InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Malware or system corruption? Windows XP? |
|
Answer» Fresh HJT log attached.
---------- Create An Uninstall List * Start HijackThis * Click on the Open the Misc Tools section * Click on the Open Uninstall Manager button. * Click on the Save list button and specify where you would like to save this file and click Save. * When you press Save button a notepad will open with the contents of that file. * Copy and paste that list in your reply. . ---------- Also let us know how things are now.Hi EF, Thanks for stopping by my thread. I appreciate all you and SD you for me. After running SFC, I've spent the last 48 hours verifying the operability of my installed applications so I can give a better quality report. It's good you asked about the uninstall report. I was going in that direction anyway because I needed to check for additional program corruption. At the beginning of the thread I reported problems with Google Chrome being corrupted, as well as frequent dirty disk Chkdsk generations. I don't know if this was a consequence of my infection or doing a repair install with an old XP disk (I forgot I had upgraded to a larger SATA drive). I actually verified every program on the Start Menu. You don't really appreciate how much MS has bundled in until you start going through all of them. Most of the programs all ran. Four programs had errors, but reinstalling got them running again. Three more had errors, but I didn't care about them anymore and just uninstalled them. Two or three more programs showed up in the wrong folder in the Start Menu. These entries were just deleted. I've had some uninstallable situations in Add/Remove programs in the past, but with the issue of drive corruption, I decided to TACKLE this issue with Revo. By the WAY, Revo and Winamp both gave this error on installation, but both programs seem to run okay anyway: "The procedure entry point IsThreadDesktopComposited could not be located in the dynamic link library USER32.dll" I'm surprised the HJT scan does not show an entry for JAVA(TM) 6 Update 7 that shows up in my Add/Remove Programs. It won't delete in there, and Revo can't get it either. I wondered if there was some cross-corruption between the two JAVA's, and since we had the Kaspersky issue in Reply # 14, I decided to run Kaspersky again. I guess that scanner is just problematic anyway from what I hear. It halted and fussed, but eventually I got a good scan out of it again. Didn't repeat the freeze and HDD flurry like before. So I wanted to track the issue of SAS halting on the "Unexpected error". It did halt once or twice on my, but I haven't been able to get it to duplicate that behavior anymore. Maybe it's because I uninstalled WMP. But I also uninstalled before the new halts. The reason I uninstalled WMP is that it wouldn't run because of an error message that the version number encountered was different from the version number expected. So, I'm thinking I'm getting out of the woods here, but one of the programs that was corrupted along with Chrome back in the beginning was Download Accelerator Plus, and it is one that had to be reinstalled to get it running again - and so I was alarmed at my SAS test scan to find Trojan.Agent /Gen pop up. I'm thinking, "Oh no, don't tell me it's that Karaplayer.exe. Or maybe on of the OEM programs I never run because I tested everything today." When finished, it turned out to be SBSEARCH.DLL - from Download Accelerator Plus. Looking at the keys, it's the browser hijack changing the home page and default search to SpeedBit Search. Well, I've noticed that before, and it really annoyed me, but I don't consider it real malware. It's been on CNET for 10 weeks, in the top 20 for a while, and now at # 36. CNET certifies everything as "Safe, Tested and Spyware Free". So I guess it just depends on where you draw the line at Malware. Sure, done without my permission for the purpose of commercial gain, but I don't think it is in the same league as the things that were done to harm my computer in this thread. So I removed DAP and reinstalled to see if I had just missed unchecking a box to decline the hijack, but there was nothing, and on rescanning it reappeared. So I let SAS remove it again, but haven't removed DAP again. So I hope I am safe now. So, additional duplications in my Add/Remove list are 2 copies of Google Earth and 3 copies of C++ Redistributable. I also see that Neroxml is on the HJT list, but not in my Add/Remove list. I just removed Nero as one of the programs that needed to be reinstalled. That's all I can think of for now. Logs posted below. Any thoughts on the possible false positives in Reply # 14? Thanks again. ------------------------- HJT Uninstall Log Sansa Media Converter 7-Zip 4.57 ACDSee 9 Photo Manager Adobe Acrobat 4.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3 Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.(R) L2 Fast Ethernet Driver Avira AntiVir Personal - Free Antivirus Bentley Publishers - eBahn® Bonjour Canon MP Navigator EX 1.0 Canon MX310 series Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu DivX Codec DivX Web Player ESET Online Scanner v3 FLAC 1.2.1b (remove only) Free Video Converter V 2.5 FurthurNET 1.7.5 Google Earth Google Earth Google Update Helper HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB961118) Intel(R) Graphics Media Accelerator Driver iTunes Java(TM) 6 Update 18 Malwarebytes' Anti-Malware MemTurbo Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox (3.0.16) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) neoDVDstandard4 neroxml Nokia Connectivity Cable Driver OpenOffice.org 3.1 Opera 10.10 PeaZip 2.3a Personal Ancestral File 5 Picasa 3 PIXMA Extended Survey Program Presto! PageManager 7.15.16 QuickTime RealPlayer Realtek High Definition Audio Driver Revo Uninstaller Pro 2.0.5 Roland Virtual Sound Canvas 3.2 Samsung ML-4500 Series Driver ScanSoft OmniPage SE 4 Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB975467) Serif 3DPlus 2.0 Serif DrawPlus 4.0 Serif PagePlus SE 1.0 Serif PhotoPlus 6.0 SiSoftware Sandra Lite 2009 SpeedBit Video Accelerator Spybot - Search & Destroy Stella 2.6.1 SUPERAntiSpyware Free Edition Switch Sound File Converter ThaiSoftware Dictionary V3.0 The KMPlayer (remove only) Ulead VideoStudio 10 Update for Windows XP (KB968389) Update for Windows XP (KB971737) VC80CRTRedist - 8.0.50727.762 VCRedistSetup Winamp Windows Essentials Media Codec Pack 1.0 Windows Live OneCare safety scanner Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format Runtime WinRAR archiver WOT for Internet Explorer XP_Key_Changer 2.0.0 Xvid 1.2.1 final uninstall XviD MPEG-4 Codec --------------------------------- SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/24/2010 at 02:08 AM Application Version : 4.33.1000 Core Rules Database Version : 4510 Trace Rules Database Version: 2322 Scan type : Complete Scan Total Scan Time : 00:05:04 Memory items scanned : 506 Memory threats detected : 0 Registry items scanned : 5420 Registry threats detected : 22 File items scanned : 0 File threats detected : 1 Trojan.Agent/Gen HKLM\Software\Classes\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000} HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000} HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000} HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32 HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32#ThreadingModel HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\ProgID HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\Programmable HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\TypeLib HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\VersionIndependentProgID HKCR\SearchHook.SrchHook.1 HKCR\SearchHook.SrchHook.1\CLSID HKCR\SearchHook.SrchHook HKCR\SearchHook.SrchHook\CLSID HKCR\SearchHook.SrchHook\CurVer HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6} HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0 HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0 HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0\win32 HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\FLAGS HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\HELPDIR C:\PROGRA~1\DAP\SBSEARCH.DLL HKU\S-1-5-21-682003330-492894223-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4F10C1D-87C7-404A-B4B3-000000000000} HKU\S-1-5-21-682003330-492894223-1957994488-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{F4F10C1D-87C7-404A-B4B3-000000000000} Remove the old version(s) Download JavaRa * Unzip the file and open the JavaRa.exe * Click Remove Older Versions * JavaRa will search for and remove any outdated version of Java and remove any that are found. * Click Additional Tasks * Place a check next to Remove Useless JRE Files and click Go * Exit JavaRa * Delete the JavaRa files from the desktop ---------- Open Malwarebytes' Anti-Malware. * Click the Update tab. * Click Check for Updates * If an update is found, it will download and install. * Click the Scanner tab. * Select Perform Quick Scan, then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy & Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. ---------- Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.
How is the computer running now?JavaRa removed more registry keys, but JAVA(TM) 6 Update 7 (133MB) persists in the Add/Remove programs list. I can't find it anywhere. Lots of Java folders around the system, but none this size, or that look like they don't belong where they are, so I have attached this log below as well. There's a dozen blank logs at the end because it took me a while to figure out that it was appending to the log rather than creating a new one each run. MBAM gave a clean scan, but it couldn't connect to update, asking me to report to them an Error Code 732 (0,0). I had this happen last month, and they sent me a list of possible causes, one of which was server congestion due to their upgrade release. The problem went away, so I figured that was it. I was thinking along the same lines tonight, but this also harks back to the original issues I had while still infected, i.e., erratic connectivity. In fact, just yesterday I was thinking how much smoother the internet was working when it started acting up again. The reason I mention this is that MBAM was able to update after running Dial-a-Fix. So I wonder if some of the malware damage was still waiting to be repaired. It is interesting to go through this process and learn that while Windows has some self-repair capabilities, some of these things require special tools. MS might be well to follow forums like this and upgrade their self-repair capabilities, or hire developers of these special tools. Clean MBAM log attached below. Dial-a-Fix ran as expected. I have attached the list of error messages below. Since this post, and this thread, deal with corruption issues, I should address the three error possibilities reported: 1 - Corruption, 2 - Not DLL Install-able, 3 - Not registerable. Since some of these errors may pertain to Windows Update, before assuming corruption, I should address the possibility that "Not registerable" could be happening because Windows has locked files because I have not dealt with the WGA issue. Product key registration failed because of the mismatch between the product key type and the Windows CD type (Retail - Full - No SP versus MSDN - Upgrade - SP3). I thought it best not to address this until we are finished because last time I had an issue like this, I had to call MS on the 800 number. I did not want to commit to this until we were sure this repair is finished and successful. If you would like me to take care of this at this time, I will. My next step in this regard was to try to use a Key Changer in order to see if it would accept my product key now that the installation is finished and stable. Otherwise, networking on the LAN seems improved over yesterday. Yesterday the other XP computer (Athlon) on the LAN could not even see this computer, and from the beginning of this thread I have had difficulty opening SharedDocs on the other computer to transfer back and forth all the tools and logs used in this thread. Today I checked all the computers and can summarize them as follows. The computer being treated in this thread is the Celeron: From Celeron to Athlon XP - Smooth Celeron to Q6600 Vista - Slower, but works. Celeron to P4 Vista - Blank password issue. Q6600 Vista to Celeron - Password mismatch issue - won't tell me how to resolve it. P4 Vista and Athlon XP to Celeron - both have the same error message as follows: "SharedDocs is not accessable. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. Access is denied." In the Properties tab, both of the following boxes are checked: - Share this folder on the network and - Allow network users to change my files In other issues, Revo and Winamp both continue to give the same error when run, but both programs still seem to run okay anyway: "The procedure entry point IsThreadDesktopComposited could not be located in the dynamic link library USER32.dll" Also, running my program checks yesterday, I noticed in System Information -> Hardware Resources -> Conflicts/Sharing that there are 6 listings, 2 Memory and 4 IRQ. 5 are double shares, IRQ 10 has 6 shares, but in Device Manger, all report no conflicts. So I suppose BIOS or Windows is managing sharing. It seems a bit much. Should I do something about it? Reset ESCD Config in BIOS? Should duplicate Google Earth and C++ entries be removed? My overall subjective feeling about how the computer is doing is that it has come a long way since where it was, even running better than before the infection, now that it is cleaner and healed. It has reminded of how I felt when I first got it - about how much faster it felt than the Athlon 2500 I used before - which surprised me, because when I first got the Athlon with XP way back when, it was not far from being state of the art at the time, and I was really proud of how fast it performed. So with this Celeron running at the same MHz, I was surprised how much faster it felt, and then I started to learn about increases in FSB speeds over the years, and etc. So I really feel good now about the system. It has that "smooth as butter" feeling when clicking on things and interacting with the internet that it hasn't had for a long time. That's all I can think of for now. Thanks. Logs follow: JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Dec 08 14:19:45 2009 Found and removed: C:\Program Files\Java\jre1.6.0_04 Found and removed: C:\Program Files\Java\jre1.6.0_05 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: C:\Program Files\Java\jre1.6.0_13 Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_04 Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_11 Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_12 Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_13 Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_14 Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_15 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\JavaPlugin.160_04 Found and removed: SOFTWARE\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050} Found and removed: Software\Classes\JavaPlugin.160_04 Found and removed: Software\Classes\JavaPlugin.160_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05 Found and removed: Software\JavaSoft\Java2D\1.6.0_04 Found and removed: Software\JavaSoft\Java2D\1.6.0_05 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_04.b12\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\ JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Dec 08 14:20:20 2009 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Dec 08 14:20:40 2009 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Jan 22 03:15:23 2010 Found and removed: C:\Documents and Settings\COMPUTER\Application Data\Sun\Java\jre1.6.0_17 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\JavaPlugin.160_04 Found and removed: SOFTWARE\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050} Found and removed: Software\Classes\JavaPlugin.160_04 Found and removed: Software\Classes\JavaPlugin.160_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_04.b12\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\ ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:19:04 2010 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:21:04 2010 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:28:22 2010 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:29:04 2010 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:34:17 2010 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:47:23 2010 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:48:17 2010 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:49:55 2010 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:50:18 2010 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:54:13 2010 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:54:35 2010 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:57:20 2010 ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jan 24 20:57:55 2010 ------------------------------------ Finished reporting. Malwarebytes' Anti-Malware 1.44 Database version: 3626 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 1/24/2010 10:59:34 PM mbam-log-2010-01-24 (22-59-34).txt Scan type: Quick Scan Objects scanned: 141336 Time elapsed: 5 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Dial-a-fix Error -2147467259 was encountered while trying to unregister C:\WINDOWS\system32\msxml3.dll. The error text is: Unspecified Error. Dial-a-fix currently has no suggestions for this error code. Please email [emailprotected] with a copy of the lop pane and any details you can provide about this error. Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Your version of imgutil.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Your version of inseng.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Your version of inseng.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Your version of mshtml.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Your version of mshtml.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Your version of msrating.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Your version of occache.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Your version of occache.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Your version of pngfilt.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Your version of webcheck.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Your version of webcheck.dll is: 8.00.6001.18702. Please contact [emailprotected] so that an exception can be made for your version of this file.Delete An Uninstall Entry
---------- You may need to check with Mozilla on the other errors. https://support.mozilla.com/en-US/forum/1/478629 For the remaining Windows issues, slow transfers and passwords start a new topic in the Windows forum. I'm pretty sure the malware is gone. We can run another scan for a double check if you like. Download, update and run a-squared Free edition At the main menu, click Scan Now, there will be 4 options, choose Deep Scan and then click Scan * If malware is found, click the button Remove Selected Malware * If malware is found, select all found and click Quarantine selected objects * Click Save Report. Save the report to somewhere convenient, such as your desktop * Add the report as an attachment in your next post.JAVA(TM) 6 Update 7 does not appear in the HJT Uninstall Manager. Since JavaRa removed so much on the 2nd and 3rd runs, this issue is no longer a concern to me. I was afraid that a Java exploit was preventing its removal, but it appears JavaRa reports that there is no longer anything left on the HDD of this version of Java. So I see the Revo/Winamp error message is a system-wide thing, not application specific. I should have known since it occurs on two unrelated applications. The Mozilla thread was inadvertently closed by someone, but was reopened here: https://support.mozilla.com/en-US/forum/1/401389 Since the Mozilla thread is speculative, you might prefer to refer people to the Microsoft solution instead: http://support.microsoft.com/kb/969155 It concerns a Vista file ACCIDENTALLY installed in XP by some MS applications. The solution is just to delete it. So it's not a malware issue, so it is no longer of concern. The solution fixed both Winamp and Revo on my computer. As for the a-squared scan, the scan results really have me thinking about what this experience is teaching me about false positives. As I mentioned in Reply # 14, Quote I didn't pay much attention to the issue of false positives in the past. I just assumed AV publishers had their signature lists and that they just worked. A random match of data bits that match seemed too small a chance to worry about. But I've been following the CNET reviews of security software recently, and I noticed for the first time that the percentage of false positives is a rating factor. Also, upon installing Avira last month, I was surprised at their candor concerning the chances of false positives with respect to the sensitivity settings chosen. In fact, it is the first program I have ever seen with sensitivity settings. That together with what I learned from my Jotti's scans, also in Reply #14, and reviews of AV products at the Virus Bulletin web site, has me realizing that every anti-malware product has a small percentages of false positives, and therefore, mathematically, or statistically speaking, the more different brands of scanners you expose your system to, the more you are exposing yourself to the chance of a false positive. The reason I bring up this issue here is because of the items found by a-squared. The tracking cookies - that's fine. I delete them every chance I get. The inprocserver32 tracing detection - there is a big discussion of this on the Kaspersky forum: http://forum.kaspersky.com/lofiversion/index.php/t48032.html to the point of one post even accusing Emsisoft of false positives in the free edition to drive sales of the the paid edition. Whether or not that's an overreaction, the entire thread discussion shows there is not a consensus as to whether or not these keys should be deleted. Next there is Presto Pagemanager. This is off my Installation Disk that came with my Canon printer/scanner. Next is the Setup.exe for one of the Serif applications downloaded from the Serif webite. And then comes All in One Karaoke again (from Reply # 14 again). But this time it's not Karaplayer, it's NickWin.exe. When I installed Avira, it offered me 3 levels of scanning sensitivity and advised that the chance of false positives increased with the higher settings. Because this infection had me so worried, I chose the highest sensitivity anyway. Yet Avira did not pick of any of these files. Maybe it's because it is only an anti-virus and a-squared is a specialized tool. But the overall feeling I get is that a-squared is the most sensitive with a higher chance of reporting false positives. So my problem is that I do not have enough experience and judgement to evaluate this log to feel qualified to decide for myself whether to allow a-squared to remove these findings. The more you learn, the more you realize how much you don't know, so I can appreciate someone with your level of knowledge marking your profile experience level as "Beginner". So I have not allowed a-squared to remove these results so I can get your input first. I know one behavior of malware is to insert itself into other executable files on the system, so I don't know for sure what I should do. All for now. Thanks [Saving space, attachment deleted by admin]You can safely let a2 remove those. I believe that the malware is gone. Any further issues will need to be addressed in the proper forum.That's really good to hear. It has been so stressful going through this malware experience. I am so grateful you and SD have been able to help me return my computer to good health. Thanks so much. |
|