Sorry for the delay in getting to you, I'm K27 and i will be reviewing your log for you.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.
Failure to reply in three (3) days will result in this topic being closed and I will remove it from my notifications, If you require more time then that is fine but please let me know.
Download and scan withCCleaner 1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option ORdownload the toolbar-free or Slim versions instead of the Standard Build. 2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours" 3. Then select the items you wish to clean up. In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
4. Click the "Run Cleaner" button. 5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click "OK" and it will scan and clean your system. 7. Click "exit" when done.
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them fromhereand just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
I then need to see some additional information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE
Please copy/paste back the MBAM log and BOTH DDS logs for review.
I have done exactly what you instructed me to do and have the results. May I ask:
1) Is there anything I should be concerned about in my "Hi-Jack This log"?
2) In "CCleaner", I did not do it this time as I'm trying to follow your instructions to the letter, I will always run the "Registry Scan" feature of it immediately after using the "Run Cleaner" button. In future times, should I be doing this?
3) If the questions are irrelevant to this fix, please just let me know.
. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/3/2006 10:47:55 PM System Uptime: 4/3/2011 12:43:23 PM (2 hours ago) . Motherboard: Dell Inc. | | 0WG261 Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 70 GiB total, 28.629 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP181: 1/3/2011 2:49:02 PM - System Checkpoint RP182: 1/4/2011 4:40:12 PM - System Checkpoint RP183: 1/6/2011 10:10:31 AM - System Checkpoint RP184: 1/7/2011 10:35:34 AM - System Checkpoint RP185: 1/8/2011 11:36:10 AM - System Checkpoint RP186: 1/9/2011 3:09:16 PM - System Checkpoint RP187: 1/10/2011 5:22:30 PM - System Checkpoint RP188: 1/11/2011 6:32:51 PM - System Checkpoint RP189: 1/12/2011 10:45:15 AM - Software Distribution Service 3.0 RP190: 1/12/2011 11:02:34 AM - Software Distribution Service 3.0 RP191: 1/13/2011 12:10:46 PM - System Checkpoint RP192: 1/14/2011 4:12:33 PM - System Checkpoint RP193: 1/15/2011 8:57:30 PM - System Checkpoint RP194: 1/17/2011 10:58:04 AM - System Checkpoint RP195: 1/18/2011 12:23:08 PM - System Checkpoint RP196: 1/19/2011 3:04:02 PM - System Checkpoint RP197: 1/20/2011 3:06:22 PM - System Checkpoint RP198: 1/21/2011 7:46:36 PM - System Checkpoint RP199: 1/22/2011 8:29:56 PM - System Checkpoint RP200: 1/23/2011 9:16:28 PM - System Checkpoint RP201: 1/24/2011 9:46:11 PM - System Checkpoint RP202: 1/26/2011 12:48:40 PM - System Checkpoint RP203: 1/27/2011 1:12:16 PM - Removed HiJackThis RP204: 1/28/2011 1:36:47 PM - System Checkpoint RP205: 1/29/2011 5:59:32 PM - System Checkpoint RP206: 1/31/2011 9:29:34 AM - System Checkpoint RP207: 2/1/2011 10:18:27 AM - System Checkpoint RP208: 2/2/2011 10:52:35 AM - System Checkpoint RP209: 2/3/2011 2:10:04 PM - System Checkpoint RP210: 2/4/2011 2:45:54 PM - System Checkpoint RP211: 2/5/2011 2:46:12 PM - System Checkpoint RP212: 2/6/2011 3:37:22 PM - System Checkpoint RP213: 2/7/2011 4:15:32 PM - System Checkpoint RP214: 2/8/2011 5:00:18 PM - System Checkpoint RP215: 2/9/2011 12:14:00 AM - Software Distribution Service 3.0 RP216: 2/10/2011 12:34:28 PM - System Checkpoint RP217: 2/11/2011 1:21:55 PM - System Checkpoint RP218: 2/12/2011 9:54:42 AM - Removed Adobe Reader 9.4.2. RP219: 2/12/2011 9:58:11 AM - Installed Adobe Reader X (10.0.1). RP220: 2/13/2011 12:49:03 PM - System Checkpoint RP221: 2/14/2011 1:35:40 PM - System Checkpoint RP222: 2/15/2011 8:00:52 AM - Software Distribution Service 3.0 RP223: 2/16/2011 10:54:21 AM - System Checkpoint RP224: 2/17/2011 11:20:46 AM - System Checkpoint RP225: 2/18/2011 11:50:03 AM - System Checkpoint RP226: 2/19/2011 8:31:01 AM - Removed Java(TM) 6 Update 22 RP227: 2/19/2011 8:31:42 AM - Installed Java(TM) 6 Update 24 RP228: 2/20/2011 6:32:53 PM - System Checkpoint RP229: 2/21/2011 10:47:52 PM - System Checkpoint RP230: 2/23/2011 12:18:09 PM - Software Distribution Service 3.0 RP231: 2/24/2011 5:08:29 PM - System Checkpoint RP232: 2/25/2011 5:51:28 PM - System Checkpoint RP233: 2/26/2011 6:21:44 PM - System Checkpoint RP234: 2/27/2011 8:49:41 PM - System Checkpoint RP235: 3/1/2011 3:25:23 PM - System Checkpoint RP236: 3/2/2011 3:41:43 PM - System Checkpoint RP237: 3/3/2011 4:19:37 PM - System Checkpoint RP238: 3/4/2011 4:52:26 PM - System Checkpoint RP239: 3/6/2011 9:42:22 PM - Installed iTunes RP240: 3/8/2011 6:34:01 PM - System Checkpoint RP241: 3/8/2011 10:19:50 PM - Software Distribution Service 3.0 RP242: 3/10/2011 8:23:50 AM - System Checkpoint RP243: 3/11/2011 5:15:20 PM - System Checkpoint RP244: 3/12/2011 7:47:04 PM - System Checkpoint RP245: 3/13/2011 9:06:18 PM - System Checkpoint RP246: 3/15/2011 12:21:22 PM - System Checkpoint RP247: 3/16/2011 12:24:17 PM - System Checkpoint RP248: 3/17/2011 2:50:22 PM - System Checkpoint RP249: 3/18/2011 4:32:57 PM - System Checkpoint RP250: 3/19/2011 4:49:33 PM - System Checkpoint RP251: 3/20/2011 5:36:45 PM - System Checkpoint RP252: 3/21/2011 6:18:08 PM - System Checkpoint RP253: 3/22/2011 6:24:46 PM - System Checkpoint RP254: 3/23/2011 6:29:18 PM - System Checkpoint RP255: 3/24/2011 11:05:35 AM - Software Distribution Service 3.0 RP256: 3/25/2011 4:15:21 PM - System Checkpoint RP257: 3/28/2011 1:29:41 PM - System Checkpoint RP258: 3/29/2011 3:11:47 PM - System Checkpoint RP259: 3/30/2011 3:57:41 PM - System Checkpoint RP260: 3/30/2011 10:36:03 PM - Installed HiJackThis RP261: 4/1/2011 4:58:38 PM - System Checkpoint RP262: 4/2/2011 5:01:33 PM - System Checkpoint . ==== Installed Programs ====================== . 123 Free Solitaire 924PLC32 ABBYY FineReader 6.0 Sprint Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop 7.0 Adobe Reader X (10.0.1) AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update Avira AntiVir Personal - Free Antivirus Blaze Audio RipEditBurn 2 Blaze Audio Wave Breaker Bonjour BufferChm CameraDrivers Canon Camera Access Library Canon Camera Support Core Library CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon MovieEdit Task for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon Utilities CameraWindow Canon Utilities CameraWindow DC Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.5 Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities MyCamera DC Canon Utilities PhotoStitch Canon Utilities RemoteCapture DC Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CCleaner Compatibility Pack for the 2007 Office system Create and Print Greeting Cards 1.0 CreativeProjects CreativeProjectsTemplates CueTour Dell Digital Jukebox Driver Dell Driver Download Manager Dell Driver Download Manager - 1 Dell Driver Reset Tool Dell Game Console Dell Photo AIO Printer 924 Dell Support 3.1 Dell System Restore DellConnect Destinations Digital Content Portal Director DVD Flick 1.3.0.7 EducateU ESET Online Scanner v3 Google AFE Google Desktop Google Toolbar for Internet Explorer Google Update Helper Google Updater HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB954550-v5) HP Image Zone 4.5 HP Photosmart Cameras 4.5 HP Product Assistant HP Software Update HPSystemDiagnostics ImgBurn InstantShare Intel(R) 537EP V9x DF PCI Modem Intel(R) Graphics Media Accelerator Driver Intel(R) PRO Network Connections Drivers Intel(R) PROSet for Wired Connections iPod for Windows 2005-09-23 iTunes Jasc Paint Shop Pro Studio GDI+ Patch Jasc Paint Shop Pro Studio, Dell Editon Jasc Paint Shop Pro Studio.01 , Dell Edition Patch Java Auto Updater Java(TM) 6 Update 24 Learn2 Player (Uninstall Only) Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Greetings 2001 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office Basic Edition 2003 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office XP Web Components Microsoft Picture It! Photo Premium 9 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Microsoft Works 2004 Setup Launcher Modem Event Monitor Modem Helper Modem On Hold Move Media Player MovieEdit Task Mozilla Firefox 4.0 (x86 en-US) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Musicmatch for Windows Media Player Musicmatch® Jukebox OE-Mail Recovery 1.7 Otto PanoStandAlone PhotoGallery PowerDVD 5.3 QFolder QuickTime RAW Image Task 1.2 RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Repair Tool for Outlook Express v.1.7.0 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923689) ShareIns Shockwave SkinsHP1 Sonic Audio module Sonic Copy Module Sonic Data Module Sonic DLA Sonic Encoders Sonic Express Labeler Sonic MyDVD Sonic RecordNow! Sonic Update Manager SpywareBlaster 4.4 TrayApp Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB982632) Update for Windows XP (KB2467659) Update for Windows XP (KB971029) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Voyetra Record Producer Watchtower Library 2010 - English WebCyberCoach 3.2 Dell WebFldrs XP WebReg WildTangent Web Driver Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows XP Media Center Edition 2005 KB2502898 Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 4/1/2011 8:55:11 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983} 3/30/2011 10:11:41 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} 3/30/2011 10:09:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd 3/30/2011 10:09:48 PM, error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File ===========================
1) Is there anything I should be concerned about in my "Hi-Jack This log"?
Unfortantly, HJT does not see everything, this is the reason that we ask for tools that provide a much more indepth look at the system. There is nothing jumping out from either HJT or the DDS logs.
2) In "CCleaner", I did not do it this time as I'm trying to follow your instructions to the letter, I will always run the "Registry Scan" feature of it immediately after using the "Run Cleaner" button. In future times, should I be doing this?
Please do not use any type of registry cleaner during the fix and I strongly advise against running them at any other time, They are renowned for removing legitimate keys that the systems relies on to operate correctly, if the wrong this was removed, the machine could become nothing more than an expensive paperweight.
3) If the questions are irrelevant to this fix, please just let me know.
Any questions that you may have, please ask away, thats what I am here for. If I can answer, I will.
Lets do this:
Please navigate to and delete this folder:
c:\program files\Secunia
And then please navigate to and delete this file:
c:\documents and settings\bill\localsettings\application data\Secunia PSI
Note: You will need to use Internet explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Click the "Show Results" button
Then click the "Export to Text File" button and save the log to the desktop
Copy and paste that log as a reply to this topic and also let me know how things are now.
I have run into a snag. I was able to delete c:\program files\Secunia however, I could not find c:\documents and settings\bill\localsettings\application data\Secunia PSI. I seem to be missing the \local settings\ part of this.I looked in the immediately surrounding folders and it was not in them either. I did find the following when I did a 'Search All Files and Folders':
Local Settings C:\Documents and Settings\Administrator
Local Settings C:\Documents and Settings\Bill (Although I did not find it there)
Local Settings C:\Documents and Settings\Default User
Local Settings C:\Documents and Settings\Local Service (I did not find it here either)
Local Settings C:\Documents and Settings\NetworkService
Local Settings C:\Windows\System32\config\systemprofile
_Local Settings C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Silverlight\is\h4u1f3he.fio\zke0ghus.ra3\1\s\i0bd3zrcnq34fgsyzcfxkf3wvuk2pdds03nm2f4dz30b23f20gaaafea\f (there are a total 4 such files, as this, including this one, in folders I cannot open, all the same through... \Silverlight\is, then, lots of letters and numbers, not identical to the one high lighted here)
And then lastly, a notepad:
Local Settings C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\bmxgz0yd.default\CT2790392
And, what's in this notepad:
True True True FULL True 129298377185919347 dec9f941-57f7-46a0-a0f9-1c1a3953d108 http://storage.conduit.com/92/279/CT2790392/Images/634220815653506250.png 10/7/2010 8:52:45 PM
http://storage.conduit.com/92/279/CT2790392/Images/634220815653506250.png
http://www.bittorrent.com True True True FULL True 129298377186075601 af128459-1dee-45a0-929f-df41ed9010b4 Main Menu http://storage.conduit.com/BankImages/Csilkset_plugin.gif MAIN_MENU TRUE
129295695672325896 223f938e-f1f4-4d6d-90ff-6b6840a58ef4 PUBLISHER TRUE TRUE Upgrade http://storage.conduit.com/images/main_menu_upgrade.gif Get the latest toolbar version 4.5.188.5 EB True True LINK http://BitTorrentBar.OurToolbar.com/Upgrade/?version=EB_TOOLBAR_VERSION 1000064 Tell a Friend http://storage.conduit.com/images/main_menu_tell_a_friend.gif EB True True LINK http://BitTorrentBar.OurToolbar.com/tellafriend/ 1000065 100000001 Help http://storage.conduit.com/images/main_menu_help.gif Help and Troubleshoot EB True True LINK http://BitTorrentBar.OurToolbar.com/Help/?version=EB_TOOLBAR_VERSION 1000067 Privacy http://storage.conduit.com/images/main_menu_privacy.gif Our privacy statement EB True True LINK http://BitTorrentBar.OurToolbar.com/Privacy/?version=EB_TOOLBAR_VERSION 1000068 Home Page http://storage.conduit.com/images/main_menu_home_page.gif Visit our website EB True FALSE COMMAND HOMEPAGE 1000069 About http://storage.conduit.com/images/main_menu_about.gif Toolbar information EB FALSE FALSE COMMAND ABOUT 1000070 Contact http://storage.conduit.com/images/main_menu_contact.gif EB True True LINK http://BitTorrentBar.OurToolbar.com/contact/ 1000071 100000002 Refresh Toolbar http://storage.conduit.com/images/main_menu_refresh.gif Check for published updates EB FALSE FALSE COMMAND REFRESH_TOOLBAR_VIEW 1000072 Clear Search History http://storage.conduit.com/images/main_menu_clear_history.gif Clear the toolbar's search-list history EB FALSE FALSE COMMAND DELETE_SEARCH_HISTORY 1000073 Shrink Toolbar http://storage.conduit.com/images/main_menu_shrink.gif Hide text labels EB FALSE FALSE COMMAND TOGGLE_COMMAND UNSHRINK_TOOLBARUnshrink Toolbar http://storage.conduit.com/images/main_menu_shrink.gif Show Text Labels SHRINK_TOOLBARShrink Toolbar http://storage.conduit.com/images/main_menu_shrink.gif Hide Text Labels 1000074 Toolbar Options http://storage.conduit.com/images/main_menu_options.gif EB FALSE FALSE COMMAND OPTIONS 1000075 www.google &q= utf-8 1000226 search.yahoo p= utf-8 1000227 search.msn q= utf-8 1000228 search.aol.com query= utf-8 1000229 www.ask.com q= utf-8 1000230 search.conduit.com q= utf-8 1000231 www.altavista.com q= utf-8 1000232 http://search.conduit.com/ResultsExt.aspx?ctid=EB_CTID&SearchSource=2&q=MYSEARCHTERM http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8 True True True FULL True 129298377186388102 fb6b29b9-42d0-4770-a75b-c38ec5a6355a Search http://storage.conduit.com/images/searchengines/search_icon.gif 10/13/2010 8:56:15 AM CAN_CHANGE_DEFAULT True Search http://storage.conduit.com/images/searchengines/go_btn_new.gif http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 UCM_SEARCH_TERM UTF-8 http://storage.conduit.com/images/SearchEngines/searchtheweb.gif Search TRUE EB TRUE http://storage.conduit.com/images/searchengines/search_icon.gif TRUE http://search.conduit.com/?ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 http://storage.conduit.com/images/searchengines/search_icon.gif 1000009 http://search.conduit.com/Results.aspx?si=EB_MAIN_FRAME_URL&q=UCM_SEARCH_TERM&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1&sts=true UCM_SEARCH_TERM http://search.conduit.com?ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 UTF-8 http://storage.conduit.com/images/searchengines/search_icon.gif Search This Site FALSE EB http://storage.conduit.com/images/SearchEngines/site_search.gif FALSE http://storage.conduit.com/images/SearchEngines/site_search_over.gif 1000000 http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&SearchType=SearchImages&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 http://search.conduit.com/Results.aspx?q=&SearchType=SearchImages&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 UCM_SEARCH_TERM UTF-8 http://storage.conduit.com/images/SearchEngines/images.gif Images FALSE EB http://storage.conduit.com/images/SearchEngines/images_search.gif FALSE http://storage.conduit.com/images/SearchEngines/images_over.gif 1000003 http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&SearchType=SearchVideos&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 http://search.conduit.com/Results.aspx?q=&SearchType=SearchVideos&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 UCM_SEARCH_TERM UTF-8 http://storage.conduit.com/images/SearchEngines/video.gif Videos FALSE EB http://storage.conduit.com/images/SearchEngines/video.gif FALSE http://storage.conduit.com/images/SearchEngines/video.gif 1000236 http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&SearchType=SearchNews&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 http://search.conduit.com/Results.aspx?q=&SearchType=SearchNews&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 UCM_SEARCH_TERM UTF-8 http://storage.conduit.com/images/SearchEngines/news.gif News FALSE EB http://storage.conduit.com/images/SearchEngines/news_icon.gif FALSE http://storage.conduit.com/images/SearchEngines/news_over.gif 1000004 http://www.thefreedictionary.com/_/search.aspx?Word=UCM_SEARCH_TERM&pid=aff59 http://www.thefreedictionary.com/_/search.aspx?Word=&pid=aff59 UCM_SEARCH_TERM UTF-8 http://storage.conduit.com/images/SearchEngines/tfd.gif Dictionary FALSE EB http://storage.conduit.com/images/SearchEngines/tfd.gif FALSE http://storage.conduit.com/images/SearchEngines/tfd.gif http://www.thefreedictionary.com/_/search/suggest.ashx?query=UCM_SEARCH_TERM&pid=aff59 1000001 http://www.softonic.com/s/UCM_SEARCH_TERM?ptn=conduit UCM_SEARCH_TERM http://www.softonic.com UTF-8 http://storage.conduit.com/images/searchengines/softonic.gif Software FALSE EB http://storage.conduit.com/images/searchengines/softonic.gif FALSE http://storage.conduit.com/images/searchengines/softonic.gif 1000235 True #FFFFFF 30 Weather Get notified of local weather all day long http://weather.services.conduit.com/weatherrequest.ctp http://search.conduit.com/ 1000234 http://BitTorrentBar.OurToolbar.com/help/#2_8 True True True FULL True 129298377186544355 65c8736d-50d6-497d-9e06-dbacd09df1f7 http://storage.conduit.com/BankImages/Facebook/Facebook.png 10/7/2010 10:41:00 PM http://facebook.conduit-services.com/Settings.ashx?locale=EB_LOCALE&browserType=EB_BROWSER_TYPE&toolbarVersion=EB_TOOLBAR_VERSION 86400 http://storage.conduit.com/92/279/CT2790392/Images/634220880607100000.png True 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 BUTTON_MENU E-mail Notifier http://storage.conduit.com/92/279/CT2790392/Images/634220879921318750.png Get notified of new e-mails Check for new e-mails Check your account(s) for new e-mails COMMAND EMAIL_NOTIFIER_CHECK_NOW 1000036 Settings Configure your e-mail account(s) COMMAND EMAIL_NOTIFIER_OPTIONS 1000037 1000038 1000035 http://emailnotifier.services.conduit.com/MailProvider/MailProvidersServices.asmx/GetSupportedMailProviders 86400 http://emailnotifier.services.conduit.com/MailProvider/MailProvidersServices.asmx/GetMailProvidersInfo 86400 http://emailnotifier.services.conduit.com/MailProvider/MailProvidersServices.asmx/ReportError 5 200 Get notified of new e-mails 1000034 http://BitTorrentBar.OurToolbar.com/help/#2_1 True True True FULL True 129298377187638111 f6149c17-cd5a-4498-8f7e-eebe5c559510 http://storage.conduit.com/92/279/CT2790392/Images/634226696708787500.png 10/14/2010 4:14:30 PM http://storage.conduit.com/92/279/CT2790392/Images/634226696708787500.png Launch BitTorrent APPLICATION client http://www.bittorrent.com User True True True FULL True 129309578575850709 4623dd68-2a81-48ba-8c3c-fe7de1ab89df http://storage.conduit.com/92/279/CT2790392/Images/634226702545975000.png 10/14/2010 4:24:14 PM http://storage.conduit.com/92/279/CT2790392/Images/634226702545975000.png YouTube POP_HTML http://youtube.conduitapps.com/v115/gadget.php?appMode=standard _SELF 483 535 0 0 False True True True User GADGET_URL True True True True FULL True 129313977501788460 fe7d98b8-b5df-4abb-b7b8-bcf9f9344b92 http://storage.conduit.com/92/279/CT2790392/Images/634225281783662500.png 10/13/2010 1:06:05 AM True True True FULL True 129313974171006416 3c128b41-545d-4ae7-b113-a835d3338001 CNN Recent News http://storage.conduit.com/92/279/CT2790392/Images/634225278165850000.png
CNN Recent News http://rss.cnn.com/rss/cnn_latest.rss 120 http://storage.conduit.com/92/279/CT2790392/Images/634225278165850000.png http://storage.conduit.com/92/279/CT2790392/Images/634225278170850000.png False False ADJUSTIVE CNN Recent News http://storage.conduit.com/92/279/CT2790392/Images/634225278165850000.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225278170850000.png CNN Recent News http://storage.conduit.com/92/279/CT2790392/Images/634225278165850000.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225278170850000.png True True True FULL True 129313975698350231 65130c39-5bba-439a-b16d-c3d607d47c8a Reuters http://storage.conduit.com/92/279/CT2790392/Images/634225279692725000.png
Reuters http://feeds.reuters.com/reuters/topNews 120 http://storage.conduit.com/92/279/CT2790392/Images/634225279692725000.png http://storage.conduit.com/92/279/CT2790392/Images/634225279697568750.png False False ADJUSTIVE Reuters http://storage.conduit.com/92/279/CT2790392/Images/634225279692725000.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225279697568750.png Reuters http://storage.conduit.com/92/279/CT2790392/Images/634225279692725000.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225279697568750.png True True True FULL True 129313976370850190 b4af310f-01a8-4aca-8a0d-2da4aae7f0f7 Google News USA http://storage.conduit.com/92/279/CT2790392/Images/634225280304131250.png
Google News USA http://news.google.nl/news?cf=all&ned=us&hl=en&topic=h&num=3&output=rss 120 http://storage.conduit.com/92/279/CT2790392/Images/634225280304131250.png http://storage.conduit.com/92/279/CT2790392/Images/634225280371162500.png False False ADJUSTIVE Google News USA http://storage.conduit.com/92/279/CT2790392/Images/634225280304131250.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225280371162500.png Google News USA http://storage.conduit.com/92/279/CT2790392/Images/634225280304131250.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225280371162500.png True True True FULL True 129313976648818968 c9e73888-53a3-4b3b-99e0-f6a13905213a CBC http://storage.conduit.com/92/279/CT2790392/Images/634225280643975000.png
CBC http://rss.cbc.ca/lineup/latest.xml 120 http://storage.conduit.com/92/279/CT2790392/Images/634225280643975000.png http://storage.conduit.com/92/279/CT2790392/Images/634225280648350000.png False False ADJUSTIVE CBC http://storage.conduit.com/92/279/CT2790392/Images/634225280643975000.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225280648350000.png CBC http://storage.conduit.com/92/279/CT2790392/Images/634225280643975000.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225280648350000.png True True True FULL True 129313977444757117 4363c93d-7803-45b1-982a-0a5c562ed714 BBC News http://storage.conduit.com/92/279/CT2790392/Images/634225281436162500.png
BBC News http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml 120 http://storage.conduit.com/92/279/CT2790392/Images/634225281436162500.png http://storage.conduit.com/92/279/CT2790392/Images/634225281443037500.png False False ADJUSTIVE BBC News http://storage.conduit.com/92/279/CT2790392/Images/634225281436162500.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225281443037500.png BBC News http://storage.conduit.com/92/279/CT2790392/Images/634225281436162500.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225281443037500.png True True True FULL True 129313980389131455 84e28cca-17a6-488b-adfb-1f778e552526 The Sun http://storage.conduit.com/92/279/CT2790392/Images/634225284383662500.png
The Sun http://www.thesun.co.uk/sol/homepage/feeds/rss/article312900.ece 120 http://storage.conduit.com/92/279/CT2790392/Images/634225284383662500.png http://storage.conduit.com/92/279/CT2790392/Images/634225284389131250.png False False ADJUSTIVE The Sun http://storage.conduit.com/92/279/CT2790392/Images/634225284383662500.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225284389131250.png The Sun http://storage.conduit.com/92/279/CT2790392/Images/634225284383662500.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225284389131250.png True True True FULL True 129313980655381977 be5cdbc0-f354-48a8-b46d-e2dc3c57ec9f News.com.au http://storage.conduit.com/92/279/CT2790392/Images/634225279948156250.png
News.com.au http://feeds.news.com.au/public/rss/2.0/news_breaking_news_32.xml 120 http://storage.conduit.com/92/279/CT2790392/Images/634225279948156250.png http://storage.conduit.com/92/279/CT2790392/Images/634225284655381250.png False False ADJUSTIVE News.com.au http://storage.conduit.com/92/279/CT2790392/Images/634225279948156250.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225284655381250.png News.com.au http://storage.conduit.com/92/279/CT2790392/Images/634225279948156250.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225284655381250.png True True True FULL True 129313980886163259 2768a5c5-c897-43c2-9487-aafff90a8d07 Worldpress http://storage.conduit.com/92/279/CT2790392/Images/634225284881631250.png
Worldpress http://worldpress.org/feeds/topstories.xml 120 http://storage.conduit.com/92/279/CT2790392/Images/634225284881631250.png http://storage.conduit.com/92/279/CT2790392/Images/634225284886006250.png False False ADJUSTIVE Worldpress http://storage.conduit.com/92/279/CT2790392/Images/634225284881631250.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225284886006250.png Worldpress http://storage.conduit.com/92/279/CT2790392/Images/634225284881631250.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225284886006250.png True True True FULL True 129313981234756535 22cdcf26-a0d9-4b49-b824-33668c0b3527 Yahoo World http://storage.conduit.com/92/279/CT2790392/Images/634225280526593750.png
Yahoo World http://rss.news.yahoo.com/rss/world 120 http://storage.conduit.com/92/279/CT2790392/Images/634225280526593750.png http://storage.conduit.com/92/279/CT2790392/Images/634225285234287500.png False False ADJUSTIVE Yahoo World http://storage.conduit.com/92/279/CT2790392/Images/634225280526593750.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225285234287500.png Yahoo World http://storage.conduit.com/92/279/CT2790392/Images/634225280526593750.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225285234287500.png True True True FULL True 129313983226631720 b0854ca7-0f17-47ad-afb5-86e703f6b1d7 Google News NL http://storage.conduit.com/92/279/CT2790392/Images/634225287181631250.png
Google News NL http://news.google.nl/news?pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss 120 http://storage.conduit.com/92/279/CT2790392/Images/634225287181631250.png http://storage.conduit.com/92/279/CT2790392/Images/634225287226943750.png False False ADJUSTIVE Google News NL http://storage.conduit.com/92/279/CT2790392/Images/634225287181631250.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225287226943750.png Google News NL http://storage.conduit.com/92/279/CT2790392/Images/634225287181631250.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225287226943750.png True True True FULL True 129313983607725691 9aeac742-1d90-4975-a3d1-f2038aff1c95 Google News France http://storage.conduit.com/92/279/CT2790392/Images/634225287547412500.png
Google News France http://news.google.nl/news?cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss 120 http://storage.conduit.com/92/279/CT2790392/Images/634225287547412500.png http://storage.conduit.com/92/279/CT2790392/Images/634225287607881250.png False False ADJUSTIVE Google News France http://storage.conduit.com/92/279/CT2790392/Images/634225287547412500.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225287607881250.png Google News France http://storage.conduit.com/92/279/CT2790392/Images/634225287547412500.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225287607881250.png http://storage.conduit.com/92/279/CT2790392/Images/634225281783662500.png ADJUSTIVE http://storage.conduit.com/92/279/CT2790392/Images/634225287651162500.png True True True FULL True 129309577647413174 50737f65-8163-438a-9fa7-8d4975d69939 Music http://storage.conduit.com/92/279/CT2790392/Images/634244833256762500.png 11/4/2010 4:02:05 PM Music http://storage.conduit.com/92/279/CT2790392/Images/634244833256762500.png POP_HTML http://listen.grooveshark.com/ _SELF 800 600 0 0 False True True True User GADGET_URL True True True True FULL True 129309565073350181 731225d8-0364-414f-9c47-fbc025e5d6d8 Games http://storage.conduit.com/92/279/CT2790392/Images/634226713903631250.png 11/18/2010 7:50:40 PM Games http://storage.conduit.com/92/279/CT2790392/Images/634226713903631250.png POP_HTML http://cdn.triplegames.com/shared/apps/gamearcade/arcade.htm?ctId=EB_TOOLBAR_ID _SELF 744 660 0 0 False True True True User GADGET_URL True True True True FULL True 129345773898037627 215c7334-e5d3-4334-b3f0-1a7d733445f1 11/18/2010 8:09:50 PM {5E1360DC-8FA8-40df-A8CD-FC3831B3634B} http://client.conduit-storage.com/plugins/pricegong/Download/{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}.cpi 60 1440 TRUE PriceGong Software Ltd True True True FULL True 129428949113825740 15615549-fb6f-4622-b29f-71b573a74e07 CouponBuddy http://storage.conduit.com/Images/ClientResources/mini_browser.gif 2/23/2011 2:35:11 AM http://socialgrowthtechnologies.com/couponbuddy_v002/index.php?ctid=EB_TOOLBAR_ID 24 False False 24 External Component True False 60 True True True http://BitTorrentBar.OurToolbar.com/notfound/?actid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&url=EB_MAIN_FRAME_URL True True True FULL True 129295695670763380 f727bcf5-f68c-4b31-ab9a-c0c141650188 9/24/2010 11:35:19 PM mailto:cmeek@bittorrent.com SYSTEM TRUE BitTorrentBar http://BitTorrentBar.OurToolbar.com/ http://BitTorrentBar.OurToolbar.com/ TRUE FALSE RW TRUE FALSE True True True True False False 3 TRUE TRUE http://search.conduit.com?SearchSource=10&ctid=CT2790392 http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392 BUTTON_MENU E-mail Notifier Get notified of new e-mails Check for new e-mails Check your account(s) for new e-mails COMMAND EMAIL_NOTIFIER_CHECK_NOW 1000036 Settings Configure your e-mail account(s) COMMAND EMAIL_NOTIFIER_OPTIONS 1000037 1000038 1000035 http://emailnotifier.services.conduit.com/MailProvider/MailProvidersServices.asmx/GetSupportedMailProviders 86400 http://emailnotifier.services.conduit.com/MailProvider/MailProvidersServices.asmx/GetMailProvidersInfo 86400 http://emailnotifier.services.conduit.com/MailProvider/MailProvidersServices.asmx/ReportError 5 200 Get notified of new e-mails 1000034 http://BitTorrentBar.OurToolbar.com/help/#2_1 BUTTON_MENU Enabled http://storage.conduit.com/bankimages/commandcomps/block.gif Click to disable the Pop-up Blocker TRUE Clear Browser Cache Clear the browser's cache memory COMMAND CLEAN_CACHE 1000077 Clear Browser History Clear the browser's visited websites history COMMAND CLEAN_HISTORY 1000078 Delete Browser Cookies Delete the browser's saved cookies COMMAND CLEAR_COOKIES 1000079 1000081 1000076 Activated Deactivated Enabled Disabled A pop-up was blocked Blocked Enable Popup Blocker Temporarily allow Pop-ups from this website Always allow Pop-ups from this website Always block Pop-ups from this website 1000080 30 Weather Get notified of local weather all day long http://weather.services.conduit.com/weatherrequest.ctp http://search.conduit.com/ 1000234 http://BitTorrentBar.OurToolbar.com/help/#2_8 FULL TRUE http://storage.conduit.com/images/ClientImages/radio.gif Radio Player 1440 30 http://radio.services.conduit.com/RadioRequest.ctp FALSE 1000082 http://BitTorrentBar.OurToolbar.com/help/#2_5 :emotion-7:
As you can imagine, I do not want to delete any of the above until I'm 100% sure I have the right file. Once I can find the precise file to delete, I can resume with your further instructions.
I was able to delete that file thanks to your sleuthing. I then followed through with the ESET scan. I did this with Internet Explorer. I disabled Antivir and Spyware Blaster but was unable to find a way to disable Malwarebytes and CCleaner. I ran the scan per your instructions but, after it finished, was unable to get the file to "Export to text file" or "Copy to Clipboard". So, here's everything that I found: ESET Scan Results Target: C:\ProgramFiles\Uniblue\RegistryBooster\registrybooster.exe Threat: Win32\RegistryBoosterapplication File name: *.txt Save as type: Text Files [*.txt] Threats Found! Scanned Files 88812 Infected Files 1 Cleaned Files 0 Total Scan Time 01:05:27 Scan Status Finished I checked the box 'Uninstall Application on Close.
So, I found this file exactly where ESET showed it to be and have done nothing with it. That's where I currently stand.
Normal 0 false false false MicrosoftInternetExplorer4
K27: If you have the time, would you please help me to further understand a few more things?
1) Can I delete 'HiJack This' and it’s log from my desktop now?
2) Also, do I just let the Registry issues keep piling up in CCleaner?
You wrote: “There is nothing jumping out from either HJT or the DDS logs.”
1) There are three items here, only on the first page of this report, that I have high lighted in yellow that seem to be listed twice. Should I be concerned about it? I have omitted all other pages for simplicity.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Bill at 14:11:51.40 on Sun 04/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional5.1.2600.3.1252.1.1033.18.1014.555 [GMT -4:00]
K27, 1) Below, under “System Restore Points,” there are “System Checkpoints” almost every day. Is this supposed to be like this? I may be confusing this with “System Restore.” (A simple yes or no will suffice.)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/3/2006 10:47:55 PM
System Uptime: 4/3/2011 12:43:23 PM (2 hours ago)
.
Motherboard: Dell Inc.|| 0WG261
Processor:Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
(Below, I have deleted pages, and portions of pages, that I have no questions about except for the following :)
1) Do Ihave bothWindows Internet Explorer 7 and Windows Internet Explorer 8 installed on my computer? If so, should I delete Windows Internet Explorer 7?
2) Do I have both Windows Media Player 10 and Windows Media Player 11 installed on my computer? If so, should I delete Windows Media Player 10?
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Service Pack 3
And then, the following Messages. Are they just a log of system failures 'from the past week?'
.
==== Event Viewer Messages From Past Week ========
.
4/1/2011 8:55:11 AM, error: DCOM [10005]- DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
3/30/2011 10:11:41 PM, error: DCOM [10005]- DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/30/2011 10:09:56 PM, error: Service Control Manager [7026]- The following boot-start or system-start driver(s) failed to load:Lbd
3/30/2011 10:09:48 PM, error: Service Control Manager [7000]- The Secunia Update Agent service failed to start due to the following error:The system cannot find the file specified. (…..seems to be a reason Secunia would not act right.)
.
==== End Of File ===========================
These questions are just for my understanding. If you do not have the time to explain, I fully understand.
If you have "Uniblue Registry Booster" installed, please uninstall it via "add/remove programs" in control panel and then delete the following folder, C:\ProgramFiles\Uniblue if you do not have Uniblue installed, then please just delete the folder.
1) Can I delete 'HiJack This' and it’s log from my desktop now?
Please leave all tools on the system until we are finished with the cleanup.
2) Also, do I just let the Registry issues keep piling up in CCleaner?
Leaving them is going to cause no harm, you can keep using registry cleaner if you like but I strongly advise against it. I have known all data to be lost from hard drives due to reg cleaners. Have empty registry keys is a lot safer than having needed ones deleted.
1) There are three items here, only on the first page of this report, that I have high lighted in yellow that seem to be listed twice. Should I be concerned about it? I have omitted all other pages for simplicity.
a) Many programs run through "svchost.exe and it is not uncommon for upto five or six instances of this to be seen in logs.
b) these two files, although both related to Avira, are named differently and are nothing to worry about.
c) The file cidaemon.exe is related to Microsoft Indexing and again, it is not uncommon to see more than one entry in a log.
1) Below, under “System Restore Points,” there are “System Checkpoints” almost every day. Is this supposed to be like this? I may be confusing this with “System Restore.” (A simple yes or no will suffice.)
Yes, these checkpoints are created by system restore at regular times and are better known as restore points.
1) Do I have both Windows Internet Explorer 7 and Windows Internet Explorer 8 installed on my computer? If so, should I delete Windows Internet Explorer 7?
2) Do I have both Windows Media Player 10 and Windows Media Player 11 installed on my computer? If so, should I delete Windows Media Player 10?
Both IE8 and Windows Media Player 11 both need the previous versions to be on the system before they can be installed, and if you like they kind of merge together, removing the earlier version of either program may damage the newer version beyond use. You would be ill advised to try and uninstall either.
And then, the following Messages. Are they just a log of system failures 'from the past week?'
Yes, they are the system logs from the last week and the reason that I asked for the Secunia folders to be deleted.
OK,
Please try reinstalling Secunia and see if the program will work correctly, then please post a fresh set of DDS logs and a status report on how the system is running.
Thanks for replying to all of my inquiries. Being obsessive compulsive, things have to make sense and be logical in my mind. Thanks to you and people like you, you make that happen. As for your comment about Registry Cleaners, "Leaving them is going to cause no harm, you can keep using registry cleaner if you like but I strongly advise against it. I have known all data to be lost from hard drives due to reg cleaners. Have empty registry keys is a lot safer than having needed ones deleted." - I never realized that could happen. I've been doing that for years now, quite regularly every day. Guess I'm very fortunate! But you helped me realize that truth about, "Have empty registry keys is a lot safer than having needed ones deleted."......! :emotion-2:
1) I got rid of Uniblue via the Programs file as it did not appear in the add/delete part of Control Panel. I never installed it (on purpose that is) and don't even know what it's about. No harm there.
2) I, unfortunately, had the same exact results as before when installing Secunia PSI. It just will not open up. I have left it 'as is' for now. All else is just fine.
3) Seems to me, some of this may have started when I tried updating all of the Adobe files. I always seem to have a problem with them.
. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/3/2006 10:47:55 PM System Uptime: 4/7/2011 8:39:42 AM (1 hours ago) . Motherboard: Dell Inc. | | 0WG261 Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 70 GiB total, 28.552 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP184: 1/7/2011 10:35:34 AM - System Checkpoint RP185: 1/8/2011 11:36:10 AM - System Checkpoint RP186: 1/9/2011 3:09:16 PM - System Checkpoint RP187: 1/10/2011 5:22:30 PM - System Checkpoint RP188: 1/11/2011 6:32:51 PM - System Checkpoint RP189: 1/12/2011 10:45:15 AM - Software Distribution Service 3.0 RP190: 1/12/2011 11:02:34 AM - Software Distribution Service 3.0 RP191: 1/13/2011 12:10:46 PM - System Checkpoint RP192: 1/14/2011 4:12:33 PM - System Checkpoint RP193: 1/15/2011 8:57:30 PM - System Checkpoint RP194: 1/17/2011 10:58:04 AM - System Checkpoint RP195: 1/18/2011 12:23:08 PM - System Checkpoint RP196: 1/19/2011 3:04:02 PM - System Checkpoint RP197: 1/20/2011 3:06:22 PM - System Checkpoint RP198: 1/21/2011 7:46:36 PM - System Checkpoint RP199: 1/22/2011 8:29:56 PM - System Checkpoint RP200: 1/23/2011 9:16:28 PM - System Checkpoint RP201: 1/24/2011 9:46:11 PM - System Checkpoint RP202: 1/26/2011 12:48:40 PM - System Checkpoint RP203: 1/27/2011 1:12:16 PM - Removed HiJackThis RP204: 1/28/2011 1:36:47 PM - System Checkpoint RP205: 1/29/2011 5:59:32 PM - System Checkpoint RP206: 1/31/2011 9:29:34 AM - System Checkpoint RP207: 2/1/2011 10:18:27 AM - System Checkpoint RP208: 2/2/2011 10:52:35 AM - System Checkpoint RP209: 2/3/2011 2:10:04 PM - System Checkpoint RP210: 2/4/2011 2:45:54 PM - System Checkpoint RP211: 2/5/2011 2:46:12 PM - System Checkpoint RP212: 2/6/2011 3:37:22 PM - System Checkpoint RP213: 2/7/2011 4:15:32 PM - System Checkpoint RP214: 2/8/2011 5:00:18 PM - System Checkpoint RP215: 2/9/2011 12:14:00 AM - Software Distribution Service 3.0 RP216: 2/10/2011 12:34:28 PM - System Checkpoint RP217: 2/11/2011 1:21:55 PM - System Checkpoint RP218: 2/12/2011 9:54:42 AM - Removed Adobe Reader 9.4.2. RP219: 2/12/2011 9:58:11 AM - Installed Adobe Reader X (10.0.1). RP220: 2/13/2011 12:49:03 PM - System Checkpoint RP221: 2/14/2011 1:35:40 PM - System Checkpoint RP222: 2/15/2011 8:00:52 AM - Software Distribution Service 3.0 RP223: 2/16/2011 10:54:21 AM - System Checkpoint RP224: 2/17/2011 11:20:46 AM - System Checkpoint RP225: 2/18/2011 11:50:03 AM - System Checkpoint RP226: 2/19/2011 8:31:01 AM - Removed Java(TM) 6 Update 22 RP227: 2/19/2011 8:31:42 AM - Installed Java(TM) 6 Update 24 RP228: 2/20/2011 6:32:53 PM - System Checkpoint RP229: 2/21/2011 10:47:52 PM - System Checkpoint RP230: 2/23/2011 12:18:09 PM - Software Distribution Service 3.0 RP231: 2/24/2011 5:08:29 PM - System Checkpoint RP232: 2/25/2011 5:51:28 PM - System Checkpoint RP233: 2/26/2011 6:21:44 PM - System Checkpoint RP234: 2/27/2011 8:49:41 PM - System Checkpoint RP235: 3/1/2011 3:25:23 PM - System Checkpoint RP236: 3/2/2011 3:41:43 PM - System Checkpoint RP237: 3/3/2011 4:19:37 PM - System Checkpoint RP238: 3/4/2011 4:52:26 PM - System Checkpoint RP239: 3/6/2011 9:42:22 PM - Installed iTunes RP240: 3/8/2011 6:34:01 PM - System Checkpoint RP241: 3/8/2011 10:19:50 PM - Software Distribution Service 3.0 RP242: 3/10/2011 8:23:50 AM - System Checkpoint RP243: 3/11/2011 5:15:20 PM - System Checkpoint RP244: 3/12/2011 7:47:04 PM - System Checkpoint RP245: 3/13/2011 9:06:18 PM - System Checkpoint RP246: 3/15/2011 12:21:22 PM - System Checkpoint RP247: 3/16/2011 12:24:17 PM - System Checkpoint RP248: 3/17/2011 2:50:22 PM - System Checkpoint RP249: 3/18/2011 4:32:57 PM - System Checkpoint RP250: 3/19/2011 4:49:33 PM - System Checkpoint RP251: 3/20/2011 5:36:45 PM - System Checkpoint RP252: 3/21/2011 6:18:08 PM - System Checkpoint RP253: 3/22/2011 6:24:46 PM - System Checkpoint RP254: 3/23/2011 6:29:18 PM - System Checkpoint RP255: 3/24/2011 11:05:35 AM - Software Distribution Service 3.0 RP256: 3/25/2011 4:15:21 PM - System Checkpoint RP257: 3/28/2011 1:29:41 PM - System Checkpoint RP258: 3/29/2011 3:11:47 PM - System Checkpoint RP259: 3/30/2011 3:57:41 PM - System Checkpoint RP260: 3/30/2011 10:36:03 PM - Installed HiJackThis RP261: 4/1/2011 4:58:38 PM - System Checkpoint RP262: 4/2/2011 5:01:33 PM - System Checkpoint RP263: 4/3/2011 5:07:29 PM - System Checkpoint RP264: 4/4/2011 5:21:53 PM - System Checkpoint RP265: 4/5/2011 6:08:37 PM - System Checkpoint RP266: 4/6/2011 7:09:53 PM - System Checkpoint . ==== Installed Programs ====================== . 123 Free Solitaire 924PLC32 ABBYY FineReader 6.0 Sprint Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop 7.0 Adobe Reader X (10.0.1) AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update Avira AntiVir Personal - Free Antivirus Blaze Audio RipEditBurn 2 Blaze Audio Wave Breaker Bonjour BufferChm CameraDrivers Canon Camera Access Library Canon Camera Support Core Library CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon MovieEdit Task for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon Utilities CameraWindow Canon Utilities CameraWindow DC Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.5 Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities MyCamera DC Canon Utilities PhotoStitch Canon Utilities RemoteCapture DC Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CCleaner Compatibility Pack for the 2007 Office system Create and Print Greeting Cards 1.0 CreativeProjects CreativeProjectsTemplates CueTour Dell Digital Jukebox Driver Dell Driver Download Manager Dell Driver Download Manager - 1 Dell Driver Reset Tool Dell Game Console Dell Photo AIO Printer 924 Dell Support 3.1 Dell System Restore DellConnect Destinations Digital Content Portal Director DVD Flick 1.3.0.7 EducateU Google AFE Google Desktop Google Toolbar for Internet Explorer Google Update Helper Google Updater HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB954550-v5) HP Image Zone 4.5 HP Photosmart Cameras 4.5 HP Product Assistant HP Software Update HPSystemDiagnostics ImgBurn InstantShare Intel(R) 537EP V9x DF PCI Modem Intel(R) Graphics Media Accelerator Driver Intel(R) PRO Network Connections Drivers Intel(R) PROSet for Wired Connections iPod for Windows 2005-09-23 iTunes Jasc Paint Shop Pro Studio GDI+ Patch Jasc Paint Shop Pro Studio, Dell Editon Jasc Paint Shop Pro Studio.01 , Dell Edition Patch Java Auto Updater Java(TM) 6 Update 24 Learn2 Player (Uninstall Only) Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Greetings 2001 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office Basic Edition 2003 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office XP Web Components Microsoft Picture It! Photo Premium 9 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Microsoft Works 2004 Setup Launcher Modem Event Monitor Modem Helper Modem On Hold Move Media Player MovieEdit Task Mozilla Firefox 4.0 (x86 en-US) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Musicmatch for Windows Media Player Musicmatch® Jukebox OE-Mail Recovery 1.7 Otto PanoStandAlone PhotoGallery PowerDVD 5.3 QFolder QuickTime RAW Image Task 1.2 RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Repair Tool for Outlook Express v.1.7.0 Secunia PSI (2.0.0.3001) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923689) ShareIns Shockwave SkinsHP1 Sonic Audio module Sonic Copy Module Sonic Data Module Sonic DLA Sonic Encoders Sonic Express Labeler Sonic MyDVD Sonic RecordNow! Sonic Update Manager SpywareBlaster 4.4 TrayApp Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB982632) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Voyetra Record Producer Watchtower Library 2010 - English WebCyberCoach 3.2 Dell WebFldrs XP WebReg WildTangent Web Driver Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 4/1/2011 8:24:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd 4/1/2011 11:17:33 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} 4/1/2011 11:07:13 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983} . ==== End Of File ===========================
Thank you again for your time and help. I couldn't do this without it. :emotion-42:
This is not malware related, but lets see if we can get you up and running with Secunia,
Run the online version of Secunia, which will test all the programs on your system for security vunralbilities. Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.
You will also see a process indicator that looks like this: ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. You will have a link next to all the programs on you system that need updating, please install these updates one by one until no more are showing.
Once all the updates for everything showing with the online version are completed, try installing Secunia again and see if it completes.
Nothing showed up in the Secunia scan as needing updating. I used the link to install Secunia and it asked if I wanted to replace the one on my computer. So I let it uninstall it and reinstall it and it still just flashes a white blank page and returns to my desktop. I have noticed, in my bottom tool bar, the Secunia emblem, but it's not the red color it usually is. It's gold in color now. I'll leave it alone till I hear back from you.
1) Please go to "Start > All Programs > Secunia > and see if the program will open that way.
2) If the above does not work, please go to Add/Remove Programs and then uninstall Secunia and Adobe Flash Player and Adobe Reader the reboot the system
Sorry to be a pain. Same results as before. During every installation attempt, including this one, about half way through I've noticed 'something' flash on my screen, but it's gone before I can read it. Don't think it's anything, but thought I would mention it.
BTW, I uninstalled Adobe Flash Player Active X and Adobe Flash Player Plugin and Adobe Air.
Everything still remains on my desktop: Hijack This, DDS, Text and Attach, Mbam. It does not bother me, just thought I'd remind you! :emotion-1:
Please leave the tools in place for now, they contain backups should we need them, we will remove them all once we are done.
Please delete the installer for Secunia that you have saved to the desktop and then please run CCleaner. All the settings will be in place from the first time I asked for the tool to be run. This will clear any temp files that the failed install may have created.
Then using a different browser, If you used IE to download the Secunia installer, please use Firefox this time, and vise versa. Save the installed to the desktop and then try running it again.
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
April 3rd, 2011 03:00
Hi Catoomba,
Welcome to Dell Community Malware Removal Forums,
Sorry for the delay in getting to you, I'm K27 and i will be reviewing your log for you.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.
Failure to reply in three (3) days will result in this topic being closed and I will remove it from my notifications, If you require more time then that is fine but please let me know.
Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
In the Applications Tab:
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
Then Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
MBAM will automatically start and you will be asked to update the program before performing a scan.
On the Scanner tab:
Back at the main Scanner screen:
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
I then need to see some additional information about what is happening in your machine.
Please perform the following scan:
1. DDS.txt
2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
Please copy/paste back the MBAM log and BOTH DDS logs for review.
Thanks.
catoomba
62 Posts
0
April 3rd, 2011 12:00
Hi K27,
I have done exactly what you instructed me to do and have the results. May I ask:
1) Is there anything I should be concerned about in my "Hi-Jack This log"?
2) In "CCleaner", I did not do it this time as I'm trying to follow your instructions to the letter, I will always run the "Registry Scan" feature of it immediately after using the "Run Cleaner" button. In future times, should I be doing this?
3) If the questions are irrelevant to this fix, please just let me know.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6257
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/3/2011 1:59:37 PM
mbam-log-2011-04-03 (13-59-37).txt
Scan type: Quick scan
Objects scanned: 169849
Time elapsed: 7 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Bill at 14:11:51.40 on Sun 04/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.555 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Bill\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139782755687
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup163.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\bill\applic~1\mozilla\firefox\profiles\bmxgz0yd.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\bill\application data\mozilla\firefox\profiles\bmxgz0yd.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\bill\application data\mozilla\firefox\profiles\bmxgz0yd.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\bill\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\bill\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-17 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-17 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-17 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-29 61960]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-7 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-12-29 30192]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-03 17:50:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-03 17:50:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-03 17:50:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-03 17:12:22 -------- d-----w- c:\program files\CCleaner
2011-04-01 19:06:44 388096 ----a-r- c:\docume~1\bill\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-01 18:15:07 -------- d-----w- c:\program files\Secunia
2011-04-01 15:17:32 -------- d-----w- c:\docume~1\bill\locals~1\applic~1\Secunia PSI
2011-03-29 03:20:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-29 03:20:13 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-29 03:20:13 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-29 03:20:13 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-29 03:20:13 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-29 03:20:13 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-29 03:20:13 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-29 03:20:13 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-07 02:45:08 -------- d-----w- c:\program files\iTunes
2011-03-07 02:41:37 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-03-07 02:41:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-03-07 02:41:03 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-02-19 13:31:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-19 13:31:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-28 21:34:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 14:12:05.78 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/3/2006 10:47:55 PM
System Uptime: 4/3/2011 12:43:23 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0WG261
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 28.629 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP181: 1/3/2011 2:49:02 PM - System Checkpoint
RP182: 1/4/2011 4:40:12 PM - System Checkpoint
RP183: 1/6/2011 10:10:31 AM - System Checkpoint
RP184: 1/7/2011 10:35:34 AM - System Checkpoint
RP185: 1/8/2011 11:36:10 AM - System Checkpoint
RP186: 1/9/2011 3:09:16 PM - System Checkpoint
RP187: 1/10/2011 5:22:30 PM - System Checkpoint
RP188: 1/11/2011 6:32:51 PM - System Checkpoint
RP189: 1/12/2011 10:45:15 AM - Software Distribution Service 3.0
RP190: 1/12/2011 11:02:34 AM - Software Distribution Service 3.0
RP191: 1/13/2011 12:10:46 PM - System Checkpoint
RP192: 1/14/2011 4:12:33 PM - System Checkpoint
RP193: 1/15/2011 8:57:30 PM - System Checkpoint
RP194: 1/17/2011 10:58:04 AM - System Checkpoint
RP195: 1/18/2011 12:23:08 PM - System Checkpoint
RP196: 1/19/2011 3:04:02 PM - System Checkpoint
RP197: 1/20/2011 3:06:22 PM - System Checkpoint
RP198: 1/21/2011 7:46:36 PM - System Checkpoint
RP199: 1/22/2011 8:29:56 PM - System Checkpoint
RP200: 1/23/2011 9:16:28 PM - System Checkpoint
RP201: 1/24/2011 9:46:11 PM - System Checkpoint
RP202: 1/26/2011 12:48:40 PM - System Checkpoint
RP203: 1/27/2011 1:12:16 PM - Removed HiJackThis
RP204: 1/28/2011 1:36:47 PM - System Checkpoint
RP205: 1/29/2011 5:59:32 PM - System Checkpoint
RP206: 1/31/2011 9:29:34 AM - System Checkpoint
RP207: 2/1/2011 10:18:27 AM - System Checkpoint
RP208: 2/2/2011 10:52:35 AM - System Checkpoint
RP209: 2/3/2011 2:10:04 PM - System Checkpoint
RP210: 2/4/2011 2:45:54 PM - System Checkpoint
RP211: 2/5/2011 2:46:12 PM - System Checkpoint
RP212: 2/6/2011 3:37:22 PM - System Checkpoint
RP213: 2/7/2011 4:15:32 PM - System Checkpoint
RP214: 2/8/2011 5:00:18 PM - System Checkpoint
RP215: 2/9/2011 12:14:00 AM - Software Distribution Service 3.0
RP216: 2/10/2011 12:34:28 PM - System Checkpoint
RP217: 2/11/2011 1:21:55 PM - System Checkpoint
RP218: 2/12/2011 9:54:42 AM - Removed Adobe Reader 9.4.2.
RP219: 2/12/2011 9:58:11 AM - Installed Adobe Reader X (10.0.1).
RP220: 2/13/2011 12:49:03 PM - System Checkpoint
RP221: 2/14/2011 1:35:40 PM - System Checkpoint
RP222: 2/15/2011 8:00:52 AM - Software Distribution Service 3.0
RP223: 2/16/2011 10:54:21 AM - System Checkpoint
RP224: 2/17/2011 11:20:46 AM - System Checkpoint
RP225: 2/18/2011 11:50:03 AM - System Checkpoint
RP226: 2/19/2011 8:31:01 AM - Removed Java(TM) 6 Update 22
RP227: 2/19/2011 8:31:42 AM - Installed Java(TM) 6 Update 24
RP228: 2/20/2011 6:32:53 PM - System Checkpoint
RP229: 2/21/2011 10:47:52 PM - System Checkpoint
RP230: 2/23/2011 12:18:09 PM - Software Distribution Service 3.0
RP231: 2/24/2011 5:08:29 PM - System Checkpoint
RP232: 2/25/2011 5:51:28 PM - System Checkpoint
RP233: 2/26/2011 6:21:44 PM - System Checkpoint
RP234: 2/27/2011 8:49:41 PM - System Checkpoint
RP235: 3/1/2011 3:25:23 PM - System Checkpoint
RP236: 3/2/2011 3:41:43 PM - System Checkpoint
RP237: 3/3/2011 4:19:37 PM - System Checkpoint
RP238: 3/4/2011 4:52:26 PM - System Checkpoint
RP239: 3/6/2011 9:42:22 PM - Installed iTunes
RP240: 3/8/2011 6:34:01 PM - System Checkpoint
RP241: 3/8/2011 10:19:50 PM - Software Distribution Service 3.0
RP242: 3/10/2011 8:23:50 AM - System Checkpoint
RP243: 3/11/2011 5:15:20 PM - System Checkpoint
RP244: 3/12/2011 7:47:04 PM - System Checkpoint
RP245: 3/13/2011 9:06:18 PM - System Checkpoint
RP246: 3/15/2011 12:21:22 PM - System Checkpoint
RP247: 3/16/2011 12:24:17 PM - System Checkpoint
RP248: 3/17/2011 2:50:22 PM - System Checkpoint
RP249: 3/18/2011 4:32:57 PM - System Checkpoint
RP250: 3/19/2011 4:49:33 PM - System Checkpoint
RP251: 3/20/2011 5:36:45 PM - System Checkpoint
RP252: 3/21/2011 6:18:08 PM - System Checkpoint
RP253: 3/22/2011 6:24:46 PM - System Checkpoint
RP254: 3/23/2011 6:29:18 PM - System Checkpoint
RP255: 3/24/2011 11:05:35 AM - Software Distribution Service 3.0
RP256: 3/25/2011 4:15:21 PM - System Checkpoint
RP257: 3/28/2011 1:29:41 PM - System Checkpoint
RP258: 3/29/2011 3:11:47 PM - System Checkpoint
RP259: 3/30/2011 3:57:41 PM - System Checkpoint
RP260: 3/30/2011 10:36:03 PM - Installed HiJackThis
RP261: 4/1/2011 4:58:38 PM - System Checkpoint
RP262: 4/2/2011 5:01:33 PM - System Checkpoint
.
==== Installed Programs ======================
.
123 Free Solitaire
924PLC32
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.0.1)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Blaze Audio RipEditBurn 2
Blaze Audio Wave Breaker
Bonjour
BufferChm
CameraDrivers
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Compatibility Pack for the 2007 Office system
Create and Print Greeting Cards 1.0
CreativeProjects
CreativeProjectsTemplates
CueTour
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Download Manager - 1
Dell Driver Reset Tool
Dell Game Console
Dell Photo AIO Printer 924
Dell Support 3.1
Dell System Restore
DellConnect
Destinations
Digital Content Portal
Director
DVD Flick 1.3.0.7
EducateU
ESET Online Scanner v3
Google AFE
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
HP Image Zone 4.5
HP Photosmart Cameras 4.5
HP Product Assistant
HP Software Update
HPSystemDiagnostics
ImgBurn
InstantShare
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iPod for Windows 2005-09-23
iTunes
Jasc Paint Shop Pro Studio GDI+ Patch
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition Patch
Java Auto Updater
Java(TM) 6 Update 24
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Greetings 2001
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Web Components
Microsoft Picture It! Photo Premium 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft Works 2004 Setup Launcher
Modem Event Monitor
Modem Helper
Modem On Hold
Move Media Player
MovieEdit Task
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
OE-Mail Recovery 1.7
Otto
PanoStandAlone
PhotoGallery
PowerDVD 5.3
QFolder
QuickTime
RAW Image Task 1.2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Repair Tool for Outlook Express v.1.7.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923689)
ShareIns
Shockwave
SkinsHP1
Sonic Audio module
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SpywareBlaster 4.4
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2467659)
Update for Windows XP (KB971029)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Voyetra Record Producer
Watchtower Library 2010 - English
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
4/1/2011 8:55:11 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
3/30/2011 10:11:41 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/30/2011 10:09:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
3/30/2011 10:09:48 PM, error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
Thank You
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
April 5th, 2011 14:00
Hi,
First to answer your questions,
Unfortantly, HJT does not see everything, this is the reason that we ask for tools that provide a much more indepth look at the system. There is nothing jumping out from either HJT or the DDS logs.
Please do not use any type of registry cleaner during the fix and I strongly advise against running them at any other time, They are renowned for removing legitimate keys that the systems relies on to operate correctly, if the wrong this was removed, the machine could become nothing more than an expensive paperweight.
Any questions that you may have, please ask away, thats what I am here for. If I can answer, I will.
Lets do this:
Please navigate to and delete this folder:
c:\program files\Secunia
And then please navigate to and delete this file:
c:\documents and settings\bill\localsettings\application data\Secunia PSI
Then please disable Avira and run an online scan:
Go here to run an online scannner from ESET.
Thanks
catoomba
62 Posts
0
April 6th, 2011 09:00
Hi K27 and thanks so much for your help.
I have run into a snag. I was able to delete c:\program files\Secunia however, I could not find c:\documents and settings\bill\localsettings\application data\Secunia PSI. I seem to be missing the \local settings\ part of this. I looked in the immediately surrounding folders and it was not in them either. I did find the following when I did a 'Search All Files and Folders':
Local Settings C:\Documents and Settings\Administrator
Local Settings C:\Documents and Settings\Bill (Although I did not find it there)
Local Settings C:\Documents and Settings\Default User
Local Settings C:\Documents and Settings\Local Service (I did not find it here either)
Local Settings C:\Documents and Settings\NetworkService
Local Settings C:\Windows\System32\config\systemprofile
_Local Settings C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Silverlight\is\h4u1f3he.fio\zke0ghus.ra3\1\s\i0bd3zrcnq34fgsyzcfxkf3wvuk2pdds03nm2f4dz30b23f20gaaafea\f (there are a total 4 such files, as this, including this one, in folders I cannot open, all the same through... \Silverlight\is, then, lots of letters and numbers, not identical to the one high lighted here)
And then lastly, a notepad:
Local Settings C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\bmxgz0yd.default\CT2790392
And, what's in this notepad:
True True True FULL True 129298377185919347 dec9f941-57f7-46a0-a0f9-1c1a3953d108 http://storage.conduit.com/92/279/CT2790392/Images/634220815653506250.png 10/7/2010 8:52:45 PM
http://storage.conduit.com/92/279/CT2790392/Images/634220815653506250.png
http://www.bittorrent.com True True True FULL True 129298377186075601 af128459-1dee-45a0-929f-df41ed9010b4 Main Menu http://storage.conduit.com/BankImages/Csilkset_plugin.gif MAIN_MENU TRUE
129295695672325896 223f938e-f1f4-4d6d-90ff-6b6840a58ef4 PUBLISHER TRUE TRUE Upgrade http://storage.conduit.com/images/main_menu_upgrade.gif Get the latest toolbar version 4.5.188.5 EB True True LINK http://BitTorrentBar.OurToolbar.com/Upgrade/?version=EB_TOOLBAR_VERSION 1000064 Tell a Friend http://storage.conduit.com/images/main_menu_tell_a_friend.gif EB True True LINK http://BitTorrentBar.OurToolbar.com/tellafriend/ 1000065 100000001 Help http://storage.conduit.com/images/main_menu_help.gif Help and Troubleshoot EB True True LINK http://BitTorrentBar.OurToolbar.com/Help/?version=EB_TOOLBAR_VERSION 1000067 Privacy http://storage.conduit.com/images/main_menu_privacy.gif Our privacy statement EB True True LINK http://BitTorrentBar.OurToolbar.com/Privacy/?version=EB_TOOLBAR_VERSION 1000068 Home Page http://storage.conduit.com/images/main_menu_home_page.gif Visit our website EB True FALSE COMMAND HOMEPAGE 1000069 About http://storage.conduit.com/images/main_menu_about.gif Toolbar information EB FALSE FALSE COMMAND ABOUT 1000070 Contact http://storage.conduit.com/images/main_menu_contact.gif EB True True LINK http://BitTorrentBar.OurToolbar.com/contact/ 1000071 100000002 Refresh Toolbar http://storage.conduit.com/images/main_menu_refresh.gif Check for published updates EB FALSE FALSE COMMAND REFRESH_TOOLBAR_VIEW 1000072 Clear Search History http://storage.conduit.com/images/main_menu_clear_history.gif Clear the toolbar's search-list history EB FALSE FALSE COMMAND DELETE_SEARCH_HISTORY 1000073 Shrink Toolbar http://storage.conduit.com/images/main_menu_shrink.gif Hide text labels EB FALSE FALSE COMMAND TOGGLE_COMMAND UNSHRINK_TOOLBARUnshrink Toolbar http://storage.conduit.com/images/main_menu_shrink.gif Show Text Labels SHRINK_TOOLBARShrink Toolbar http://storage.conduit.com/images/main_menu_shrink.gif Hide Text Labels 1000074 Toolbar Options http://storage.conduit.com/images/main_menu_options.gif EB FALSE FALSE COMMAND OPTIONS 1000075 www.google &q= utf-8 1000226 search.yahoo p= utf-8 1000227 search.msn q= utf-8 1000228 search.aol.com query= utf-8 1000229 www.ask.com q= utf-8 1000230 search.conduit.com q= utf-8 1000231 www.altavista.com q= utf-8 1000232 http://search.conduit.com/ResultsExt.aspx?ctid=EB_CTID&SearchSource=2&q=MYSEARCHTERM http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8 True True True FULL True 129298377186388102 fb6b29b9-42d0-4770-a75b-c38ec5a6355a Search http://storage.conduit.com/images/searchengines/search_icon.gif 10/13/2010 8:56:15 AM CAN_CHANGE_DEFAULT True Search http://storage.conduit.com/images/searchengines/go_btn_new.gif http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 UCM_SEARCH_TERM UTF-8 http://storage.conduit.com/images/SearchEngines/searchtheweb.gif Search TRUE EB TRUE http://storage.conduit.com/images/searchengines/search_icon.gif TRUE http://search.conduit.com/?ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 http://storage.conduit.com/images/searchengines/search_icon.gif 1000009 http://search.conduit.com/Results.aspx?si=EB_MAIN_FRAME_URL&q=UCM_SEARCH_TERM&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1&sts=true UCM_SEARCH_TERM http://search.conduit.com?ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 UTF-8 http://storage.conduit.com/images/searchengines/search_icon.gif Search This Site FALSE EB http://storage.conduit.com/images/SearchEngines/site_search.gif FALSE http://storage.conduit.com/images/SearchEngines/site_search_over.gif 1000000 http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&SearchType=SearchImages&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 http://search.conduit.com/Results.aspx?q=&SearchType=SearchImages&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 UCM_SEARCH_TERM UTF-8 http://storage.conduit.com/images/SearchEngines/images.gif Images FALSE EB http://storage.conduit.com/images/SearchEngines/images_search.gif FALSE http://storage.conduit.com/images/SearchEngines/images_over.gif 1000003 http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&SearchType=SearchVideos&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 http://search.conduit.com/Results.aspx?q=&SearchType=SearchVideos&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 UCM_SEARCH_TERM UTF-8 http://storage.conduit.com/images/SearchEngines/video.gif Videos FALSE EB http://storage.conduit.com/images/SearchEngines/video.gif FALSE http://storage.conduit.com/images/SearchEngines/video.gif 1000236 http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&SearchType=SearchNews&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 http://search.conduit.com/Results.aspx?q=&SearchType=SearchNews&ctid=CT2790392&octid=EB_ORIGINAL_CTID&SearchSource=1 UCM_SEARCH_TERM UTF-8 http://storage.conduit.com/images/SearchEngines/news.gif News FALSE EB http://storage.conduit.com/images/SearchEngines/news_icon.gif FALSE http://storage.conduit.com/images/SearchEngines/news_over.gif 1000004 http://www.thefreedictionary.com/_/search.aspx?Word=UCM_SEARCH_TERM&pid=aff59 http://www.thefreedictionary.com/_/search.aspx?Word=&pid=aff59 UCM_SEARCH_TERM UTF-8 http://storage.conduit.com/images/SearchEngines/tfd.gif Dictionary FALSE EB http://storage.conduit.com/images/SearchEngines/tfd.gif FALSE http://storage.conduit.com/images/SearchEngines/tfd.gif http://www.thefreedictionary.com/_/search/suggest.ashx?query=UCM_SEARCH_TERM&pid=aff59 1000001 http://www.softonic.com/s/UCM_SEARCH_TERM?ptn=conduit UCM_SEARCH_TERM http://www.softonic.com UTF-8 http://storage.conduit.com/images/searchengines/softonic.gif Software FALSE EB http://storage.conduit.com/images/searchengines/softonic.gif FALSE http://storage.conduit.com/images/searchengines/softonic.gif 1000235 True #FFFFFF 30 Weather Get notified of local weather all day long http://weather.services.conduit.com/weatherrequest.ctp http://search.conduit.com/ 1000234 http://BitTorrentBar.OurToolbar.com/help/#2_8 True True True FULL True 129298377186544355 65c8736d-50d6-497d-9e06-dbacd09df1f7 http://storage.conduit.com/BankImages/Facebook/Facebook.png 10/7/2010 10:41:00 PM http://facebook.conduit-services.com/Settings.ashx?locale=EB_LOCALE&browserType=EB_BROWSER_TYPE&toolbarVersion=EB_TOOLBAR_VERSION 86400 http://storage.conduit.com/92/279/CT2790392/Images/634220880607100000.png True 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 5.3.0.0 2.5.2.10 BUTTON_MENU E-mail Notifier http://storage.conduit.com/92/279/CT2790392/Images/634220879921318750.png Get notified of new e-mails Check for new e-mails Check your account(s) for new e-mails COMMAND EMAIL_NOTIFIER_CHECK_NOW 1000036 Settings Configure your e-mail account(s) COMMAND EMAIL_NOTIFIER_OPTIONS 1000037 1000038 1000035 http://emailnotifier.services.conduit.com/MailProvider/MailProvidersServices.asmx/GetSupportedMailProviders 86400 http://emailnotifier.services.conduit.com/MailProvider/MailProvidersServices.asmx/GetMailProvidersInfo 86400 http://emailnotifier.services.conduit.com/MailProvider/MailProvidersServices.asmx/ReportError 5 200 Get notified of new e-mails 1000034 http://BitTorrentBar.OurToolbar.com/help/#2_1 True True True FULL True 129298377187638111 f6149c17-cd5a-4498-8f7e-eebe5c559510 http://storage.conduit.com/92/279/CT2790392/Images/634226696708787500.png 10/14/2010 4:14:30 PM http://storage.conduit.com/92/279/CT2790392/Images/634226696708787500.png Launch BitTorrent APPLICATION client http://www.bittorrent.com User True True True FULL True 129309578575850709 4623dd68-2a81-48ba-8c3c-fe7de1ab89df http://storage.conduit.com/92/279/CT2790392/Images/634226702545975000.png 10/14/2010 4:24:14 PM http://storage.conduit.com/92/279/CT2790392/Images/634226702545975000.png YouTube POP_HTML http://youtube.conduitapps.com/v115/gadget.php?appMode=standard _SELF 483 535 0 0 False True True True User GADGET_URL True True True True FULL True 129313977501788460 fe7d98b8-b5df-4abb-b7b8-bcf9f9344b92 http://storage.conduit.com/92/279/CT2790392/Images/634225281783662500.png 10/13/2010 1:06:05 AM True True True FULL True 129313974171006416 3c128b41-545d-4ae7-b113-a835d3338001 CNN Recent News http://storage.conduit.com/92/279/CT2790392/Images/634225278165850000.pngAs you can imagine, I do not want to delete any of the above until I'm 100% sure I have the right file. Once I can find the precise file to delete, I can resume with your further instructions.
Much Thanks
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
April 6th, 2011 13:00
Hi,
Sorry, I forgot to say that the file was in a hidden folder. My fault.
Please open any Windows Explorer window such as "My Computer" or "My Documents", any will do.
Then please navigate to and delete the following file
c:\documents and settings\bill\localsettings\application data\Secunia PSI
That should allow you to find the file.
Thanks,.
catoomba
62 Posts
0
April 6th, 2011 19:00
K27,
I was able to delete that file thanks to your sleuthing. I then followed through with the ESET scan. I did this with Internet Explorer. I disabled Antivir and Spyware Blaster but was unable to find a way to disable Malwarebytes and CCleaner. I ran the scan per your instructions but, after it finished, was unable to get the file to "Export to text file" or "Copy to Clipboard". So, here's everything that I found: ESET Scan Results Target: C:\ProgramFiles\Uniblue\RegistryBooster\registrybooster.exe Threat: Win32\RegistryBoosterapplication File name: *.txt Save as type: Text Files [*.txt] Threats Found! Scanned Files 88812 Infected Files 1 Cleaned Files 0 Total Scan Time 01:05:27 Scan Status Finished I checked the box 'Uninstall Application on Close.
So, I found this file exactly where ESET showed it to be and have done nothing with it. That's where I currently stand.
Normal 0 false false false MicrosoftInternetExplorer4
K27: If you have the time, would you please help me to further understand a few more things?
1) Can I delete 'HiJack This' and it’s log from my desktop now?
2) Also, do I just let the Registry issues keep piling up in CCleaner?
You wrote: “There is nothing jumping out from either HJT or the DDS logs.”
1) There are three items here, only on the first page of this report, that I have high lighted in yellow that seem to be listed twice. Should I be concerned about it? I have omitted all other pages for simplicity.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Bill at 14:11:51.40 on Sun 04/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.555 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Bill\Desktop\dds.com
K27, 1) Below, under “System Restore Points,” there are “System Checkpoints” almost every day. Is this supposed to be like this? I may be confusing this with “System Restore.” (A simple yes or no will suffice.)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/3/2006 10:47:55 PM
System Uptime: 4/3/2011 12:43:23 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0WG261
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 28.629 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP181: 1/3/2011 2:49:02 PM - System Checkpoint
RP182: 1/4/2011 4:40:12 PM - System Checkpoint
RP183: 1/6/2011 10:10:31 AM - System Checkpoint
RP184: 1/7/2011 10:35:34 AM - System Checkpoint
RP185: 1/8/2011 11:36:10 AM - System Checkpoint
RP186: 1/9/2011 3:09:16 PM - System Checkpoint
RP187: 1/10/2011 5:22:30 PM - System Checkpoint
RP188: 1/11/2011 6:32:51 PM - System Checkpoint
RP189: 1/12/2011 10:45:15 AM - Software Distribution Service 3.0
RP190: 1/12/2011 11:02:34 AM - Software Distribution Service 3.0
RP191: 1/13/2011 12:10:46 PM - System Checkpoint
RP192: 1/14/2011 4:12:33 PM - System Checkpoint
RP193: 1/15/2011 8:57:30 PM - System Checkpoint
RP194: 1/17/2011 10:58:04 AM - System Checkpoint
RP195: 1/18/2011 12:23:08 PM - System Checkpoint
RP196: 1/19/2011 3:04:02 PM - System Checkpoint
RP197: 1/20/2011 3:06:22 PM - System Checkpoint
RP198: 1/21/2011 7:46:36 PM - System Checkpoint
RP199: 1/22/2011 8:29:56 PM - System Checkpoint
RP200: 1/23/2011 9:16:28 PM - System Checkpoint
RP201: 1/24/2011 9:46:11 PM - System Checkpoint
RP202: 1/26/2011 12:48:40 PM - System Checkpoint
RP203: 1/27/2011 1:12:16 PM - Removed HiJackThis
RP204: 1/28/2011 1:36:47 PM - System Checkpoint
RP205: 1/29/2011 5:59:32 PM - System Checkpoint
RP206: 1/31/2011 9:29:34 AM - System Checkpoint
RP207: 2/1/2011 10:18:27 AM - System Checkpoint
RP208: 2/2/2011 10:52:35 AM - System Checkpoint
RP209: 2/3/2011 2:10:04 PM - System Checkpoint
RP210: 2/4/2011 2:45:54 PM - System Checkpoint
RP211: 2/5/2011 2:46:12 PM - System Checkpoint
RP212: 2/6/2011 3:37:22 PM - System Checkpoint
RP213: 2/7/2011 4:15:32 PM - System Checkpoint
RP214: 2/8/2011 5:00:18 PM - System Checkpoint
RP215: 2/9/2011 12:14:00 AM - Software Distribution Service 3.0
RP216: 2/10/2011 12:34:28 PM - System Checkpoint
RP217: 2/11/2011 1:21:55 PM - System Checkpoint
RP218: 2/12/2011 9:54:42 AM - Removed Adobe Reader 9.4.2.
RP219: 2/12/2011 9:58:11 AM - Installed Adobe Reader X (10.0.1).
RP220: 2/13/2011 12:49:03 PM - System Checkpoint
RP221: 2/14/2011 1:35:40 PM - System Checkpoint
RP222: 2/15/2011 8:00:52 AM - Software Distribution Service 3.0
RP223: 2/16/2011 10:54:21 AM - System Checkpoint
RP224: 2/17/2011 11:20:46 AM - System Checkpoint
RP225: 2/18/2011 11:50:03 AM - System Checkpoint
RP226: 2/19/2011 8:31:01 AM - Removed Java(TM) 6 Update 22
RP227: 2/19/2011 8:31:42 AM - Installed Java(TM) 6 Update 24
RP228: 2/20/2011 6:32:53 PM - System Checkpoint
RP229: 2/21/2011 10:47:52 PM - System Checkpoint
RP230: 2/23/2011 12:18:09 PM - Software Distribution Service 3.0
RP231: 2/24/2011 5:08:29 PM - System Checkpoint
RP232: 2/25/2011 5:51:28 PM - System Checkpoint
RP233: 2/26/2011 6:21:44 PM - System Checkpoint
RP234: 2/27/2011 8:49:41 PM - System Checkpoint
RP235: 3/1/2011 3:25:23 PM - System Checkpoint
RP236: 3/2/2011 3:41:43 PM - System Checkpoint
RP237: 3/3/2011 4:19:37 PM - System Checkpoint
RP238: 3/4/2011 4:52:26 PM - System Checkpoint
RP239: 3/6/2011 9:42:22 PM - Installed iTunes
RP240: 3/8/2011 6:34:01 PM - System Checkpoint
RP241: 3/8/2011 10:19:50 PM - Software Distribution Service 3.0
RP242: 3/10/2011 8:23:50 AM - System Checkpoint
RP243: 3/11/2011 5:15:20 PM - System Checkpoint
RP244: 3/12/2011 7:47:04 PM - System Checkpoint
RP245: 3/13/2011 9:06:18 PM - System Checkpoint
RP246: 3/15/2011 12:21:22 PM - System Checkpoint
RP247: 3/16/2011 12:24:17 PM - System Checkpoint
RP248: 3/17/2011 2:50:22 PM - System Checkpoint
RP249: 3/18/2011 4:32:57 PM - System Checkpoint
RP250: 3/19/2011 4:49:33 PM - System Checkpoint
RP251: 3/20/2011 5:36:45 PM - System Checkpoint
RP252: 3/21/2011 6:18:08 PM - System Checkpoint
RP253: 3/22/2011 6:24:46 PM - System Checkpoint
RP254: 3/23/2011 6:29:18 PM - System Checkpoint
RP255: 3/24/2011 11:05:35 AM - Software Distribution Service 3.0
RP256: 3/25/2011 4:15:21 PM - System Checkpoint
RP257: 3/28/2011 1:29:41 PM - System Checkpoint
RP258: 3/29/2011 3:11:47 PM - System Checkpoint
RP259: 3/30/2011 3:57:41 PM - System Checkpoint
RP260: 3/30/2011 10:36:03 PM - Installed HiJackThis
RP261: 4/1/2011 4:58:38 PM - System Checkpoint
RP262: 4/2/2011 5:01:33 PM - System Checkpoint
(Below, I have deleted pages, and portions of pages, that I have no questions about except for the following :)
1) Do I have both Windows Internet Explorer 7 and Windows Internet Explorer 8 installed on my computer? If so, should I delete Windows Internet Explorer 7?
2) Do I have both Windows Media Player 10 and Windows Media Player 11 installed on my computer? If so, should I delete Windows Media Player 10?
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Service Pack 3
And then, the following Messages. Are they just a log of system failures 'from the past week?'
.
==== Event Viewer Messages From Past Week ========
.
4/1/2011 8:55:11 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
3/30/2011 10:11:41 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/30/2011 10:09:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
3/30/2011 10:09:48 PM, error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The system cannot find the file specified. (…..seems to be a reason Secunia would not act right.)
.
==== End Of File ===========================
These questions are just for my understanding. If you do not have the time to explain, I fully understand.
Much Thanks..................:emotion-42:
catoomba
62 Posts
0
April 6th, 2011 19:00
I did not type the "Normal 0 false false false MicrosoftInternetExplorer4" in my message above. I don't know where that came from.
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
April 7th, 2011 06:00
Hi,
If you have "Uniblue Registry Booster" installed, please uninstall it via "add/remove programs" in control panel and then delete the following folder, C:\ProgramFiles\Uniblue if you do not have Uniblue installed, then please just delete the folder.
Please leave all tools on the system until we are finished with the cleanup.
Leaving them is going to cause no harm, you can keep using registry cleaner if you like but I strongly advise against it. I have known all data to be lost from hard drives due to reg cleaners. Have empty registry keys is a lot safer than having needed ones deleted.
a) Many programs run through "svchost.exe and it is not uncommon for upto five or six instances of this to be seen in logs.
b) these two files, although both related to Avira, are named differently and are nothing to worry about.
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
c) The file cidaemon.exe is related to Microsoft Indexing and again, it is not uncommon to see more than one entry in a log.
Yes, these checkpoints are created by system restore at regular times and are better known as restore points.
Both IE8 and Windows Media Player 11 both need the previous versions to be on the system before they can be installed, and if you like they kind of merge together, removing the earlier version of either program may damage the newer version beyond use. You would be ill advised to try and uninstall either.
Yes, they are the system logs from the last week and the reason that I asked for the Secunia folders to be deleted.
OK,
Please try reinstalling Secunia and see if the program will work correctly, then please post a fresh set of DDS logs and a status report on how the system is running.
Thanks.
catoomba
62 Posts
0
April 7th, 2011 07:00
K27,
Thanks for replying to all of my inquiries. Being obsessive compulsive, things have to make sense and be logical in my mind. Thanks to you and people like you, you make that happen. As for your comment about Registry Cleaners, "Leaving them is going to cause no harm, you can keep using registry cleaner if you like but I strongly advise against it. I have known all data to be lost from hard drives due to reg cleaners. Have empty registry keys is a lot safer than having needed ones deleted." - I never realized that could happen. I've been doing that for years now, quite regularly every day. Guess I'm very fortunate! But you helped me realize that truth about, "Have empty registry keys is a lot safer than having needed ones deleted."......! :emotion-2:
1) I got rid of Uniblue via the Programs file as it did not appear in the add/delete part of Control Panel. I never installed it (on purpose that is) and don't even know what it's about. No harm there.
2) I, unfortunately, had the same exact results as before when installing Secunia PSI. It just will not open up. I have left it 'as is' for now. All else is just fine.
3) Seems to me, some of this may have started when I tried updating all of the Adobe files. I always seem to have a problem with them.
4) Here are the results of the DDS Scan:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Bill at 9:08:29.45 on Thu 04/07/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.354 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Secunia\PSI\PSI_TRAY.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Bill\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139782755687
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup163.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\bill\applic~1\mozilla\firefox\profiles\bmxgz0yd.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\bill\application data\mozilla\firefox\profiles\bmxgz0yd.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\bill\application data\mozilla\firefox\profiles\bmxgz0yd.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\bill\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\bill\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-17 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-17 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-17 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-29 61960]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-7 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-12-29 30192]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2005-8-16 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-07 13:00:48 -------- d-----w- c:\docume~1\bill\locals~1\applic~1\Secunia PSI
2011-04-07 13:00:37 -------- d-----w- c:\program files\Secunia
2011-04-03 17:50:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-03 17:50:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-03 17:50:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-03 17:12:22 -------- d-----w- c:\program files\CCleaner
2011-04-01 19:06:44 388096 ----a-r- c:\docume~1\bill\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-29 03:20:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-29 03:20:13 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-29 03:20:13 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-29 03:20:13 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-29 03:20:13 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-29 03:20:13 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-29 03:20:13 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-29 03:20:13 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
.
==================== Find3M ====================
.
2011-02-19 13:31:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-19 13:31:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-28 21:34:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 9:08:46.92 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/3/2006 10:47:55 PM
System Uptime: 4/7/2011 8:39:42 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0WG261
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 28.552 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP184: 1/7/2011 10:35:34 AM - System Checkpoint
RP185: 1/8/2011 11:36:10 AM - System Checkpoint
RP186: 1/9/2011 3:09:16 PM - System Checkpoint
RP187: 1/10/2011 5:22:30 PM - System Checkpoint
RP188: 1/11/2011 6:32:51 PM - System Checkpoint
RP189: 1/12/2011 10:45:15 AM - Software Distribution Service 3.0
RP190: 1/12/2011 11:02:34 AM - Software Distribution Service 3.0
RP191: 1/13/2011 12:10:46 PM - System Checkpoint
RP192: 1/14/2011 4:12:33 PM - System Checkpoint
RP193: 1/15/2011 8:57:30 PM - System Checkpoint
RP194: 1/17/2011 10:58:04 AM - System Checkpoint
RP195: 1/18/2011 12:23:08 PM - System Checkpoint
RP196: 1/19/2011 3:04:02 PM - System Checkpoint
RP197: 1/20/2011 3:06:22 PM - System Checkpoint
RP198: 1/21/2011 7:46:36 PM - System Checkpoint
RP199: 1/22/2011 8:29:56 PM - System Checkpoint
RP200: 1/23/2011 9:16:28 PM - System Checkpoint
RP201: 1/24/2011 9:46:11 PM - System Checkpoint
RP202: 1/26/2011 12:48:40 PM - System Checkpoint
RP203: 1/27/2011 1:12:16 PM - Removed HiJackThis
RP204: 1/28/2011 1:36:47 PM - System Checkpoint
RP205: 1/29/2011 5:59:32 PM - System Checkpoint
RP206: 1/31/2011 9:29:34 AM - System Checkpoint
RP207: 2/1/2011 10:18:27 AM - System Checkpoint
RP208: 2/2/2011 10:52:35 AM - System Checkpoint
RP209: 2/3/2011 2:10:04 PM - System Checkpoint
RP210: 2/4/2011 2:45:54 PM - System Checkpoint
RP211: 2/5/2011 2:46:12 PM - System Checkpoint
RP212: 2/6/2011 3:37:22 PM - System Checkpoint
RP213: 2/7/2011 4:15:32 PM - System Checkpoint
RP214: 2/8/2011 5:00:18 PM - System Checkpoint
RP215: 2/9/2011 12:14:00 AM - Software Distribution Service 3.0
RP216: 2/10/2011 12:34:28 PM - System Checkpoint
RP217: 2/11/2011 1:21:55 PM - System Checkpoint
RP218: 2/12/2011 9:54:42 AM - Removed Adobe Reader 9.4.2.
RP219: 2/12/2011 9:58:11 AM - Installed Adobe Reader X (10.0.1).
RP220: 2/13/2011 12:49:03 PM - System Checkpoint
RP221: 2/14/2011 1:35:40 PM - System Checkpoint
RP222: 2/15/2011 8:00:52 AM - Software Distribution Service 3.0
RP223: 2/16/2011 10:54:21 AM - System Checkpoint
RP224: 2/17/2011 11:20:46 AM - System Checkpoint
RP225: 2/18/2011 11:50:03 AM - System Checkpoint
RP226: 2/19/2011 8:31:01 AM - Removed Java(TM) 6 Update 22
RP227: 2/19/2011 8:31:42 AM - Installed Java(TM) 6 Update 24
RP228: 2/20/2011 6:32:53 PM - System Checkpoint
RP229: 2/21/2011 10:47:52 PM - System Checkpoint
RP230: 2/23/2011 12:18:09 PM - Software Distribution Service 3.0
RP231: 2/24/2011 5:08:29 PM - System Checkpoint
RP232: 2/25/2011 5:51:28 PM - System Checkpoint
RP233: 2/26/2011 6:21:44 PM - System Checkpoint
RP234: 2/27/2011 8:49:41 PM - System Checkpoint
RP235: 3/1/2011 3:25:23 PM - System Checkpoint
RP236: 3/2/2011 3:41:43 PM - System Checkpoint
RP237: 3/3/2011 4:19:37 PM - System Checkpoint
RP238: 3/4/2011 4:52:26 PM - System Checkpoint
RP239: 3/6/2011 9:42:22 PM - Installed iTunes
RP240: 3/8/2011 6:34:01 PM - System Checkpoint
RP241: 3/8/2011 10:19:50 PM - Software Distribution Service 3.0
RP242: 3/10/2011 8:23:50 AM - System Checkpoint
RP243: 3/11/2011 5:15:20 PM - System Checkpoint
RP244: 3/12/2011 7:47:04 PM - System Checkpoint
RP245: 3/13/2011 9:06:18 PM - System Checkpoint
RP246: 3/15/2011 12:21:22 PM - System Checkpoint
RP247: 3/16/2011 12:24:17 PM - System Checkpoint
RP248: 3/17/2011 2:50:22 PM - System Checkpoint
RP249: 3/18/2011 4:32:57 PM - System Checkpoint
RP250: 3/19/2011 4:49:33 PM - System Checkpoint
RP251: 3/20/2011 5:36:45 PM - System Checkpoint
RP252: 3/21/2011 6:18:08 PM - System Checkpoint
RP253: 3/22/2011 6:24:46 PM - System Checkpoint
RP254: 3/23/2011 6:29:18 PM - System Checkpoint
RP255: 3/24/2011 11:05:35 AM - Software Distribution Service 3.0
RP256: 3/25/2011 4:15:21 PM - System Checkpoint
RP257: 3/28/2011 1:29:41 PM - System Checkpoint
RP258: 3/29/2011 3:11:47 PM - System Checkpoint
RP259: 3/30/2011 3:57:41 PM - System Checkpoint
RP260: 3/30/2011 10:36:03 PM - Installed HiJackThis
RP261: 4/1/2011 4:58:38 PM - System Checkpoint
RP262: 4/2/2011 5:01:33 PM - System Checkpoint
RP263: 4/3/2011 5:07:29 PM - System Checkpoint
RP264: 4/4/2011 5:21:53 PM - System Checkpoint
RP265: 4/5/2011 6:08:37 PM - System Checkpoint
RP266: 4/6/2011 7:09:53 PM - System Checkpoint
.
==== Installed Programs ======================
.
123 Free Solitaire
924PLC32
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.0.1)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Blaze Audio RipEditBurn 2
Blaze Audio Wave Breaker
Bonjour
BufferChm
CameraDrivers
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Compatibility Pack for the 2007 Office system
Create and Print Greeting Cards 1.0
CreativeProjects
CreativeProjectsTemplates
CueTour
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Download Manager - 1
Dell Driver Reset Tool
Dell Game Console
Dell Photo AIO Printer 924
Dell Support 3.1
Dell System Restore
DellConnect
Destinations
Digital Content Portal
Director
DVD Flick 1.3.0.7
EducateU
Google AFE
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Image Zone 4.5
HP Photosmart Cameras 4.5
HP Product Assistant
HP Software Update
HPSystemDiagnostics
ImgBurn
InstantShare
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iPod for Windows 2005-09-23
iTunes
Jasc Paint Shop Pro Studio GDI+ Patch
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition Patch
Java Auto Updater
Java(TM) 6 Update 24
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Greetings 2001
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Web Components
Microsoft Picture It! Photo Premium 9
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft Works 2004 Setup Launcher
Modem Event Monitor
Modem Helper
Modem On Hold
Move Media Player
MovieEdit Task
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
OE-Mail Recovery 1.7
Otto
PanoStandAlone
PhotoGallery
PowerDVD 5.3
QFolder
QuickTime
RAW Image Task 1.2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Repair Tool for Outlook Express v.1.7.0
Secunia PSI (2.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
ShareIns
Shockwave
SkinsHP1
Sonic Audio module
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SpywareBlaster 4.4
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Voyetra Record Producer
Watchtower Library 2010 - English
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
4/1/2011 8:24:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
4/1/2011 11:17:33 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
4/1/2011 11:07:13 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
.
==== End Of File ===========================
Thank you again for your time and help. I couldn't do this without it. :emotion-42:
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
April 8th, 2011 06:00
Hi,
This is not malware related, but lets see if we can get you up and running with Secunia,
Run the online version of Secunia, which will test all the programs on your system for security vunralbilities. Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.
You will also see a process indicator that looks like this:
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section.
You will have a link next to all the programs on you system that need updating, please install these updates one by one until no more are showing.
Once all the updates for everything showing with the online version are completed, try installing Secunia again and see if it completes.
Thanks.
catoomba
62 Posts
0
April 8th, 2011 13:00
K27,
Nothing showed up in the Secunia scan as needing updating. I used the link to install Secunia and it asked if I wanted to replace the one on my computer. So I let it uninstall it and reinstall it and it still just flashes a white blank page and returns to my desktop. I have noticed, in my bottom tool bar, the Secunia emblem, but it's not the red color it usually is. It's gold in color now. I'll leave it alone till I hear back from you.
Thanks :emotion-40:
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
April 8th, 2011 15:00
Hi,
Few things to try,
1) Please go to "Start > All Programs > Secunia > and see if the program will open that way.
2) If the above does not work, please go to Add/Remove Programs and then uninstall Secunia and Adobe Flash Player and Adobe Reader the reboot the system
3) Then please download the Secunia PSI Installer and save it to the Desktop,
4) DO NOT install it yet, please reboot the system one more time and then please disable Avira and SpywareBlaster
5) Then try installing Secunia
Let me know how you get on.
Thanks.
catoomba
62 Posts
0
April 8th, 2011 18:00
K27,
Sorry to be a pain. Same results as before. During every installation attempt, including this one, about half way through I've noticed 'something' flash on my screen, but it's gone before I can read it. Don't think it's anything, but thought I would mention it.
BTW, I uninstalled Adobe Flash Player Active X and Adobe Flash Player Plugin and Adobe Air.
Everything still remains on my desktop: Hijack This, DDS, Text and Attach, Mbam. It does not bother me, just thought I'd remind you! :emotion-1:
Thanks
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
April 9th, 2011 12:00
Please leave the tools in place for now, they contain backups should we need them, we will remove them all once we are done.
Please delete the installer for Secunia that you have saved to the desktop and then please run CCleaner. All the settings will be in place from the first time I asked for the tool to be run. This will clear any temp files that the failed install may have created.
Then using a different browser, If you used IE to download the Secunia installer, please use Firefox this time, and vise versa. Save the installed to the desktop and then try running it again.
Let me know if that works.
Thanks.
catoomba
62 Posts
0
April 10th, 2011 07:00
K27,
I deleted Secunia per your instructions. Before I continue, I wanted to tell you that I just noticed, in my 'downloads' folder, there is still:
Adobe Reader 9
Adobe Rdr940_en_US.exe
AdobeRdr1001_en_US.exe
AdobeRdrUpd941_all_incr.msp
AdobeRdrUpd942_all_incr.msp
Adobe ImageReady 7.0
These do not exist in my 'Add/Delete Folders' in Control Panel.
Should I have uninstalled these along with the earlier Adobe uninstallations?
If you choose to have me uninstall them, do I simply delete their folders there in my "Downloads" Folder?
It is in 'My Documents' in Windows Explorer.
I'll await your advice before proceeding.
Thanks again for all your patience and terrific help in this conquest!