloaded from the Serif webite.

          And then comes All in One Karaoke again (from Reply # 14 again). But this time it's not Karaplayer, it's NickWin.exe.

          When I installed Avira, it offered me 3 levels of scanning sensitivity and advised that the chance of false positives increased with the higher settings. Because this infection had me so worried, I chose the highest sensitivity anyway. Yet Avira did not pick of any of these files. Maybe it's because it is only an anti-virus and a-squared is a specialized tool. But the overall feeling I get is that a-squared is the most sensitive with a higher chance of reporting false positives.

          So my problem is that I do not have enough experience and judgement to evaluate this log to feel qualified to decide for myself whether to allow a-squared to remove these findings. The more you learn, the more you realize how much you don't know, so I can appreciate someone with your level of knowledge marking your profile experience level as "Beginner". So I have not allowed a-squared to remove these results so I can get your input first. I know one behavior of malware is to insert itself into other executable files on the system, so I don't know for sure what I should do.

          All for now.

          Thanks

          [Saving space, attachment deleted by admin]
          Logged

          evilfantasy

          • Malware Removal Specialist
          • Moderator


            • Genius
          • Calm like a bomb
            • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: Malware or system corruption? Windows XP
          « Reply #23 on: January 24, 2010, 03:11:25 PM »
          You can safely let a2 remove those.

          I believe that the malware is gone. Any further issues will need to be addressed in the proper forum.
          Logged

          jkolak

            Topic Starter


            Hopeful
            • Thanked: 23
            Re: Malware or system corruption? Windows XP
            « Reply #24 on: January 24, 2010, 03:32:18 PM »
            That's really good to hear. It has been so stressful going through this malware experience. I am so grateful you and SD have been able to help me return my computer to good health.

            Thanks so much.
            Logged
            Pages: 1 [2]  All   Go Up
            « previous next »