Redirects to Scour.com

Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

We need to see some additional information about what is happening in your machine.

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• Click Yes at the prompt for Optional Scan.
• When done, DDS will open two (2) logs

1. DDS.txt
2. Attach.txt

• Save both reports to your desktop.
• Copy/paste both logs to your reply on the forum. Do not attach them.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

No Reply within 3 days will result in this topic being closed, and I will remove it from my subscriptions. If you require more time, please let me know.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

DDS (Ver_10-10-21.02) - NTFSx86 
Run by Owner at 16:01:42.11 on Sun 10/24/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2045.955 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *enabled*   {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxcicoms.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdUpdater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Owner\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uWinlogon: Shell=explorer.exe,c:\users\owner\appdata\roaming\microsoft\windows\shell.exe
uWindows: Load=c:\users\owner\appdata\local\temp\dwm.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US /HIDEBL
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [svchost] c:\users\owner\appdata\roaming\microsoft\svchost.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NWEReboot]
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\pandora.lnk - c:\program files\pandora\Pandora.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: download.microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1    www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\un7h9aex.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sparkpeople.com/myspark/web_search.asp
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\un7h9aex.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\ksolo\npAVX.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\owner\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\owner\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\un7h9aex.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-27 165584]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-8-27 566616]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-27 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-27 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-27 40384]
R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\rosettastoneltdservices\RosettaStoneLtdController.exe [2007-8-24 32624]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2007-9-25 1153368]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-27 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-27 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-26 136176]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-23 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-19 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040104};PCD5SRVC{FBEA8B78-1B22F121-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2010-10-22 08:28:14    6146896    ----a-w-    c:\progra~2\microsoft\windows defender\definition updates\{3e8126be-55d9-4af2-a5da-16da25e02a07}\mpengine.dll
2010-10-20 04:42:56    --------    dc----w-    c:\windows\en
2010-10-20 04:41:21    39272    -c--a-w-    c:\windows\system32\drivers\fssfltr.sys
2010-10-20 04:24:23    469256    -c--a-w-    c:\program files\common files\windows live\.cache\a5824c401cb700e0c\InstallManager_WLE_WLE.exe
2010-10-20 04:24:10    15712    -c--a-w-    c:\program files\common files\windows live\.cache\a46061801cb700e0b\MeshBetaRemover.exe
2010-10-20 04:23:57    69464    -c--a-w-    c:\windows\system32\XAPOFX1_3.dll
2010-10-20 04:23:57    515416    -c--a-w-    c:\windows\system32\XAudio2_5.dll
2010-10-20 04:23:57    453456    -c--a-w-    c:\windows\system32\d3dx10_42.dll
2010-10-20 04:23:47    94040    -c--a-w-    c:\program files\common files\windows live\.cache\95b4bc301cb700e0a\DSETUP.dll
2010-10-20 04:23:47    525656    -c--a-w-    c:\program files\common files\windows live\.cache\95b4bc301cb700e0a\DXSETUP.exe
2010-10-20 04:23:47    1691480    -c--a-w-    c:\program files\common files\windows live\.cache\95b4bc301cb700e0a\dsetup32.dll
2010-10-20 04:23:42    94040    -c--a-w-    c:\program files\common files\windows live\.cache\92ed10b01cb700e09\DSETUP.dll
2010-10-20 04:23:42    525656    -c--a-w-    c:\program files\common files\windows live\.cache\92ed10b01cb700e09\DXSETUP.exe
2010-10-20 04:23:42    1691480    -c--a-w-    c:\program files\common files\windows live\.cache\92ed10b01cb700e09\dsetup32.dll
2010-10-20 04:22:28    --------    dc----w-    c:\users\owner\appdata\local\Windows Live
2010-10-20 04:20:33    754688    -c--a-w-    c:\windows\system32\webservices.dll
2010-10-15 01:53:01    231424    -c--a-w-    c:\windows\system32\msshsq.dll
2010-10-15 01:51:58    743424    -c--a-w-    c:\program files\internet explorer\iedvtool.dll
2010-10-05 04:24:23    --------    dc----w-    C:\6d6cde30c745e1e35fe29e62b9ed
2010-10-04 03:21:48    --------    dc----w-    c:\progra~2\Research In Motion
2010-09-28 23:42:01    2048    -c--a-w-    c:\windows\system32\tzres.dll
2010-09-28 23:41:22    13312    -c--a-w-    c:\program files\internet explorer\iecompat.dll
2010-09-25 16:25:09    --------    dc----w-    c:\program files\iPod
2010-09-25 16:25:01    --------    dc----w-    c:\program files\iTunes
2010-09-25 16:18:54    --------    dc----w-    c:\program files\Bonjour

==================== Find3M  ====================

2010-10-19 17:41:44    222080    -c----w-    c:\windows\system32\MpSigStub.exe
2010-09-23 06:47:28    49016    -c--a-w-    c:\windows\system32\sirenacm.dll
2010-09-23 06:32:56    301936    -c--a-w-    c:\windows\WLXPGSS.SCR
2010-09-13 13:56:41    8147456    -c--a-w-    c:\windows\system32\wmploc.DLL
2010-09-08 17:17:46    94208    -c--a-w-    c:\windows\system32\QuickTimeVR.qtx
2010-09-08 17:17:46    69632    -c--a-w-    c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28    916480    -c--a-w-    c:\windows\system32\wininet.dll
2010-09-08 05:57:18    43520    -c--a-w-    c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05    1469440    -c--a-w-    c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53    71680    -c--a-w-    c:\windows\system32\iesetup.dll
2010-09-08 05:56:53    109056    -c--a-w-    c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36    385024    -c--a-w-    c:\windows\system32\html.iec
2010-09-08 04:26:46    133632    -c--a-w-    c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15    1638912    -c--a-w-    c:\windows\system32\mshtml.tlb
2010-09-07 15:12:17    38848    -c--a-w-    c:\windows\avastSS.scr
2010-09-06 16:20:29    125952    -c--a-w-    c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06    17920    -c--a-w-    c:\windows\system32\netevent.dll
2010-08-31 15:46:37    954752    -c--a-w-    c:\windows\system32\mfc40.dll
2010-08-31 15:46:37    954288    -c--a-w-    c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31    531968    -c--a-w-    c:\windows\system32\comctl32.dll
2010-08-31 13:27:38    2038272    -c--a-w-    c:\windows\system32\win32k.sys
2010-08-26 16:37:45    157184    -c--a-w-    c:\windows\system32\t2embed.dll
2010-08-20 16:05:07    867328    -c--a-w-    c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37    128000    -c--a-w-    c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15    274944    -c--a-w-    c:\windows\system32\schannel.dll
2010-07-28 00:44:10    91424    -c--a-w-    c:\windows\system32\dnssd.dll
2010-07-28 00:44:10    107808    -c--a-w-    c:\windows\system32\dns-sd.exe

============= FINISH: 16:02:44.23 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/23/2007 2:38:15 PM
System Uptime: 10/24/2010 2:46:25 PM (2 hours ago)

Motherboard: Dell Inc. |  | 0KY768
Processor: Intel(R) Core(TM)2 Duo CPU     T7300  @ 2.00GHz | Microprocessor | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 99 GiB total, 48.038 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.906 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP857: 10/24/2010 2:17:53 PM - Installed HiJackThis
RP858: 10/24/2010 2:32:39 PM - Removed HiJackThis
RP859: 10/24/2010 2:37:14 PM - Installed HiJackThis
RP860: 10/24/2010 2:53:48 PM - Removed HiJackThis
RP861: 10/24/2010 3:06:15 PM - Installed HiJackThis
RP862: 10/24/2010 3:16:46 PM - Removed HiJackThis

==== Installed Programs ======================

Actiontec Gateway
Ad-Aware 2007
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5
AIM 7
Amazon MP3 Downloader 1.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AusLogics Disk Defrag
AV4 Customer Management System For Avon Representatives 5.9.16
avast! Free Antivirus
Better Homes and Gardens Home Designer Suite 7.0
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 6.0
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cognitive Tutor
Conexant HDA D330 MDC V.92 Modem
D-Link D-ViewCam
D3DX10
Dell Driver Download Manager
Dell Support Center (Support Software)
Dell System Customization Wizard
Dell Touchpad
Dell Wireless WLAN Card
DellSupport
Digital Line Detect
Download Updater (AOL LLC)
DVD Shrink 3.2
DVDFab Platinum 3.1.7.6
ESPN Java Check
Facebook Plug-In
Games, Music, & Photos Launcher
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 3
Junk Mail filter update
kSolo Recorder
Lexmark 7300 Series
Malwarebytes' Anti-Malware
MediaDirect
Mediafly SyncClient
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox (3.6.6)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
Netflix in Windows Media Center
Netflix Movie Viewer
NetWaiting
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OutlookAddinSetup
Pandora
Polar WebLink 2.4.3
Product Documentation Launcher
QuickConnect
QuickSet
QuickTime
Qwest QuickAssist Desktop Tools
Qwest QuickCare 2.2
RealPlayer
Rhapsody Player Engine
Rosetta Stone Ltd Services
Rosetta Stone Version 3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Sonic Activation Module
Spybot - Search & Destroy
System Requirements Lab
The Shrinking of Outlaw Bill
The Sims 2
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
URL Assistant
User's Guides
WebEx Support Manager for Internet Explorer
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

10/24/2010 2:50:56 PM, Error: Service Control Manager [7000]  - The BCM42RLY service failed to start due to the following error:  The system cannot find the file specified.
10/23/2010 10:04:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.2.4 for the Network Card with network address 00197EAFBB42 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
10/20/2010 9:35:09 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.2.5 for the Network Card with network address 00197EAFBB42 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
10/19/2010 10:35:10 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/19/2010 10:35:10 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/19/2010 10:23:46 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

==== End Of File ===========================

As long as you have Malwarebytes' Antimalware, please update that and run a scan. Select to have MBAM REMOVE what it finds.Please post the log from that as well as a log from this scan:

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Please post:

1. MBAM log

2. Security Check log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4938

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

10/24/2010 8:24:55 PM
mbam-log-2010-10-24 (20-24-55).txt

Scan type: Quick scan
Objects scanned: 177115
Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Owner\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 Results of screen317's Security Check version 0.99.5 
 Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Ad-Aware
 Malwarebytes' Anti-Malware   
 CCleaner    
 Java(TM) 6 Update 18 
 Java(TM) 6 Update 3 
 Out of date Java installed!
 Adobe Flash Player 10.1.85.3 
Adobe Reader 8.2.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Windows Defender MSASCui.exe
 Ad-Aware AAWService.exe
 Ad-Aware AAWTray.exe is disabled!
 Spybot Teatimer.exe is disabled!
 Windows Defender MSASCui.exe  
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 AvastUI.exe 
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

MBAM is still out of date. Please update MBAM again.

• If an update is found, the program will automatically update itself.
• Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates,

manually download them from here
and just double-click on mbam-rules.exe to install.
Alternatively, you can update through MBAM's interface from a clean computer,
copy the definitions (rules.ref) located in
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top.

• When the scan is finished, a message box will say "The scan completed successfully.

• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report into your next reply and exit MBAM. We will need to fix that problem in your registry so you don't lose your Desktop, so do not attempt any fixes on your own here.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.

Weird that it wasn't the latest update when I ran the scan last night.  I updated it right before I scanned and it said 10/24/10.

Anyway....

I updated and now it has 10/25/10.  The results are below.  No new problems after the first three were removed last night.

Thank you!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4948

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

10/25/2010 6:18:35 PM
mbam-log-2010-10-25 (18-18-35).txt

Scan type: Quick scan
Objects scanned: 177508
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Good job. Now we're on track.

Run your CCleaner to clean out temps, etc.

In the Windows Tab:

• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose. In the Applications Tab:
• Clean all in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

 Click the "Analyze" button. When the list of files comes up, click the "Run Cleaner" button.

  A pop up box will appear advising this process will permanently delete files from your system.

Click "OK" and it will scan and clean your system.

Click "exit" when done. REBOOT.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 22  to your Desktop.
• You will find it here: http://majorgeeks.com/download.php?det=4648
• Click the "Download" button. Make sure you do not by accident download any of the other programs advertised on that page.
• Do not install it yet.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each of the Java versions.
  Close Add/Remove.

• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version. NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.

Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.

To disable the JQS service if you don't want to use it:

* Go to Start-->Control Panel-->Java-->Advanced-->Miscellaneous and uncheck the box for Java Quick Starter.

* Click Ok and reboot your computer.

Following that, please open your AdobeReader and update it. (Help>Check for Updates)

When completed, please post back and let me know how things are running. If everything is okay, we'll flush System Restore and remove DDS and Security Check. Then you'll be good to go.

• I downloaded, but didn't install the Java
• I ran CC, no problems
• I went to Control Panel, Add/Remove and removed the JREs.  There is one Java update (not JRE) in there that won't let me delete it because it says it was installed incorrectly.
• I am also having trouble deleting the Java Folder and JRE subfolders in Windows Explorer.  I keep receiving message boxes that ask if I'm sure I want to do it., and then next stating it could cause some programs not to work. (I know that's ok) It then asks me to confirm I want to do it.  I click "continue" at this point and then the msg box comes up asking if I'm sure I want to delete.   Could this be an Administrator issue?  I'm an administrator on this machine.
• I was able to delete one folder, but the one that won't let me do it is, jre.6.0_03

Thanks for your help

.

Let's see if this will work on that one:

Download -- to your Desktop -- JavaRa Windows Binary.Zip from here:

http://raproducts.org/wordpress/software

• Unzip the download. This will create a new Folder, JavaRa on your Desktop.
• Double click this new Folder to open it, and double click the file within: JavaRa to execute the program. (If it asks to run as Admin, please do so.)
• Click the button: Remove Older Versions.
• Agree to the cleanup operation by clicking Yes. After a moment, a notice will appear that a log file has been produced. Click OK. Close the Notepad view that opens.
• Click the button: Other Tasks.
• Choose these options:

Remove Useless JRE Files
Remove Startup Entry
Remove JavaRa Logfile

• Click Go. When it finishes, click OK to close the panel, and then Exit the program.
• Delete the download, and the unzipped folder and all contents.

Now proceed with installing Java as described above.

OK...

• JavaRa removed the old versions and then I deleted all of JavaRa.
• I ran CC again just to be safe
• I installed the new Java
• I installed (updated) Adobe Reader to 9.0

Everything appears to be working quite well!

Great!

Please delete DDS and its logs as well as Security Check if you have not already done so.

If everything is running well, it would be good to flush System Restore so you can start fresh. We'll purge the old, infected Restore Points by turning System Restore off and on again.

To turn off Windows Vista System Restore:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
9. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows Vista System Restore:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Place a checkmark in the box for any drive you wish to enable System Restore on
7. Click OK

Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

If you have used Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.

The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:

1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system, Office, and IE. The first defense against infection is a properly patched OS from Microsoft Update at update.microsoft.com. More info HERE.

2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.. Run a complete system scan with your anti-virus at least once a week...preferably in Safe mode.
If your anti-virus program is a paid/licensed version that is about to expire, you can consider using a free one such as:
Microsoft Security Essentials
AntiVir Personal Edition Classic
Avast! Home Edition

If you prefer not to use the Windows Firewall, there are several of the freeware Firewalls available on the public domain.

Please see this list for anti-virus, firewalls, and other FREE SECURITY SOFTWARE.

3. Using an alternate browser can reduce your chance of certain infections installing themselves. You might consider installing Mozilla / Firefox.
http://www.mozilla.com/en-US/

4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

5. Keep your software updated...make it easier on yourself and install the free security tool Secunia PSI .

6. CCleaner updates to a new version once in a while: http://www.ccleaner.com/ ** If you install a new version, UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

7. Web Of Trust , uses colored alerts to warn about risky websites warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Red for Warning = STOP
• Yellow for Use Caution
• Green for Safe
• Grey for Unknown

There is a Web Of Trust version for Firefox as well.

8. If you still wish to use Internet Explorer, please make sure you install SpywareBlaster:  http://www.javacoolsoftware.com/spywareblaster.html
It will:
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
Periodically check for updates.

9. You might want to install Winpatrol. Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.  You can download a free copy of Winpatrol or use the Plus version for more features.
You can read Winpatrol's FAQ if you run into problems.

10. Many of us in the online security community have tried and tested programs to determine their abilities. Please remember that there is no guarantee regarding computer security. However, the available software, combined with the rest of these recommendations will contribute to helping your system running safely.

Here are some helpful articles:
How did I get infected?  HERE

  I'm not pulling your leg, honest?
by Sandi Hardmeier  HERE

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!

Great!  It looks like everything is up and running.  Thank you again for your time.  I really do appreciate it!!

You are most welcome, Cindy.

Glad we were able to help.
NOTE: The issue has been resolved, so this thread is now closed.
Everyone else who is having a similar issue, please begin a New Message at the top of the forum.