1,105,633 Community Members

Possible virus? Turned the taskbar gray/ disabled sound.

Member Avatar
spage23
Newbie Poster
13 posts since Sep 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

HELP ME! I'm a college student and use my computer ALL of the time. All of a sudden this thing called Relevant Knowledge started popping up on my computer. I wanted to get rid of it, so I stupidly clicked the button that said stop receiving these messages or something like that. I have Symantec Antivirus but it isn't picking anything up. I tried deleting Relevant Knowledge from my computer, but it says "Cannot delete rlls.dll: Access is Denied." Right now, I'm running my computer in Safe Mode with Networking because that's the only way that I can be on the internet to post this. However, I need help getting rid of this thing! I ran HijackThis and here's what it said:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:08 PM, on 9/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspanishlab.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] C:\Documents and Settings\Administrator\Application Data\advantage\AdVantage.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZLman000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13210 bytes

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Hi and welcome to the Daniweb forums :).

==========

Read me before posting a request for assistance

Member Avatar
spage23
Newbie Poster
13 posts since Sep 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Okay, GMER won't run. Also, I ran the others in Safe Mode with Networking. Should I repeat those directions, starting Windows normally?

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Normal mode for DDS and MBA-M please.

Try GMER in safe mode to see if it will run.

Member Avatar
spage23
Newbie Poster
13 posts since Sep 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Okay, I was able to run GMER in safe mode:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-20 10:09:10
Windows 5.1.2600 Service Pack 3
Running: xtim2tp2.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwlirpoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4653

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

9/19/2010 9:19:27 PM
mbam-log-2010-09-19 (21-19-27).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 245761
Time elapsed: 31 minute(s), 26 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 142
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 22
Files Infected: 115

Memory Processes Infected:
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\RelevantKnowledge\rlls.dll (Adware.RelevantKnowledge) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\relevantknowledge (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advantage (Adware.Vomba) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\RelevantKnowledge\rlls.dll (Adware.RelevantKnowledge) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\advantage\AdVUninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\advantage\AdVUninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\AdVComponent.dll (Adware.Vomba) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls64.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlph.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\components\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP302\A0043923.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP308\A0044967.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP308\A0044971.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP308\A0044979.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP308\A0044981.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP308\A0044983.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP308\A0044999.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP310\A0045282.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP310\A0045283.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP310\A0045284.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP310\A0045285.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP310\A0045286.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP310\A0045288.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0012DC7D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0012DFE8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0012E085.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0012E15F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001B2D08.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\002F80A5 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\03B7D1F4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\03B7D2CF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\03B7D3C9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\03B7D4B3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\03B7D59D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1318B3D0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.


DDS:


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 15:02:54.73 on Mon 09/20/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.2603 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds (2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://myspanishlab.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: &AdVantage Branding Window: {d367a4af-8202-4173-a115-9831108f1e0a} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli ASWLNPkg

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\4e795w5l.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://angel.brockport.edu/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-5-13 108752]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-13 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-13 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-17 165584]
S1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-13 12496]
S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
S2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
S2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
S2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-17 17744]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-17 40384]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-8 135664]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-13 256512]
S2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-9-17 583640]
S2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-13 24652]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-17 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-17 40384]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-22 193840]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100910.003\naveng.sys [2010-9-11 85424]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100910.003\navex15.sys [2010-9-11 1362608]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]

=============== Created Last 30 ================

2010-09-20 01:26:52 0 d-----w- c:\windows\LastGood.Tmp
2010-09-20 00:44:29 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-09-20 00:44:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-20 00:44:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-20 00:44:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 00:44:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-19 19:09:46 0 d-----w- c:\program files\Trend Micro
2010-09-17 18:44:42 38848 ----a-w- c:\windows\avastSS.scr
2010-09-17 18:44:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-09-17 17:24:05 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-09-17 17:24:04 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-09-17 17:24:04 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-09-17 17:24:04 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-09-17 17:24:02 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2010-09-17 17:23:34 0 d-----w- c:\program files\common files\PC Tools
2010-08-25 02:37:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-25 02:34:40 0 d-----r- c:\program files\Skype

==================== Find3M ====================

2010-09-20 01:57:44 94208 ----a-w- c:\windows\DUMP9153.tmp
2010-09-20 01:56:46 90112 ----a-w- c:\windows\DUMP9598.tmp
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:06:51 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-23 12:06:51 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

============= FINISH: 15:03:19.76 ===============

Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2009 6:33:01 AM
System Uptime: 9/20/2010 2:39:51 PM (1 hours ago)

Motherboard: Hewlett-Packard | | 30E9
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | Intel(R) Genuine processor | 1995/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 297 GiB total, 243.604 GiB free.
D: is FIXED (FAT32) - 1 GiB total, 0.879 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8072 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_436C&SUBSYS_30E9103C&REV_00\4&384C4504&0&00E5
Manufacturer: Marvell
Name: Marvell Yukon 88E8072 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_436C&SUBSYS_30E9103C&REV_00\4&384C4504&0&00E5
Service: yukonwxp

==== System Restore Points ===================

RP267: 6/30/2010 2:25:27 PM - Software Distribution Service 3.0
RP268: 1/8/1980 9:52:25 PM - Software Distribution Service 3.0
RP269: 8/13/2010 11:17:46 PM - Software Distribution Service 3.0
RP270: 8/15/2010 6:50:38 PM - Software Distribution Service 3.0
RP271: 8/16/2010 10:03:57 PM - Software Distribution Service 3.0
RP272: 8/16/2010 11:38:27 PM - Software Distribution Service 3.0
RP273: 8/16/2010 11:56:59 PM - Software Distribution Service 3.0
RP274: 8/24/2010 9:04:35 PM - Software Distribution Service 3.0
RP275: 8/26/2010 10:25:52 PM - System Checkpoint
RP276: 8/28/2010 4:43:54 PM - Software Distribution Service 3.0
RP277: 8/29/2010 2:33:27 PM - Software Distribution Service 3.0
RP278: 8/29/2010 2:38:40 PM - Software Distribution Service 3.0
RP279: 8/30/2010 10:33:11 PM - Software Distribution Service 3.0
RP280: 8/31/2010 10:03:21 AM - Software Distribution Service 3.0
RP281: 8/31/2010 10:39:01 AM - Software Distribution Service 3.0
RP282: 8/31/2010 8:23:02 PM - Software Distribution Service 3.0
RP283: 9/1/2010 12:22:21 PM - Software Distribution Service 3.0
RP284: 9/2/2010 1:38:22 PM - Software Distribution Service 3.0
RP285: 9/2/2010 2:44:53 PM - Software Distribution Service 3.0
RP286: 9/3/2010 11:59:02 AM - Software Distribution Service 3.0
RP287: 9/3/2010 12:02:20 PM - Software Distribution Service 3.0
RP288: 9/3/2010 3:45:38 PM - Software Distribution Service 3.0
RP289: 9/4/2010 5:16:17 PM - Software Distribution Service 3.0
RP290: 9/5/2010 3:00:16 AM - Software Distribution Service 3.0
RP291: 9/6/2010 3:00:16 AM - Software Distribution Service 3.0
RP292: 9/6/2010 3:04:23 PM - Software Distribution Service 3.0
RP293: 9/6/2010 4:20:46 PM - Software Distribution Service 3.0
RP294: 9/7/2010 9:53:23 AM - Software Distribution Service 3.0
RP295: 9/7/2010 9:57:46 AM - Software Distribution Service 3.0
RP296: 9/7/2010 6:01:46 PM - Software Distribution Service 3.0
RP297: 9/8/2010 12:07:39 PM - Software Distribution Service 3.0
RP298: 9/9/2010 1:03:20 AM - Software Distribution Service 3.0
RP299: 9/10/2010 9:29:06 AM - Software Distribution Service 3.0
RP300: 9/10/2010 9:34:15 AM - Software Distribution Service 3.0
RP301: 9/10/2010 9:41:50 AM - Software Distribution Service 3.0
RP302: 9/10/2010 5:59:17 PM - Software Distribution Service 3.0
RP303: 9/13/2010 8:56:38 AM - Software Distribution Service 3.0
RP304: 9/14/2010 11:17:47 AM - Software Distribution Service 3.0
RP305: 9/14/2010 11:19:26 AM - Software Distribution Service 3.0
RP306: 9/15/2010 12:35:27 PM - Software Distribution Service 3.0
RP307: 9/15/2010 8:57:35 PM - Configured 2007 Microsoft Office system
RP308: 9/16/2010 7:02:25 PM - Software Distribution Service 3.0
RP309: 9/17/2010 1:18:37 PM - Software Distribution Service 3.0
RP310: 9/17/2010 2:04:06 PM - Software Distribution Service 3.0
RP311: 9/19/2010 9:24:31 PM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
2007 Microsoft Office system
32 Bit HP CIO Components Installer
AC3Filter (remove only)
Activation Assistant for the 2007 Microsoft Office suites
ActivClient 6.1 x86
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
AIM 7
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
Bejeweled 2 Deluxe 1.1.3.2523
Bonjour
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cliprex DVD Player Professional Powered by Advantage
Copy
Credential Manager for HP ProtectTools
Critical Update for Windows Media Player 11 (KB959772)
Destination Component
DeviceDiscovery
Digital Voice Editor 3
DJ_AIO_05_F4400_Software_Min
Download Updater (AOL LLC)
Drive Encryption for HP ProtectTools
Easy CD Creator 5 Basic
F4400
ffdshow (remove only)
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HOTLLAMA Media Player
HP 3D DriveGuard
HP Customer Participation Program 12.0
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5
HP Doc Viewer
HP Help and Support
HP Imaging Device Functions 12.0
HP JavaCard for HP ProtectTools
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons 6.40 E1
HP Smart Web Printing
HP Software Setup 5.00.A.7
HP Solution Center 12.0
HP Update
HP User Guide Bluetooth Addendum 0062
HP User Guides 0108
HP Wallpaper
HP Webcam
HP Webcam Application
HP Wireless Assistant
HPProductAssistant
HPSSupply
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 11
LimeWire 5.3.6
LiveUpdate 2.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Move Media Player
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
Norton Security Scan
ooVoo
ooVoo Toolbar (Remove Toolbar Only)
Picasa 3
PopCap Browser Plugin
QuickTime
Registry Mechanic 10.0
Safari
Scan
ScanSoft PDF Create 3.0
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skins
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Sony Sound Forge Audio Studio 9.0
SoundMAX
Status
Symantec AntiVirus
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Defender
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip

==== Event Viewer Messages From Past Week ========

9/20/2010 10:30:37 AM, error: DCOM [10005] - DCOM got error "%1450" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
9/20/2010 10:28:30 AM, error: Workstation [3113] - Initialization failed because the requested service redirector could not be started.
9/19/2010 9:43:45 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
9/19/2010 9:22:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde atapi IntelIde PCIIde Pcmcia ViaIde
9/19/2010 9:21:24 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/19/2010 10:00:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi cdudf_xp eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss RsvLock SAVRT SYMTDI Tcpip
9/19/2010 10:00:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2010 10:00:07 PM, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2010 10:00:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2010 10:00:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2010 10:00:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2010 10:00:07 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2010 10:00:07 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2010 7:53:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi cdudf_xp eeCtrl Fips intelppm RsvLock SAVRT SYMTDI
9/17/2010 2:59:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/17/2010 2:46:25 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\AvastUI.exe. Reference error message: The operation completed successfully. .
9/17/2010 2:44:49 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
9/17/2010 2:44:49 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\avastUI.exe. Reference error message: The operation completed successfully. .
9/17/2010 2:44:49 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
9/17/2010 2:39:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
9/17/2010 2:34:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp Fips intelppm RsvLock SAVRT SYMTDI
9/17/2010 2:34:16 PM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
9/17/2010 2:34:16 PM, error: Service Control Manager [7001] - The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start.
9/17/2010 2:34:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/17/2010 1:26:54 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd000012d: Security Update for Windows XP (KB2259922).
9/17/2010 1:26:39 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd000012d: Security Update for Windows XP (KB975558).
9/17/2010 1:26:33 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000142: Security Update for Windows XP (KB2347290).
9/17/2010 1:26:33 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000142: Security Update for Windows XP (KB2121546).
9/16/2010 7:34:09 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/16/2010 7:24:34 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{B8652500-16B4-47CF-9D52-67E7D5AFDF5D} because another computer on the network has the same name. The server could not start.
9/16/2010 7:24:28 PM, error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
9/16/2010 7:11:34 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
9/16/2010 7:11:34 PM, error: SideBySide [59] - Generate Activation Context failed for c:\Program Files\Hewlett-Packard\IAM\bin\Settings.dll. Reference error message: The operation completed successfully. .
9/16/2010 7:10:35 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f007: Security Update for Windows XP (KB2259922).
9/16/2010 7:10:35 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800705aa: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906).
9/16/2010 7:10:13 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP (KB2347290).
9/16/2010 7:10:13 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f007: Security Update for Windows XP (KB975558).
9/16/2010 7:09:48 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP (KB2121546).
9/16/2010 7:09:26 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP (KB982802).
9/16/2010 7:09:07 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP (KB981322).
9/16/2010 7:08:43 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool - September 2010 (KB890830).
9/16/2010 7:06:02 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/16/2010 7:06:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
9/16/2010 7:06:01 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
9/16/2010 7:03:06 PM, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: Not enough storage is available to process this command.
9/16/2010 7:03:06 PM, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: Not enough storage is available to process this command.
9/16/2010 7:00:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRT
9/16/2010 7:00:42 PM, error: SAVRT [20] - Unable to initialize the virus scanning engine database files.
9/15/2010 8:02:47 PM, error: Service Control Manager [7034] - The Symantec AntiVirus service terminated unexpectedly. It has done this 1 time(s).
9/15/2010 12:37:08 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906).
9/13/2010 8:55:19 AM, error: Service Control Manager [7000] - The SAVRT service failed to start due to the following error: A device attached to the system is not functioning.
9/13/2010 6:57:28 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
9/13/2010 6:57:28 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4e795w5l.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\ooVooCtl.dll. Reference error message: The operation completed successfully. .
9/13/2010 6:57:28 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
9/13/2010 12:39:23 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0022FAD4D8F8. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

================

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Member Avatar
spage23
Newbie Poster
13 posts since Sep 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Here's the Java log:


JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Sep 20 18:55:36 2010

Found and removed: C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_19

Found and removed: C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_20

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin.160_11

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.160_11

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_11

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_11

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Sep 20 18:56:37 2010

------------------------------------

Finished reporting.

Combofix wouldn't finish so I didn't get a log.

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

How long did you let it run?
Try in safe mode please.

Member Avatar
spage23
Newbie Poster
13 posts since Sep 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I let it run, it rebooted my computer, it said it was creating a log and to let it finish, then it shut down without creating a log.

Member Avatar
spage23
Newbie Poster
13 posts since Sep 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Okay, ran it in safe mode:


ComboFix 10-09-20.02 - Administrator 09/20/2010 21:52:40.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.2524 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Application Data\AdVantage\about_AdVantage.mht
c:\documents and settings\Administrator\Application Data\AdVantage\advantage.cfg
c:\documents and settings\Administrator\Application Data\AdVantage\advantage.mht

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-20 00:44 . 2010-09-20 00:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-20 00:44 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-20 00:44 . 2010-09-20 00:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 00:44 . 2010-09-20 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-20 00:44 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-19 19:09 . 2010-09-19 19:09 -------- d-----w- c:\program files\Trend Micro
2010-09-17 18:44 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-17 18:44 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-17 18:44 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-17 18:44 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-17 18:44 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-17 18:44 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-17 18:44 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-17 18:44 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-17 18:44 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-17 18:44 . 2010-09-17 18:44 -------- d-----w- c:\program files\Alwil Software
2010-09-17 18:44 . 2010-09-17 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-17 17:24 . 2010-08-05 12:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-09-17 17:23 . 2010-09-17 17:23 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-17 17:23 . 2010-09-17 17:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-25 02:37 . 2010-08-25 02:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-25 02:36 . 2010-09-12 05:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-08-25 02:35 . 2010-09-12 05:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-08-25 02:34 . 2010-08-25 02:34 -------- d-----w- c:\program files\Common Files\Skype
2010-08-25 02:34 . 2010-08-25 02:35 -------- d-----r- c:\program files\Skype
2010-08-25 02:17 . 2010-08-25 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 23:53 . 2009-07-18 14:26 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-20 23:34 . 2009-07-13 03:54 -------- d-----w- c:\program files\Symantec AntiVirus
2010-09-20 01:57 . 2009-07-13 10:20 94208 ----a-w- c:\windows\DUMP9153.tmp
2010-09-20 01:56 . 2009-07-13 10:20 90112 ----a-w- c:\windows\DUMP9598.tmp
2010-09-17 18:52 . 2009-07-13 03:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-17 18:49 . 2008-06-22 04:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\hpqLog
2010-09-17 17:55 . 2009-09-14 22:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-09-17 17:26 . 2009-09-03 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-09-16 01:32 . 2009-12-10 16:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\FrostWire
2010-09-08 00:01 . 2009-12-10 16:21 -------- d-----w- c:\program files\Ask.com
2010-08-29 23:23 . 2009-08-31 01:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\ooVoo Details
2010-08-29 23:20 . 2009-08-31 01:40 -------- d-----w- c:\program files\ooVoo
2010-07-22 15:49 . 2004-08-04 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-07-13 03:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2004-08-04 08:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-04 08:00 1851904 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-05-08 19:00 86016 ----a-w- c:\program files\oovootb\oovoodx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\oovoodx.dll" [2009-05-08 86016]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-17 136600]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-7-13 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-05-21 00:42 111888 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [5/13/2008 8:36 PM 108752]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [5/13/2008 8:36 PM 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [5/13/2008 8:36 PM 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 6:14 AM 24064]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/17/2010 2:44 PM 165584]
S1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [5/13/2008 8:36 PM 12496]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 7:08 PM 182576]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 4:00 AM 14336]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 4:00 AM 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/17/2010 2:44 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2009 12:45 AM 135664]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [5/14/2008 4:41 PM 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [5/13/2008 8:35 PM 256512]
S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 4:00 AM 14336]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [9/17/2010 1:23 PM 583640]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/13/2009 12:10 PM 24652]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/22/2008 12:43 AM 193840]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 3:18 PM 169192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 04:45]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 04:45]

2010-09-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-09-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-19 10:32]

2010-09-17 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-09-17 12:46]

2010-09-17 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2010-09-17 12:46]

2010-09-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://myspanishlab.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4e795w5l.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://angel.brockport.edu/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

AddRemove-LimeWire - c:\program files\LimeWire\uninstall.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\brand.dll
c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll
c:\program files\Hewlett-Packard\Drive Encryption\SbHpFve.dll
c:\program files\Hewlett-Packard\Drive Encryption\SbUILib.dll
c:\windows\system32\WININET.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll
c:\windows\system32\acomx.dll
c:\windows\system32\acbsi21.dll

- - - - - - - > 'explorer.exe'(2040)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-09-20 21:56:58
ComboFix-quarantined-files.txt 2010-09-21 01:56

Pre-Run: 261,270,429,696 bytes free
Post-Run: 261,222,821,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C7F90FAA0A59EE2B40E4BD28BA83FB97

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

How are things now?

Member Avatar
spage23
Newbie Poster
13 posts since Sep 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Now it won't start in regular mode. The blue screen thing comes up before it boots and says something about beginning dump of physical memory. but it goes away too fast to see what the rest of it says.

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Can you reset the bios on the motherboard by turning off the power first, then remove the battery on the motherboard. Have a cup of tea, then replace the battery and try booting again.

Member Avatar
spage23
Newbie Poster
13 posts since Sep 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

okay, it started, but nothing would run. and a window pops up saying

Runtime Error!
Program: c:\Program Files\Hewlett-Packard\IAM\Bin\AsGhost.exe

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Ok. Can you boot into safe mode and try a system restore. Go back a couple of weeks if you can.
You will then need to post logs from fresh scans from the tools in the sticky.

Do you have your Windows install CD?

Member Avatar
spage23
Newbie Poster
13 posts since Sep 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I don't know how to do these things...can you give me some further instruction?

And no, I don't have the CD, I'm at school.

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Shut down the computer (if it is running) and then turn it on. Immediately start tapping the F8 button on the keyboard until you get a menu that asks which start option you want.
Choose 'Safe Mode.'
Once you are in go to the start button at bottom left of screen and then in the Run option, type in msconfig and hit ok.
There should be an option then to launch system restore. Do that, then select a date roughly a couple of weeks ago and then go ahead.

Member Avatar
spage23
Newbie Poster
13 posts since Sep 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

It wouldn't let me restore. I tried a number of different dates and it wouldn't allow any of them.

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Go into safe mode again and run msconfig. Select the Boot Tab and make sure that the safemode box is unticked. If it is ticked, untick it and apply the setting and ok out.

Let me know.

Member Avatar
spage23
Newbie Poster
13 posts since Sep 2010
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Okay, so far so good. Should I do anything else other than run scans?

You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: