Can not remove virtumonde.prx

H

hoya222

New member
After spybot removes this trojan, it comes back whenever firefox is opened. I also get rundll error messages whenever the computer is restarted and we open windows. I also noticed that we are taken to a wrong website when opening from a google search. PLEASE NOTE: I think I may have run NTREGOPT by mistake in addition to ERUNT. Here is the DDS:

============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Content Filter\UpdateService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Steve-Julia\My Documents\Downloads\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://swagbucks.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
{5ca3d70e-1895-11cf-8e15-001234567890}
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101119025859.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [A00F12700C0.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F12700C0.exe
uRun: [A00FD4F88.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FD4F88.exe
uRun: [A00F274400.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F274400.exe
uRun: [A00F3ACDB.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3ACDB.exe
uRun: [A00F36AF0.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F36AF0.exe
uRun: [A00F2725FBE.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F2725FBE.exe
uRun: [A00F326B805.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F326B805.exe
uRun: [A00F3945694.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3945694.exe
uRun: [A00FA7D9B.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FA7D9B.exe
uRun: [A00F5B5960.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F5B5960.exe
uRun: [A00F358E92.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F358E92.exe
uRun: [A00F64A98.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F64A98.exe
uRun: [A00F12BA01.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F12BA01.exe
uRun: [A00F16C94D3.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F16C94D3.exe
uRun: [A00F40B47.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F40B47.exe
uRun: [A00F818C1.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F818C1.exe
uRun: [A00FAE7DE.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FAE7DE.exe
uRun: [A00F126ADCE.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F126ADCE.exe
uRun: [A00F20DA917.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F20DA917.exe
uRun: [A00F24EE1.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F24EE1.exe
uRun: [A00F23BCAE.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F23BCAE.exe
uRun: [A00F22D1037.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F22D1037.exe
uRun: [A00F381A4.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F381A4.exe
uRun: [A00F85A793.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F85A793.exe
uRun: [A00F19C8CAB.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F19C8CAB.exe
uRun: [A00F2987D40.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F2987D40.exe
uRun: [A00F43BCE1.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F43BCE1.exe
uRun: [A00F115DD2D.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F115DD2D.exe
uRun: [A00F166A9B0.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F166A9B0.exe
uRun: [A00F20A1D9F.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F20A1D9F.exe
uRun: [A00F20F97E7.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F20F97E7.exe
uRun: [A00F35FA5.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F35FA5.exe
uRun: [A00F1B34794.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F1B34794.exe
uRun: [A00F22362BC.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F22362BC.exe
uRun: [A00F5643E39.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F5643E39.exe
uRun: [A00F12DBB78.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F12DBB78.exe
uRun: [A00F1D06C17.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F1D06C17.exe
uRun: [A00F273E16D.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F273E16D.exe
uRun: [A00F2837E60.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F2837E60.exe
uRun: [A00F2590D2.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F2590D2.exe
uRun: [A00F1421BC7.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F1421BC7.exe
uRun: [A00F18F7EC0.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F18F7EC0.exe
uRun: [A00F606E8.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F606E8.exe
uRun: [A00F39AC09.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F39AC09.exe
uRun: [A00F51CE6.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F51CE6.exe
uRun: [A00F16E8160.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F16E8160.exe
uRun: [A00F457C1.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F457C1.exe
uRun: [A00F386E4.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F386E4.exe
uRun: [A00F319BD4.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F319BD4.exe
uRun: [A00F37550.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F37550.exe
uRun: [A00FF6C8C.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FF6C8C.exe
uRun: [A00F302030.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F302030.exe
uRun: [A00F3AFD9.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3AFD9.exe
uRun: [A00F291A7.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F291A7.exe
uRun: [A00F408F5.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F408F5.exe
uRun: [A00F3203B.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3203B.exe
uRun: [A00F89A722.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F89A722.exe
uRun: [A00FC8259C.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FC8259C.exe
uRun: [A00F3388EE.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3388EE.exe
uRun: [A00FCB4838.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FCB4838.exe
uRun: [A00F3286547.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3286547.exe
uRun: [A00F41CC055.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F41CC055.exe
uRun: [A00F5691DE7.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F5691DE7.exe
uRun: [A00FA41E416.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FA41E416.exe
uRun: [A00FA75CE01.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FA75CE01.exe
uRun: [A00FB2576D1.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FB2576D1.exe
uRun: [A00F36255.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F36255.exe
uRun: [A00F1509EC.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F1509EC.exe
uRun: [A00F1F5C52.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F1F5C52.exe
uRun: [A00FCDC147.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FCDC147.exe
uRun: [cdloader] "c:\documents and settings\steve-julia\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [A00F44AFEC.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F44AFEC.exe
uRun: [A00F3D30025.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3D30025.exe
uRun: [A00F4A715B9.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F4A715B9.exe
uRun: [A00F644A212.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F644A212.exe
uRun: [A00F2AFFD.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F2AFFD.exe
uRun: [A00F294CE0.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F294CE0.exe
uRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\docume~1\steve-~1\locals~1\temp\hsperf~1.sh! c:\docume~1\steve-~1\locals~1\tempor~1\content.ie5\1yfauv77\bx7fdb~1.sh! c:\docume~1\steve-~1\locals~1\tempor~1\content.ie5\4kemzvwg\bxa404~1.sh! c:\docume~1\steve-~1\locals~1\tempor~1\content.ie5\07jjgtda\bx8cd9~1.sh! c:\docume~1\steve-~1\locals~1\tempor~1\content.ie5\1yfauv77\bx6617~1.sh! c:\docume~1\steve-~1\locals~1\tempor~1\content.ie5\6u2lfv5t\bxe472~1.sh! c:\docume~1\steve-~1\locals~1\tempor~1\content.ie5\07jjgtda\bx8fee~1.sh! c:\docume~1\steve-~1\locals~1\temp\FROMCA~2.SH!
uRun: [Gbapewigamewob] rundll32.exe "c:\windows\otxtpr.dll",Startup
mRun: [monitr32] c:\program files\canon\multipass4\monitr32.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Zune Launcher] "e:\justin\ZuneLauncher.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [ICF] "c:\program files\internet content filter\SafeEyes.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [Eleqibof] rundll32.exe "c:\windows\adasaxoga.dll",Startup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [Magnify] Magnify.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dRunOnce: [MPlayer2_FixUp] c:\windows\inf\unregmp2.exe /Fixups
StartupFolder: c:\docume~1\steve-~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\steve-~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: ICF.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\chessmaster challenge\images\stg_drm.ocx
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www5.snapfish.com/SnapfishActivia3.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224543082828
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\monopoly\images\armhelper.ocx
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: __c0017FC - c:\windows\system32\__c0017FC.dat
AppInit_DLLs: c:\windows\system32\
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\steve-~1\applic~1\mozilla\firefox\profiles\he9qkdbn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={0BB288F5-EF69-7EA5-11BA-C1FE7ECE81E3}&q=
FF - component: c:\documents and settings\steve-julia\application data\mozilla\firefox\profiles\he9qkdbn.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\steve-julia\application data\mozilla\firefox\profiles\he9qkdbn.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {DDF662D8-F2A4-49C6-90BE-4D2254E65692} - c:\documents and settings\steve-julia\local settings\application data\{DDF662D8-F2A4-49C6-90BE-4D2254E65692}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - %profile%\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-5 64160]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-5 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-7 84072]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-1-16 161064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-25 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-7 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-7 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-7 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-7 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-7 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-7 141792]
R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\internet content filter\UpdateService.exe [2010-3-1 233472]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-5 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-7 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-5 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-5 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-7 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-7 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-9 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-7 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-7 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-5 40552]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2007-12-1 31872]
.
=============== Created Last 30 ================
.
2011-12-06 22:06:25 -------- d-sh--w- C:\found.002
2011-04-13 10:29:01 -------- d-----w- c:\docume~1\steve-~1\locals~1\applic~1\{DDF662D8-F2A4-49C6-90BE-4D2254E65692}
2011-04-06 15:52:40 1470 ----a-w- c:\windows\awonisixejigulu.dll
2011-04-06 15:35:48 1470 ----a-w- c:\windows\opobugojudoyat.dll
2011-03-27 23:40:45 0 ----a-w- c:\windows\Dsabalumihudusib.bin
.
==================== Find3M ====================
.
2011-02-17 20:34:32 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
============= FINISH: 10:15:11.01 ===============

I'm sorry I forgot to send this requested attachment. Please let me know if you have any questions.
 
Last edited by a moderator:
Hi,

Please post complete dds.txt log including the header part too.
 
Complete Log

Sorry about that. Here it is:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Steve-Julia at 10:13:40.07 on Wed 04/13/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1345 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Content Filter\UpdateService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Steve-Julia\My Documents\Downloads\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://swagbucks.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061212
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
{5ca3d70e-1895-11cf-8e15-001234567890}
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101119025859.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [A00F12700C0.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F12700C0.exe
uRun: [A00FD4F88.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FD4F88.exe
uRun: [A00F274400.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F274400.exe
uRun: [A00F3ACDB.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3ACDB.exe
uRun: [A00F36AF0.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F36AF0.exe
uRun: [A00F2725FBE.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F2725FBE.exe
uRun: [A00F326B805.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F326B805.exe
uRun: [A00F3945694.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3945694.exe
uRun: [A00FA7D9B.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FA7D9B.exe
uRun: [A00F5B5960.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F5B5960.exe
uRun: [A00F358E92.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F358E92.exe
uRun: [A00F64A98.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F64A98.exe
uRun: [A00F12BA01.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F12BA01.exe
uRun: [A00F16C94D3.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F16C94D3.exe
uRun: [A00F40B47.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F40B47.exe
uRun: [A00F818C1.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F818C1.exe
uRun: [A00FAE7DE.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FAE7DE.exe
uRun: [A00F126ADCE.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F126ADCE.exe
uRun: [A00F20DA917.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F20DA917.exe
uRun: [A00F24EE1.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F24EE1.exe
uRun: [A00F23BCAE.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F23BCAE.exe
uRun: [A00F22D1037.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F22D1037.exe
uRun: [A00F381A4.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F381A4.exe
uRun: [A00F85A793.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F85A793.exe
uRun: [A00F19C8CAB.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F19C8CAB.exe
uRun: [A00F2987D40.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F2987D40.exe
uRun: [A00F43BCE1.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F43BCE1.exe
uRun: [A00F115DD2D.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F115DD2D.exe
uRun: [A00F166A9B0.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F166A9B0.exe
uRun: [A00F20A1D9F.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F20A1D9F.exe
uRun: [A00F20F97E7.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F20F97E7.exe
uRun: [A00F35FA5.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F35FA5.exe
uRun: [A00F1B34794.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F1B34794.exe
uRun: [A00F22362BC.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F22362BC.exe
uRun: [A00F5643E39.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F5643E39.exe
uRun: [A00F12DBB78.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F12DBB78.exe
uRun: [A00F1D06C17.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F1D06C17.exe
uRun: [A00F273E16D.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F273E16D.exe
uRun: [A00F2837E60.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F2837E60.exe
uRun: [A00F2590D2.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F2590D2.exe
uRun: [A00F1421BC7.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F1421BC7.exe
uRun: [A00F18F7EC0.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F18F7EC0.exe
uRun: [A00F606E8.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F606E8.exe
uRun: [A00F39AC09.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F39AC09.exe
uRun: [A00F51CE6.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F51CE6.exe
uRun: [A00F16E8160.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F16E8160.exe
uRun: [A00F457C1.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F457C1.exe
uRun: [A00F386E4.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F386E4.exe
uRun: [A00F319BD4.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F319BD4.exe
uRun: [A00F37550.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F37550.exe
uRun: [A00FF6C8C.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FF6C8C.exe
uRun: [A00F302030.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F302030.exe
uRun: [A00F3AFD9.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3AFD9.exe
uRun: [A00F291A7.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F291A7.exe
uRun: [A00F408F5.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F408F5.exe
uRun: [A00F3203B.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3203B.exe
uRun: [A00F89A722.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F89A722.exe
uRun: [A00FC8259C.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FC8259C.exe
uRun: [A00F3388EE.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3388EE.exe
uRun: [A00FCB4838.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FCB4838.exe
uRun: [A00F3286547.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3286547.exe
uRun: [A00F41CC055.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F41CC055.exe
uRun: [A00F5691DE7.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F5691DE7.exe
uRun: [A00FA41E416.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FA41E416.exe
uRun: [A00FA75CE01.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FA75CE01.exe
uRun: [A00FB2576D1.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FB2576D1.exe
uRun: [A00F36255.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F36255.exe
uRun: [A00F1509EC.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F1509EC.exe
uRun: [A00F1F5C52.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F1F5C52.exe
uRun: [A00FCDC147.exe] c:\docume~1\steve-~1\locals~1\temp\_A00FCDC147.exe
uRun: [cdloader] "c:\documents and settings\steve-julia\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [A00F44AFEC.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F44AFEC.exe
uRun: [A00F3D30025.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F3D30025.exe
uRun: [A00F4A715B9.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F4A715B9.exe
uRun: [A00F644A212.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F644A212.exe
uRun: [A00F2AFFD.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F2AFFD.exe
uRun: [A00F294CE0.exe] c:\docume~1\steve-~1\locals~1\temp\_A00F294CE0.exe
uRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\docume~1\steve-~1\locals~1\temp\hsperf~1.sh! c:\docume~1\steve-~1\locals~1\tempor~1\content.ie5\1yfauv77\bx7fdb~1.sh! c:\docume~1\steve-~1\locals~1\tempor~1\content.ie5\4kemzvwg\bxa404~1.sh! c:\docume~1\steve-~1\locals~1\tempor~1\content.ie5\07jjgtda\bx8cd9~1.sh! c:\docume~1\steve-~1\locals~1\tempor~1\content.ie5\1yfauv77\bx6617~1.sh! c:\docume~1\steve-~1\locals~1\tempor~1\content.ie5\6u2lfv5t\bxe472~1.sh! c:\docume~1\steve-~1\locals~1\tempor~1\content.ie5\07jjgtda\bx8fee~1.sh! c:\docume~1\steve-~1\locals~1\temp\FROMCA~2.SH!
uRun: [Gbapewigamewob] rundll32.exe "c:\windows\otxtpr.dll",Startup
mRun: [monitr32] c:\program files\canon\multipass4\monitr32.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Zune Launcher] "e:\justin\ZuneLauncher.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [ICF] "c:\program files\internet content filter\SafeEyes.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [Eleqibof] rundll32.exe "c:\windows\adasaxoga.dll",Startup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [Magnify] Magnify.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dRunOnce: [MPlayer2_FixUp] c:\windows\inf\unregmp2.exe /Fixups
StartupFolder: c:\docume~1\steve-~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\steve-~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: ICF.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\chessmaster challenge\images\stg_drm.ocx
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www5.snapfish.com/SnapfishActivia3.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224543082828
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\monopoly\images\armhelper.ocx
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: __c0017FC - c:\windows\system32\__c0017FC.dat
AppInit_DLLs: c:\windows\system32\
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\steve-~1\applic~1\mozilla\firefox\profiles\he9qkdbn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={0BB288F5-EF69-7EA5-11BA-C1FE7ECE81E3}&q=
FF - component: c:\documents and settings\steve-julia\application data\mozilla\firefox\profiles\he9qkdbn.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\steve-julia\application data\mozilla\firefox\profiles\he9qkdbn.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {DDF662D8-F2A4-49C6-90BE-4D2254E65692} - c:\documents and settings\steve-julia\local settings\application data\{DDF662D8-F2A4-49C6-90BE-4D2254E65692}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - %profile%\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-5 64160]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-5 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-7 84072]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-1-16 161064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-25 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-7 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-7 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-7 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-7 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-7 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-7 141792]
R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\internet content filter\UpdateService.exe [2010-3-1 233472]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-5 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-7 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-5 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-5 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-7 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-7 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-9 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-7 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-7 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-5 40552]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2007-12-1 31872]
.
=============== Created Last 30 ================
.
2011-12-06 22:06:25 -------- d-sh--w- C:\found.002
2011-04-13 10:29:01 -------- d-----w- c:\docume~1\steve-~1\locals~1\applic~1\{DDF662D8-F2A4-49C6-90BE-4D2254E65692}
2011-04-06 15:52:40 1470 ----a-w- c:\windows\awonisixejigulu.dll
2011-04-06 15:35:48 1470 ----a-w- c:\windows\opobugojudoyat.dll
2011-03-27 23:40:45 0 ----a-w- c:\windows\Dsabalumihudusib.bin
.
==================== Find3M ====================
.
2011-02-17 20:34:32 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
============= FINISH: 10:15:11.01 ===============
 
Hi

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Log from ComboFix

Here is the log from ComboFix. IN THE MEANTIME, DO YOU WANT ME TO HIT "FIX ERRORS" on COMBO FIX?



<?xml version="1.0" encoding="UTF-8" ?>
- <AROScanLog>
<AROVersion>6.0.793.824</AROVersion>
<ScanningDate>Fri. April 15, 2011. 11:49 AM</ScanningDate>
<TotalRegErrorsFound>3707</TotalRegErrorsFound>
<TotalJunkErrorsFound>2826</TotalJunkErrorsFound>
<TotalSecErrorsFound>2</TotalSecErrorsFound>
- <Scanning Section="ActiveX and COM">
<Description>ActiveX and COM objects that are based on libraries no longer on your system.</Description>
<ErrorsInThisSection>525 Errors</ErrorsInThisSection>
- <EntryDetails>
<Entry>:-) VideoSoft vsFlex3 Controls</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{8AE029D0-08E3-11D1-BAA2-444553540000}\3.0\HELPDIR for this type library serves to indicate a help directory, but contains no data. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>_AddrBookWrapper</Entry>
<Details>The key HKEY_CLASSES_ROOT\Interface\{8A333B1D-C7B3-419B-BB5C-479F4233EC5C}\TypeLib for this interface points to the missing type library {15B894AE-9728-45A0-A984-A1C5460B423E}. This subkey can be deleted for this interface.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>_IPopCapLoaderCtrlEvents</Entry>
<Details>The key HKEY_CLASSES_ROOT\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}\TypeLib for this interface points to the missing type library {C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}. This subkey can be deleted for this interface.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>A3dApi Object</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441} points to the missing ApplicationID {92FA2C24-253C-11D2-90FB-006008A1F441}.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>A3dDAL Object</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{442D12A1-2641-11d2-90FB-006008A1F441} points to the missing ApplicationID {442D12A1-2641-11D2-90FB-006008A1F441}.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ABUI 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}\1.0\HELPDIR for this type library points to the missing folder C:\Program Files\America Online 9.0\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ABUI 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}\1.0\0\win32 for this type library points to the missing file C:\Program Files\America Online 9.0\abui.dll. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ABUI Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{61E15DE7-D229-4eb3-A460-40DCDDA60DA7}\InprocServer32 points to the missing InprocServer32 C:\Program Files\America Online 9.0\abui.dll. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ABUI Class</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{61E15DE7-D229-4eb3-A460-40DCDDA60DA7}\ToolboxBitmap32 that points to the missing file C:\Program Files\America Online 9.0\abui.dll, 1.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACCalendarDCtrl Class</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{63435828-E10D-42d5-8859-C94796B7C22D}\ToolboxBitmap32 that points to the missing file C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL, 101.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACCalendarDCtrl Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{63435828-E10D-42d5-8859-C94796B7C22D}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACCalendarListCtrl Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}\TypeLib for this object point to the missing type library {3AEE3925-59BB-11D3-A8CC-005004A0F323}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACCalendarListCtrl Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACCalendarListCtrl Class</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{A8ABE123-FAC4-41c1-ABA3-051B6F112B83}\ToolboxBitmap32 that points to the missing file C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL, 544.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AccClientDocMgr Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{FC48CC30-4F3E-4fa1-803B-AD0E196A83B1}\TypeLib for this object point to the missing type library {0EF20641-8773-4B65-955C-C12C206EB86C}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AccDictionary Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{6572EE16-5FE5-4331-BB6D-76A49C56E423}\TypeLib for this object point to the missing type library {0EF20641-8773-4B65-955C-C12C206EB86C}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AccServerDocMgr Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{6089A37E-EB8A-482D-BD6F-F9F46904D16D}\TypeLib for this object point to the missing type library {0EF20641-8773-4B65-955C-C12C206EB86C}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AccStore Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{5440837F-4BFF-4AE5-A1B1-7722ECC6332A}\TypeLib for this object point to the missing type library {0EF20641-8773-4B65-955C-C12C206EB86C}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACDayBoxViewCtrl Class</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}\ToolboxBitmap32 that points to the missing file C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL, 586.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACDayBoxViewCtrl Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}\TypeLib for this object point to the missing type library {3AEE3925-59BB-11D3-A8CC-005004A0F323}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACDayBoxViewCtrl Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{B6F041A2-48B9-4d3f-A91D-90E17C505FD3}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACDictionary Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{9F62797E-1249-4596-9FF7-AC6D851A542A}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACEventConflictCtrl Class</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{B3E7BCF9-05C8-4233-BA88-37FDA4AD3147}\ToolboxBitmap32 that points to the missing file C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL, 605.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACEventConflictCtrl Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{B3E7BCF9-05C8-4233-BA88-37FDA4AD3147}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACMonthViewCtrl Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{0FE9096F-7F7A-4e40-857C-E48A53440DFE}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACMPickerCtrl Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{DA3C177A-D1DA-47f2-BBF0-E9710CA7253F}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Acrobat Search</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\TypeLib for this object point to the missing type library {47A7A4B0-2723-41BA-865E-EBBB7081A602}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AcrobatAccess Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535} points to the missing ApplicationID {8A523F4F-AB44-4477-BAB0-151E5936D144}.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AcroBrokerLib</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{41738EEA-442F-477F-92CF-2889BD6CD7E7}\1.0\HELPDIR for this type library serves to indicate a help directory, but contains no data. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AcroIEHelperShim 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{2991F100-D9C3-4243-82A2-A718747FC0CF}\1.0\HELPDIR for this type library serves to indicate a help directory, but contains no data. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ActiveMovieControl Object</Entry>
<Details>The ToolboxBitmap32 key HKEY_CLASSES_ROOT\CLSID\{05589FA1-C356-11CE-BF01-00AA0055595A}\ToolboxBitmap32 for this object contains no data. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ActiveOttoFull 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{A7773D7D-061B-42FB-9A46-FA982BDA6E6F}\1.0\0\win32 for this type library points to the missing file C:\Program Files\EnglishOtto\ActiveOttoFull.dll. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ActiveOttoFull 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{A7773D7D-061B-42FB-9A46-FA982BDA6E6F}\1.0\HELPDIR for this type library points to the missing folder C:\Program Files\EnglishOtto\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACToolBarCtrl Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{F4F30C01-A7B4-492e-943E-58A7CF2D9DD6}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACTopToolBarCtrl Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{09E6F477-C3C3-4636-8BFD-2DDB36147FEC}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACTopToolBarCtrl Class</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{09E6F477-C3C3-4636-8BFD-2DDB36147FEC}\ToolboxBitmap32 that points to the missing file C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL, 605.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ACWebDlgHelper Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{6AD3B5BD-9A96-4ca2-9455-2034D05EB134}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Adobe PDF Preview Handler for Vista</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193} points to the missing ApplicationID {6d2b5079-2f0b-48dd-ab7f-97cec514d30b}.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AgControl 2.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{283C8576-0726-4DBC-9609-3F855162009A}\2.0\HELPDIR for this type library points to the missing folder c:\Program Files\Microsoft Silverlight\2.0.40115.0\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AgControl 2.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{283C8576-0726-4DBC-9609-3F855162009A}\2.0\0\win32 for this type library points to the missing file c:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AgControl 3.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{283C8576-0726-4DBC-9609-3F855162009A}\3.0\HELPDIR for this type library points to the missing folder C:\Program Files\Microsoft Silverlight\3.0.50106.0\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AgControl 3.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{283C8576-0726-4DBC-9609-3F855162009A}\3.0\0\win32 for this type library points to the missing file C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>aimlocator Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA}\InprocServer32 points to the missing InprocServer32 C:\Program Files\AIM6\services\imApp\ver6_9_17_2\isaim.dll. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Alignment Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{67C79012-A022-464a-AA13-3CB1E52AE04C}\TypeLib for this object point to the missing type library {F31F17E6-6CFB-4fcf-A7F4-8B55AEFC04CC}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Animation Engine 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{CC491105-58FA-437F-A1CE-CC947B6AFE4F}\1.0\0\win32 for this type library points to the missing file C:\PROGRA~1\AMERIC~1.0\ae.dll. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Animation Engine 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{CC491105-58FA-437F-A1CE-CC947B6AFE4F}\1.0\HELPDIR for this type library points to the missing folder C:\PROGRA~1\AMERIC~1.0\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AOL CETCtrl 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}\1.0\HELPDIR for this type library points to the missing folder C:\PROGRA~1\COMMON~1\aolshare\pictures\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AOL CETCtrl 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}\1.0\0\win32 for this type library points to the missing file C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPPIC~4.DLL. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AOL Downloader Plugin</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}\ToolboxBitmap32 that points to the missing file C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPPIC~1.DLL, 101.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AOL Downloader Plugin</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{D670D0B3-05AB-4115-9F87-D983EF1AC747}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPPIC~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AOL Member Expression Wizard Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{64E26A20-8A9E-4B33-9F8D-F3663F13811E}\1.0\0\win32 for this type library points to the missing file C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPWz.dll. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AOL Member Expression Wizard Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{64E26A20-8A9E-4B33-9F8D-F3663F13811E}\1.0\HELPDIR for this type library points to the missing folder C:\PROGRA~1\COMMON~1\aolshare\pictures\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AOL UPFCtrl 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}\1.0\HELPDIR for this type library points to the missing folder C:\PROGRA~1\COMMON~1\aolshare\pictures\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AOL UPFCtrl 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}\1.0\0\win32 for this type library points to the missing file C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPUPF.dll. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AOL YGP PicEdit Ctrl</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPPIC~4.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AOL YGP PicEdit Ctrl</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}\ToolboxBitmap32 that points to the missing file C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPPIC~4.DLL, 101.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AOL YGP UPF Ctrl</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}\ToolboxBitmap32 that points to the missing file C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPUPF.dll, 101.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AOL YGP UPF Ctrl</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPUPF.dll. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AolCalSvr 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{00A987AE-587B-4343-B826-89F17AB41A03}\1.0\0\win32 for this type library points to the missing file C:\PROGRA~1\AMERIC~1.0\MYCALE~1.DLL. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AolCalSvr 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{00A987AE-587B-4343-B826-89F17AB41A03}\1.0\HELPDIR for this type library points to the missing folder C:\PROGRA~1\AMERIC~1.0\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Ares 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}\1.0\HELPDIR for this type library points to the missing folder C:\PROGRA~1\AMERIC~1.0\media\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Ares 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}\1.0\0\win32 for this type library points to the missing file C:\PROGRA~1\AMERIC~1.0\media\ares.dll. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AresPlayer Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{4E97BE17-3300-4A4F-B380-5988DD771F1F}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\ares.dll. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AresPlayer Class</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{4E97BE17-3300-4A4F-B380-5988DD771F1F}\ToolboxBitmap32 that points to the missing file C:\PROGRA~1\AMERIC~1.0\media\ares.dll, 101.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ArmHelper Control</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{CC450D71-CC90-424C-8638-1F2DBAC87A54}\InprocServer32 points to the missing InprocServer32 ./Images/armhelper.ocx. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ASUInstallHost Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\InprocServer32 points to the missing InprocServer32 C:\Program Files\Apple Software Update\SoftwareUpdateAdmin.dll. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>ASUTaskScheduler Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\InprocServer32 points to the missing InprocServer32 C:\Program Files\Apple Software Update\SoftwareUpdateAdmin.dll. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AtscPsipParser Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{3508C064-B94E-420b-A821-20C8096FAADC}\TypeLib for this object point to the missing type library {92F94BE2-8C2E-4cd6-88ED-774A5DF42AD3}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AtscPsipParser Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{D88B44DB-6C5C-4501-B7FC-3E7476275C84}\TypeLib for this object point to the missing type library {08F16BA2-945B-43fa-A230-972DBA0377A0}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Auctiva Image Uploader Control</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{6766A46B-9FFF-46DE-A460-994E4C4881F4}\1.0\HELPDIR for this type library serves to indicate a help directory, but contains no data. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Auctiva Image Uploader Thumbnail Control</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{E9DEDDE3-F5F8-4908-B37D-C50AD036FC49}\TypeLib for this object point to the missing type library {IDL_TYPELIB_ID_LSTR}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Auctiva Image Uploader UploadPane Control</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{39014D29-A3FE-478E-BAB2-5E547A661A89}\TypeLib for this object point to the missing type library {IDL_TYPELIB_ID_LSTR}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>avgsdkco 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{5E03A3EA-2CB6-4E23-8A77-601AD5646296}\1.0\HELPDIR for this type library serves to indicate a help directory, but contains no data. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AxTrack 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}\1.0\0\win32 for this type library points to the missing file C:\PROGRA~1\AMERIC~1.0\axtrack.dll. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>AxTrack 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}\1.0\HELPDIR for this type library points to the missing folder C:\PROGRA~1\AMERIC~1.0\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>BAE 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}\1.0\0\win32 for this type library points to the missing file C:\Program Files\BAE\BAE.dll. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>BAE 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}\1.0\HELPDIR for this type library points to the missing folder C:\Program Files\BAE\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>BankshotZone 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{D4AC4A51-F6EB-4C46-945E-CB81A9A517F5}\1.0\HELPDIR for this type library serves to indicate a help directory, but contains no data. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>BDA Device Control Plug-in</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}\InprocServer32 points to the missing InprocServer32 CaPlgin.ax. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Canon USD</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{BC30618B-EC2F-4590-B53F-ECD1C39B96A5}\InprocServer32 points to the missing InprocServer32 C:\WINDOWS\system32\CNC700C.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CAOLMemExpWz Object</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{18477169-4752-41DC-AB0F-C50EBA75641D}\ToolboxBitmap32 that points to the missing file C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPWz.dll, 1.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CAOLMemExpWz Object</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{18477169-4752-41DC-AB0F-C50EBA75641D}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\COMMON~1\aolshare\pictures\YGPWz.dll. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CBrowserHelperObject Object</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\InprocServer32 points to the missing InprocServer32 C:\Program Files\BAE\BAE.dll. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CCoMcApplicationInfo Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{39BE9FE5-916F-4F01-86D8-46D1B843C8DD}\TypeLib for this object point to the missing type library {D2557483-F2E2-43FB-BCEE-2D2E21EB41BA}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CCompReg Object</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{174A74A7-AFA2-4634-BA8D-448065AE083B}\InprocServer32 points to the missing InprocServer32 C:\Program Files\Turbine\The Lord of the Rings Online\PatchWrapper2.dll. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CDDBAOLControl Class</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{229b78d5-38f5-11d5-9001-00c04f4c3b9f}\ToolboxBitmap32 that points to the missing file C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL, 104.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CDDBAOLControl Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{229b78d5-38f5-11d5-9001-00c04f4c3b9f}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CDDBControl(AOL) 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}\1.0\HELPDIR for this type library points to the missing folder C:\PROGRA~1\AMERIC~1.0\media\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CDDBControl(AOL) 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}\1.0\0\win32 for this type library points to the missing file C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CddbCredit Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{229b78e2-38f5-11d5-9001-00c04f4c3b9f}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CddbFullName Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{229b78e1-38f5-11d5-9001-00c04f4c3b9f}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CddbID3Tag Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CddbID3TagManager Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CddbInfoWindow Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CddbSegment Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{229b78df-38f5-11d5-9001-00c04f4c3b9f}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CddbTrackManager Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{00014C0D-B007-4448-B89B-4EC3E857961D}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CddbUIOptions Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CddbURL Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{229b78e0-38f5-11d5-9001-00c04f4c3b9f}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CddbURLManager Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\CDDBCO~1.DLL. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CDIGStreamAsset Object</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{7DD5B09C-FF7F-4B06-9506-DF35E2329D3E}\LocalServer32 points to the missing LocalServer32 C:\PROGRA~1\DIGSTR~1\DIGSTR~1.EXE. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CDIGStreamDownloader Object</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{9DAE0446-E34F-43B0-8276-D551B05ACA60}\LocalServer32 points to the missing LocalServer32 C:\PROGRA~1\DIGSTR~1\DIGSTR~1.EXE. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CDIGStreamGroup Object</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{434548FB-7A4E-4269-A02D-7534BF25C277}\LocalServer32 points to the missing LocalServer32 C:\PROGRA~1\DIGSTR~1\DIGSTR~1.EXE. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CDIGStreamLocator Object</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{09199AAF-86A9-4124-BBBD-C9236E20023A}\LocalServer32 points to the missing LocalServer32 C:\PROGRA~1\DIGSTR~1\DIGSTR~1.EXE. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CDIGStreamReference Object</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{26DDE955-3D39-47EE-9865-A9DE055F922A}\LocalServer32 points to the missing LocalServer32 C:\PROGRA~1\DIGSTR~1\DIGSTR~1.EXE. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CDIGStreamUpdate Object</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{1A305068-8D97-4299-B201-76AC4B511B2C}\LocalServer32 points to the missing LocalServer32 C:\PROGRA~1\DIGSTR~1\DIGSTR~1.EXE. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Cerberus 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}\1.0\HELPDIR for this type library points to the missing folder C:\PROGRA~1\AMERIC~1.0\media\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>Cerberus 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}\1.0\0\win32 for this type library points to the missing file C:\PROGRA~1\AMERIC~1.0\media\cerberus.dll. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CerberusCDPlayer Class</Entry>
<Details>The registry contains an entry for the font under HKEY_CLASSES_ROOT\CLSID\{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}\ToolboxBitmap32 that points to the missing file C:\PROGRA~1\AMERIC~1.0\media\cerberus.dll, 101.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CerberusCDPlayer Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\media\cerberus.dll. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CHHInputModule Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{F88A4455-BEB8-4D91-8C13-6807B0147727}\TypeLib for this object point to the missing type library {22F7AE15-E8CB-4A96-A9E6-570DF6A33645}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CHTInputModule class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{478DD7E7-228D-44B7-9854-DFB0E818D8A7}\TypeLib for this object point to the missing type library {df2d2967-9f0b-479d-830c-22886fdd74db}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CLSID_IHashTable</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{64577982-86D7-11d1-BDFC-00C04FA31009}\TypeLib for this object point to the missing type library {E4B28371-83B0-11d0-8259-00C04FD85AB4}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CLSID_IMimeAllocator</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}\TypeLib for this object point to the missing type library {E4B28371-83B0-11d0-8259-00C04FD85AB4}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CLSID_IMimeBody</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}\TypeLib for this object point to the missing type library {E4B28371-83B0-11d0-8259-00C04FD85AB4}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CLSID_IMimeHeaderTable</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}\TypeLib for this object point to the missing type library {E4B28371-83B0-11d0-8259-00C04FD85AB4}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CLSID_IMimeInternational</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}\TypeLib for this object point to the missing type library {E4B28371-83B0-11d0-8259-00C04FD85AB4}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CLSID_IMimeMessage</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}\TypeLib for this object point to the missing type library {E4B28371-83B0-11d0-8259-00C04FD85AB4}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CLSID_IMimeMessageParts</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}\TypeLib for this object point to the missing type library {E4B28371-83B0-11d0-8259-00C04FD85AB4}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CLSID_IMimeMessageTree</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}\TypeLib for this object point to the missing type library {E4B28371-83B0-11d0-8259-00C04FD85AB4}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CLSID_IMimePropertySchema</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{FD853CED-7F86-11d0-8252-00C04FD85AB4}\TypeLib for this object point to the missing type library {E4B28371-83B0-11d0-8259-00C04FD85AB4}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CLSID_IMimePropertySet</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}\TypeLib for this object point to the missing type library {E4B28371-83B0-11d0-8259-00C04FD85AB4}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CLSID_IMimeSecurity</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}\TypeLib for this object point to the missing type library {E4B28371-83B0-11d0-8259-00C04FD85AB4}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CLSID_IVirtualStream</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}\TypeLib for this object point to the missing type library {E4B28371-83B0-11d0-8259-00C04FD85AB4}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CMcSvcHostVer Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{112F60D8-C573-4bf2-8C70-C791B0C7DF62}\TypeLib for this object point to the missing type library {CB3B692B-EF5B-4324-8F4E-C5CF6B00EB5C}. This subkey can be deleted for this object.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CoachDM 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}\1.0\HELPDIR for this type library points to the missing folder C:\Program Files\Common Files\aolshare\Coach\. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CoachDM 1.0 Type Library</Entry>
<Details>The key HKEY_CLASSES_ROOT\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}\1.0\0\win32 for this type library points to the missing file C:\Program Files\Common Files\aolshare\Coach\coachdm3.dll. This subkey can be deleted for this type library.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CoAxTrack Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\axtrack.dll. The associated CLSID can be deleted.</Details>
</EntryDetails>
- <EntryDetails>
<Entry>CoAxTrackMk Class</Entry>
<Details>The key HKEY_CLASSES_ROOT\CLSID\{5145942E-41DF-4658-B7C4-089F48E84A75}\InprocServer32 points to the missing InprocServer32 C:\PROGRA~1\AMERIC~1.0\axtrack.dll. The associated CLSID can be deleted.</Details
 
Hi,

where did you get that log? It's not ComboFix creation.
 
ComboFix Log

ComboFix 11-04-14.03 - Steve-Julia 04/15/2011 15:25:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1375 [GMT -4:00]
Running from: c:\documents and settings\Steve-Julia\My Documents\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\020000007d5eb7a4648C.manifest
c:\documents and settings\Administrator\Application Data\020000007d5eb7a4648O.manifest
c:\documents and settings\Administrator\Application Data\020000007d5eb7a4648P.manifest
c:\documents and settings\Administrator\Application Data\020000007d5eb7a4648S.manifest
c:\documents and settings\All Users\Application Data\Zwangi
c:\documents and settings\All Users\Application Data\zwangisearch
c:\documents and settings\Justin\Application Data\020000007d5eb7a4648C.manifest
c:\documents and settings\Justin\Application Data\020000007d5eb7a4648O.manifest
c:\documents and settings\Justin\Application Data\020000007d5eb7a4648P.manifest
c:\documents and settings\Justin\Application Data\020000007d5eb7a4648S.manifest
c:\documents and settings\Justin\Application Data\Dealio
c:\documents and settings\Justin\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Justin\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Justin\WINDOWS
c:\documents and settings\Lindsay\Local Settings\Application Data\{E1CAE54E-EC27-4C97-932B-A3F7250BFCF1}
c:\documents and settings\Lindsay\Local Settings\Application Data\{E1CAE54E-EC27-4C97-932B-A3F7250BFCF1}\chrome.manifest
c:\documents and settings\Lindsay\Local Settings\Application Data\{E1CAE54E-EC27-4C97-932B-A3F7250BFCF1}\chrome\content\_cfg.js
c:\documents and settings\Lindsay\Local Settings\Application Data\{E1CAE54E-EC27-4C97-932B-A3F7250BFCF1}\chrome\content\overlay.xul
c:\documents and settings\Lindsay\Local Settings\Application Data\{E1CAE54E-EC27-4C97-932B-A3F7250BFCF1}\install.rdf
c:\documents and settings\Steve-Julia\Application Data\020000007d5eb7a4648C.manifest
c:\documents and settings\Steve-Julia\Application Data\020000007d5eb7a4648O.manifest
c:\documents and settings\Steve-Julia\Application Data\020000007d5eb7a4648P.manifest
c:\documents and settings\Steve-Julia\Application Data\020000007d5eb7a4648S.manifest
c:\documents and settings\Steve-Julia\Application Data\inst.exe
c:\documents and settings\Steve-Julia\Application Data\PriceGong
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Steve-Julia\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Steve-Julia\AUTORUN.INF
c:\documents and settings\Steve-Julia\GoToAssistDownloadHelper.exe
c:\documents and settings\Steve-Julia\Local Settings\Application Data\{DDF662D8-F2A4-49C6-90BE-4D2254E65692}
c:\documents and settings\Steve-Julia\Local Settings\Application Data\{DDF662D8-F2A4-49C6-90BE-4D2254E65692}\chrome.manifest
c:\documents and settings\Steve-Julia\Local Settings\Application Data\{DDF662D8-F2A4-49C6-90BE-4D2254E65692}\chrome\content\_cfg.js
c:\documents and settings\Steve-Julia\Local Settings\Application Data\{DDF662D8-F2A4-49C6-90BE-4D2254E65692}\chrome\content\overlay.xul
c:\documents and settings\Steve-Julia\Local Settings\Application Data\{DDF662D8-F2A4-49C6-90BE-4D2254E65692}\install.rdf
c:\documents and settings\Steve-Julia\WINDOWS
c:\program files\ZwangiSearch
C:\test.txt
c:\windows\expert
c:\windows\expert\Apps\Help.ico
c:\windows\expert\Apps\Home.exe
c:\windows\expert\Apps\Install.ico
c:\windows\expert\Apps\PDF.ICO
c:\windows\expert\Apps\Readme.ico
c:\windows\expert\Apps\Register.exe
c:\windows\expert\Apps\Support.exe
c:\windows\expert\REG.INI
c:\windows\expert\X6820.INI
c:\windows\expert\X6820REG.INI
c:\windows\GnuHashes.ini
c:\windows\ocutokaratiqe.dll
c:\windows\otxtpr.dll
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\gfbaksm.dat
c:\windows\system32\gfbaksm.dll
c:\windows\system32\LocalService\277.crack.zip
c:\windows\system32\LocalService\277.crack.zip.kwd
c:\windows\system32\LocalService\278.keygen.zip
c:\windows\system32\LocalService\278.keygen.zip.kwd
c:\windows\system32\LocalService\279.serial.zip
c:\windows\system32\LocalService\279.serial.zip.kwd
c:\windows\system32\LocalService\280.setup.zip
c:\windows\system32\LocalService\280.setup.zip.kwd
c:\windows\system32\LocalService\281.music.au
c:\windows\system32\LocalService\281.music.au.kwd
c:\windows\system32\LocalService\282.music2.au
c:\windows\system32\LocalService\282.music2.au.kwd
c:\windows\system32\LocalService\283.music3.au
c:\windows\system32\LocalService\283.music3.au.kwd
c:\windows\system32\LocalService\284.music4.au
c:\windows\system32\LocalService\284.music4.au.kwd
C:\xcrashdump.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-12-06 22:06 . 2011-12-06 22:06 -------- d-----w- C:\found.002
2011-04-15 15:48 . 2011-04-15 15:48 -------- d-----w- c:\documents and settings\Steve-Julia\Application Data\Sammsoft
2011-04-15 15:45 . 2011-04-15 15:45 -------- d-----w- c:\program files\ARO 2011
2011-04-13 13:54 . 2011-04-13 13:57 -------- d-----w- c:\program files\ERUNT
2011-04-06 15:52 . 2011-04-06 15:52 1470 ----a-w- c:\windows\awonisixejigulu.dll
2011-04-06 15:35 . 2011-04-06 15:35 1470 ----a-w- c:\windows\opobugojudoyat.dll
2011-03-27 23:40 . 2011-04-15 15:13 0 ----a-w- c:\windows\Dsabalumihudusib.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-24 18:31 . 2011-02-04 12:49 69632 ----a-r- c:\documents and settings\Steve-Julia\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ContentTransfer.exe
2011-03-24 18:31 . 2011-02-04 12:49 65536 ----a-r- c:\documents and settings\Steve-Julia\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ReadMe.exe
2011-03-24 18:31 . 2011-02-04 12:49 49152 ----a-r- c:\documents and settings\Steve-Julia\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Check3D.exe
2011-03-24 18:31 . 2011-02-04 12:49 45056 ----a-r- c:\documents and settings\Steve-Julia\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Help_HH.exe
2011-03-24 18:31 . 2011-02-04 12:49 434176 ----a-r- c:\documents and settings\Steve-Julia\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_GuidedTour.exe
2011-03-24 18:31 . 2011-02-04 12:49 40960 ----a-r- c:\documents and settings\Steve-Julia\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_AMCap.exe
2011-03-24 18:31 . 2011-02-04 12:49 69632 ----a-r- c:\documents and settings\Steve-Julia\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\Studio.exe
2011-02-17 20:34 . 2010-12-20 00:09 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2010-10-14 03:28 . 2010-09-07 22:04 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-21 39408]
"cdloader"="c:\documents and settings\Steve-Julia\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"AROReminder"="c:\program files\ARO 2011\aro.exe" [2011-01-25 2312048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"monitr32"="c:\program files\Canon\MultiPASS4\monitr32.exe" [2001-08-21 311296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2010-09-24 1599208]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
"Magnify"="Magnify.exe" [2006-10-04 72704]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544]
"MPlayer2_FixUp"="c:\windows\inf\unregmp2.exe" [2004-08-10 192512]
.
c:\documents and settings\Justin\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\Steve-Julia\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-2 333088]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-30 805392]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 08:04 59392 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-07-06 13:15 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-02-05 23:52 849280 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-01-16 20:31 181544 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-06-16 14:39 7323648 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-07-24 16:20 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-24 19:30 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Steve-Julia\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9159:TCP"= 9159:TCP:BitComet 9159 TCP
"9159:UDP"= 9159:UDP:BitComet 9159 UDP
"57962:TCP"= 57962:TCP:Pando Media Booster
"57962:UDP"= 57962:UDP:Pando Media Booster
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/5/2009 4:49 PM 64160]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/7/2010 6:04 PM 84072]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 4:31 PM 161064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/25/2008 10:41 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/7/2010 6:04 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [9/7/2010 6:04 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [9/7/2010 6:04 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [9/7/2010 6:04 PM 141792]
R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\Internet Content Filter\UpdateService.exe [3/1/2010 11:02 AM 233472]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/5/2009 9:38 PM 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [9/7/2010 6:04 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [9/7/2010 6:04 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [9/7/2010 6:04 PM 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/9/2010 6:55 PM 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [9/7/2010 6:04 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/7/2010 6:04 PM 84264]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [12/1/2007 1:46 PM 31872]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 21:50]
.
2010-08-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Mozilla Firefox\crashreporter.exe [2009-07-21 21:02]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 22:55]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 22:55]
.
2011-04-15 c:\windows\Tasks\McAfee AntiVirus Plus.job
- c:\progra~1\McAfee.com\Agent\mcagent.exe [2006-12-12 18:10]
.
2007-11-29 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
.
2011-04-15 c:\windows\Tasks\{17691F8D-D24B-4010-8686-CB5F277782FB}_DH2WV7C1_Tyler.job
- c:\windows\system32\mobsync.exe [2004-08-10 11:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://swagbucks.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: ICF.dll
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www5.snapfish.com/SnapfishActivia3.cab
FF - ProfilePath - c:\documents and settings\Steve-Julia\Application Data\Mozilla\Firefox\Profiles\he9qkdbn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={0BB288F5-EF69-7EA5-11BA-C1FE7ECE81E3}&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - %profile%\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-Gbapewigamewob - c:\windows\otxtpr.dll
HKLM-Run-Zune Launcher - e:\justin\ZuneLauncher.exe
HKLM-Run-IJNetworkScanUtility - c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
HKLM-Run-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
HKLM-Run-Eleqibof - c:\windows\ocutokaratiqe.dll
Notify-__c0017FC - c:\windows\system32\__c0017FC.dat
Notify-__c007ABEF - (no file)
Notify-__c00DB58A - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-A00F1211D2F - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F1211D2F.exe
MSConfigStartUp-A00F121F29 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F121F29.exe
MSConfigStartUp-A00F135D552 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F135D552.exe
MSConfigStartUp-A00F174656F - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F174656F.exe
MSConfigStartUp-A00F1A5EC35 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F1A5EC35.exe
MSConfigStartUp-A00F2736F2B - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F2736F2B.exe
MSConfigStartUp-A00F275608B - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F275608B.exe
MSConfigStartUp-A00F27A0A25 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F27A0A25.exe
MSConfigStartUp-A00F2848CE - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F2848CE.exe
MSConfigStartUp-A00F290CF8 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F290CF8.exe
MSConfigStartUp-A00F29E1AE - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F29E1AE.exe
MSConfigStartUp-A00F2A05D - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F2A05D.exe
MSConfigStartUp-A00F2FC38 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F2FC38.exe
MSConfigStartUp-A00F30A3204 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F30A3204.exe
MSConfigStartUp-A00F3B74033 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F3B74033.exe
MSConfigStartUp-A00F3DF9297 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F3DF9297.exe
MSConfigStartUp-A00F4214F - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F4214F.exe
MSConfigStartUp-A00F45ABFFA - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F45ABFFA.exe
MSConfigStartUp-A00F47E20FB - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F47E20FB.exe
MSConfigStartUp-A00F49044A9 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F49044A9.exe
MSConfigStartUp-A00F493FDE8 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F493FDE8.exe
MSConfigStartUp-A00F51EF558 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F51EF558.exe
MSConfigStartUp-A00F588EE - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F588EE.exe
MSConfigStartUp-A00F5A0161 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F5A0161.exe
MSConfigStartUp-A00F727881 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F727881.exe
MSConfigStartUp-A00F75AB0 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F75AB0.exe
MSConfigStartUp-A00F7B6DB7 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F7B6DB7.exe
MSConfigStartUp-A00F89E2262 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00F89E2262.exe
MSConfigStartUp-A00FA83799 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00FA83799.exe
MSConfigStartUp-A00FC2D438 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00FC2D438.exe
MSConfigStartUp-A00FDC3318 - c:\docume~1\Tyler\LOCALS~1\Temp\_A00FDC3318.exe
MSConfigStartUp-A00FDCE0E - c:\docume~1\Tyler\LOCALS~1\Temp\_A00FDCE0E.exe
MSConfigStartUp-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe
MSConfigStartUp-InetCntrl - c:\windows\system32\InetCntrl\InetCntrl.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
AddRemove-AIM_7 - c:\program files\AIM\uninst.exe
AddRemove-Backyard Baseball 2001 - c:\hegames\Baseball2001\Uninst.isu
AddRemove-Carmen Sandiego Math Detective 1.0.0 - c:\program files\Carmen Math Detective\DeIsL1.isu
AddRemove-Collab - c:\program files\Image-Line\Collab\uninstall.exe
AddRemove-Free YouTube Download_is1 - e:\tyler\Free YouTube Download\unins000.exe
AddRemove-IL Download Manager - c:\program files\Image-Line\Downloader\uninstall.exe
AddRemove-LucasArts' Star Wars: Episode I Racer - c:\program files\LucasArts\RACER\DeIsL1.isu
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
AddRemove-Super Mario 3 : Mario Forever - e:\tyler\Games\Uninstal.exe
AddRemove-Toy Story 2 - f:\tyler\DeIsL1.isu
AddRemove-Videora iPod Converter - f:\tyler\Downloads\Video Converter App\uninstaller.exe
AddRemove-ZwangiSearch - c:\program files\ZwangiSearch\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-15 15:34
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1260)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(1324)
c:\windows\system32\ICF.dll
.
- - - - - - - > 'explorer.exe'(2124)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-04-15 15:42:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-15 19:42
.
Pre-Run: 58,161,774,592 bytes free
Post-Run: 61,586,731,008 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D154168AF508869EFB680E40E8557F52
 
That looks more familiar :) Please post fresh dds.txt log too.
 
Fresh DDS

DDS (Ver_11-03-05.01) - NTFSx86
Run by Steve-Julia at 16:21:26.31 on Fri 04/15/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1499 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Content Filter\UpdateService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\ARO 2011\aro.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Steve-Julia\My Documents\Downloads\dds(2).scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://swagbucks.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
{5ca3d70e-1895-11cf-8e15-001234567890}
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101119025859.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Browser Address Error Redirector: {ca6319c0-31b7-401e-a518-a07c3db8f777} - CBrowserHelperObject Object
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Safe &Eyes Toolbar: {430ddb4f-38cc-4e91-af33-4157334ec937} - c:\program files\internet content filter\setoolbar.dll
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [cdloader] "c:\documents and settings\steve-julia\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [AROReminder] c:\program files\aro 2011\aro.exe -rem
mRun: [monitr32] c:\program files\canon\multipass4\monitr32.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ICF] "c:\program files\internet content filter\SafeEyes.exe"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [Magnify] Magnify.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dRunOnce: [MPlayer2_FixUp] c:\windows\inf\unregmp2.exe /Fixups
StartupFolder: c:\docume~1\steve-~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\steve-~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: ICF.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\chessmaster challenge\images\stg_drm.ocx
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www5.snapfish.com/SnapfishActivia3.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224543082828
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\monopoly\images\armhelper.ocx
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\steve-~1\applic~1\mozilla\firefox\profiles\he9qkdbn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={0BB288F5-EF69-7EA5-11BA-C1FE7ECE81E3}&q=
FF - component: c:\documents and settings\steve-julia\application data\mozilla\firefox\profiles\he9qkdbn.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\steve-julia\application data\mozilla\firefox\profiles\he9qkdbn.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - %profile%\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-5 64160]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-5 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-7 84072]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-1-16 161064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-25 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-7 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-7 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-7 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-7 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-7 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-7 141792]
R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\internet content filter\UpdateService.exe [2010-3-1 233472]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-5 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-7 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-5 152960]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-7 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-7 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-9 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-5 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-7 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-7 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-5 40552]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2007-12-1 31872]
.
=============== Created Last 30 ================
.
2011-12-06 22:06:25 -------- d-----w- C:\found.002
2011-04-15 19:21:00 -------- d-sha-r- C:\cmdcons
2011-04-15 19:16:21 98816 ----a-w- c:\windows\sed.exe
2011-04-15 19:16:21 89088 ----a-w- c:\windows\MBR.exe
2011-04-15 19:16:21 256512 ----a-w- c:\windows\PEV.exe
2011-04-15 19:16:21 161792 ----a-w- c:\windows\SWREG.exe
2011-04-15 15:48:35 -------- d-----w- c:\docume~1\steve-~1\applic~1\Sammsoft
2011-04-15 15:45:50 -------- d-----w- c:\program files\ARO 2011
2011-04-06 15:52:40 1470 ----a-w- c:\windows\awonisixejigulu.dll
2011-04-06 15:35:48 1470 ----a-w- c:\windows\opobugojudoyat.dll
2011-03-27 23:40:45 0 ----a-w- c:\windows\Dsabalumihudusib.bin
.
==================== Find3M ====================
.
2011-02-17 20:34:32 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
============= FINISH: 16:21:55.48 ===============
 
Hi again,

Uninstall these if not installed on purpose:
My Web Tattoo for Firefox (Fast Browser Search)
My.Freeze.com NetAssistant


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
c:\windows\awonisixejigulu.dll
c:\windows\opobugojudoyat.dll
c:\windows\Dsabalumihudusib.bin
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9159:TCP"=-
"9159:UDP"=-
Firefox::
FF - ProfilePath - c:\documents and settings\Steve-Julia\Application Data\Mozilla\Firefox\Profiles\he9qkdbn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={0BB288F5-EF69-7EA5-11BA-C1FE7ECE81E3}&q=
DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 24.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is not checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
Thanks

I was needing some help with these latest instructions. A relative went through them and then cleaned everything up for me. Thank you for all your help!!!
 
Hi,

Were those steps in my previous post followed? If so, please post those logs.
 
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top