Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Trend Micro Internet Security Shows Cryp_Mangled


  • This topic is locked This topic is locked
8 replies to this topic

#1 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 24 September 2009 - 02:43 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:46 PM, on 9/24/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Data Deposit Box\starter.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Data Deposit Box\status.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Retriever Software\Application Builder\vabpro.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Eric\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Data Deposit Box.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mlb.com
O15 - Trusted Zone: http://*.retrieversoftware.com
O15 - Trusted IP range: http://64.183.9.106
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logme...scueControl.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefi...er_4.0.21.0.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://virtualtrain...nt/ieatgpc1.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://networksoluti...rueSwitchEC.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Advantage Database Server (Advantage) - iAnywhere Solutions, Inc. - C:\Program Files\Advantage 9.0\Server\ADS.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: ERS default20 httpsd (ERSdefault20httpsd) - Apache Software Foundation - C:\apache2\apache2.0\bin\httpsd.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Label Services (LabelServices) - Euro Plus d.o.o. - C:\Program Files\Common Files\EuroPlus Shared\LblServices.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Online Backup Service - Unknown owner - C:\Program Files\Data Deposit Box\nts.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Rfservice - Unknown owner - C:\Program Files\Retriever Software\rfservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: WavelinkServer - Wavelink Corporation - C:\Program Files\Wavelink\StudioCOM\Bin\WLServer.exe
O23 - Service: WavelinkStartupSrvc - Wavelink, Corp. - C:\Program Files\Wavelink\StudioCOM\Bin\WLStartUp.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13254 bytes

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 27 September 2009 - 10:26 PM

Hi EricWoods,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Let's get more info.

  • Download DDS and save it to your desktop from
  • Here
  • here or
  • here.
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Double click DDS icon to run the tool (may take up to 3 minutes to run)
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
  • We Need to check for Rootkits with RootRepeal
    • Download RootRepeal from one of the following locations and save it to your desktop.
    • Open Posted Image on your desktop.
    • Click the Posted Image tab.
    • Click the Posted Image button.
    • In the Select Scan dialog, check
      Posted Image
    • Push Ok
    • Check the box for your main system drive (Usually C:), and press Ok.
    • Allow RootRepeal to run a scan of your system. This may take some time.
    • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
  • Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post.

  • Copy/paste the DDS.txt log (that you've previously saved to your desktop) onto your post.

  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 27 September 2009 - 11:27 PM

ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/27 22:19 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x9091D000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x90912000 Size: 45056 File Visible: No Signed: - Status: - Name: dump_dumpfve.sys Image Path: C:\Windows\System32\Drivers\dump_dumpfve.sys Address: 0x90925000 Size: 69632 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xBB381000 Size: 49152 File Visible: No Signed: - Status: - Name: spny.sys Image Path: C:\Windows\System32\Drivers\spny.sys Address: 0x8A006000 Size: 1048576 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1260 Status: Locked to the Windows API! SSDT ------------------- #: 064 Function Name: NtCreateKey Status: Hooked by "<unknown>" at address 0x8848dfa0 #: 072 Function Name: NtCreateProcess Status: Hooked by "<unknown>" at address 0x8848d1e0 #: 073 Function Name: NtCreateProcessEx Status: Hooked by "<unknown>" at address 0x8848d4a0 #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x8848ee00 #: 123 Function Name: NtDeleteKey Status: Hooked by "<unknown>" at address 0x8848e520 #: 126 Function Name: NtDeleteValueKey Status: Hooked by "<unknown>" at address 0x8848e7e0 #: 165 Function Name: NtLoadDriver Status: Hooked by "<unknown>" at address 0x8848f140 #: 194 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x8848da20 #: 324 Function Name: NtSetValueKey Status: Hooked by "<unknown>" at address 0x8848e260 #: 334 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x8848dce0 #: 358 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x8848ec60 #: 382 Function Name: NtCreateThreadEx Status: Hooked by "<unknown>" at address 0x8848efa0 #: 383 Function Name: NtCreateUserProcess Status: Hooked by "<unknown>" at address 0x8848d760 ==EOF== DDS (Ver_09-06-26.01) - NTFSx86 Run by Eric at 22:08:56.52 on Sun 09/27/2009 Internet Explorer: 8.0.6001.18813 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3006.1266 [GMT -7:00] AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Advantage 9.0\Server\ADS.EXE C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\apache2\apache2.0\bin\httpsd.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe C:\apache2\apache2.0\bin\httpsd.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Data Deposit Box\nts.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Data Deposit Box\startup.exe C:\Program Files\Retriever Software\rfservice.exe C:\Windows\system32\taskeng.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\rundll32.exe C:\Program Files\Data Deposit Box\backup.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\vssvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Data Deposit Box\starter.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Data Deposit Box\status.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\System32\svchost.exe -k swprv C:\Program Files\Intuit\QuickBooks 2008\qbw32.exe C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Eric\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [cdloader] "c:\users\eric\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe" mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0" mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\datade~1.lnk - c:\program files\data deposit box\starter.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: mlb.com Trusted Zone: retrieversoftware.com Trusted Zone: sausd.us\vpn Trusted Zone: turbotax.com DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://virtualtrainingcenter.webex.com/client/T26L/event/ieatgpc1.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://networksolutionsemailpopwizard.com/TrueSwitchEC.exe Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SecurityProviders: credssp.dll, schannel.dll ============= SERVICES / DRIVERS =============== R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-2-16 141840] R2 ERSdefault20httpsd;ERS default20 httpsd;c:\apache2\apache2.0\bin\httpsd.exe [2008-9-3 24661] R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088] R2 LabelServices;Label Services;c:\program files\common files\europlus shared\LblServices.exe [2009-1-14 1597096] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-29 47640] R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-11-25 203616] R2 MSSQL$INVETRAK;SQL Server (INVETRAK);c:\program files\microsoft sql server\mssql.3\mssql\binn\sqlservr.exe [2008-11-24 29263712] R2 Rfservice;Rfservice;c:\program files\retriever software\rfservice.exe [2009-8-29 122880] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-2-16 52624] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-15 36368] R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-2-16 234512] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-9-18 399032] R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-11-22 488768] R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-11-22 648456] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-9-17 99200] S3 Ser2at;ATEN USB to Serial port driver;c:\windows\system32\drivers\ser2at.sys [2009-2-18 76288] S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\system32\drivers\vpnva.sys [2008-9-18 24176] S3 WavelinkServer;WavelinkServer;c:\program files\wavelink\studiocom\bin\WLServer.exe [2003-5-22 290816] S3 WavelinkStartupSrvc;WavelinkStartupSrvc;c:\program files\wavelink\studiocom\bin\WLStartUp.exe [2003-5-22 110592] S3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2008-9-17 30032] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-15 47128] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] =============== Created Last 30 ================ 2009-09-23 23:03 <DIR> --d----- c:\program files\Motorola DataWedge 2009-09-14 08:47 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-09-14 08:47 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-09-14 08:45 <DIR> --d----- c:\program files\iPod 2009-09-14 08:45 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-14 08:45 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-14 08:45 <DIR> --d----- c:\program files\iTunes 2009-09-14 08:42 <DIR> --d----- c:\program files\Bonjour 2009-09-13 09:14 <DIR> --d----- c:\program files\common files\Memeo 2009-09-10 06:02 19,419,136 a------- C:\atssqlce.sdf 2009-09-10 05:35 904,776 a------- c:\windows\system32\drivers\tcpip.sys 2009-09-10 05:35 105,984 a------- c:\windows\system32\netiohlp.dll 2009-09-10 05:35 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-09-10 05:35 19,968 a------- c:\windows\system32\ARP.EXE 2009-09-10 05:35 10,240 a------- c:\windows\system32\finger.exe 2009-09-10 05:35 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-09-10 05:35 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-09-10 05:35 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys 2009-09-10 05:35 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-09-10 05:35 17,920 a------- c:\windows\system32\netevent.dll 2009-09-10 05:35 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-09-10 05:34 302,592 a------- c:\windows\system32\wlansec.dll 2009-09-10 05:34 293,376 a------- c:\windows\system32\wlanmsm.dll 2009-09-10 05:34 127,488 a------- c:\windows\system32\L2SecHC.dll 2009-09-10 05:34 2,501,921 a------- c:\windows\system32\wlan.tmf 2009-09-10 05:34 513,536 a------- c:\windows\system32\wlansvc.dll 2009-09-10 05:34 65,024 a------- c:\windows\system32\wlanapi.dll 2009-09-10 05:34 2,868,224 a------- c:\windows\system32\mf.dll 2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx 2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts 2009-09-03 21:25 88 a------- c:\windows\SSTP.ini 2009-09-03 20:14 <DIR> --d----- c:\program files\Microsoft Windows 7 Upgrade Advisor 2009-09-02 15:08 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-09-02 15:08 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-09-02 13:58 <DIR> --d----- C:\Temp 2009-09-02 00:42 <DIR> --d----- c:\program files\Business Objects 2009-09-01 09:14 80 a------- c:\windows\HERBLIFE.ini 2009-08-30 21:37 16,896 a------- c:\windows\system32\SqlLog.dll 2009-08-30 20:12 <DIR> --d----- c:\program files\BitPim 2009-08-30 19:07 193,024 a------- c:\windows\system32\Rodbc.dll 2009-08-29 21:14 753,664 a------- c:\windows\system32\workstationdll.dll 2009-08-29 18:43 340,478,460 a------- c:\windows\MEMORY.DMP 2009-08-29 12:23 12,800 a------- c:\windows\system32\RptSetup.exe 2009-08-29 12:23 27,136 a------- c:\windows\system32\RptPrint.exe 2009-08-29 12:19 129,024 a------- c:\windows\system32\abrc.dll 2009-08-29 12:19 200,704 a------- c:\windows\system32\rfserverdll.dll 2009-08-29 12:18 110,080 a------- c:\windows\system32\cserverdll.dll 2009-08-29 12:17 62,464 a------- c:\windows\system32\ValidateSN.dll 2009-08-29 12:17 34,816 a------- c:\windows\system32\printcrpe.dll 2009-08-29 12:16 19,968 a------- c:\windows\system32\RSRFID.dll 2009-08-29 12:16 369,152 a------- c:\windows\system32\rsmisc.dll 2009-08-29 12:15 16,384 a------- c:\windows\system32\rsrapi.dll 2009-08-29 03:03 2,048 a------- c:\windows\system32\tzres.dll ==================== Find3M ==================== 2009-09-27 21:53 81,896 a------- c:\programdata\nvModes.dat 2009-09-27 21:53 81,896 a------- c:\progra~2\nvModes.dat 2009-09-25 06:35 5,992 a------- c:\windows\bthservsdp.dat 2009-09-14 08:36 143,360 a------- c:\windows\inf\infstor.dat 2009-09-14 08:36 51,200 a------- c:\windows\inf\infpub.dat 2009-09-14 08:36 143,360 a------- c:\windows\inf\infstrng.dat 2009-08-30 13:15 28,160 a------- c:\windows\system32\RSISAPIServerDLL.dll 2009-08-28 19:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 19:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-28 19:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 19:30 542,720 a------- c:\windows\apppatch\AcLayers.dll 2009-08-19 05:18 107,864 a------- c:\windows\system32\tsccvid.dll 2009-08-17 10:32 3,762 a------- c:\windows\system32\ealregsnapshot1.reg 2009-07-26 15:37 139,152 a------- c:\users\eric\appdata\roaming\PnkBstrK.sys 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-21 14:52 915,456 a------- c:\windows\system32\wininet.dll 2009-07-21 14:47 109,056 a------- c:\windows\system32\iesysprep.dll 2009-07-21 14:47 71,680 a------- c:\windows\system32\iesetup.dll 2009-07-21 13:13 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-07-17 06:54 71,680 a------- c:\windows\system32\atl.dll 2009-07-15 05:40 8,147,456 a------- c:\windows\system32\wmploc.DLL 2009-07-15 05:39 313,344 a------- c:\windows\system32\wmpdxm.dll 2009-07-15 05:39 4,096 a------- c:\windows\system32\dxmasf.dll 2009-07-15 05:39 7,680 a------- c:\windows\system32\spwmp.dll 2009-06-30 15:36 18,696 a------- c:\windows\help\oem\scripts\HC_BatteryReplaceNew.exe 2009-06-30 15:10 18,696 a------- c:\windows\help\oem\scripts\HC_BatteryNoTravel.exe 2009-06-30 15:03 18,696 a------- c:\windows\help\oem\scripts\HC_BatteryAccessories.exe 2009-06-30 12:44 18,184 a------- c:\windows\help\oem\scripts\HC_BatteryWeakNew.exe 2009-06-02 08:12 665,600 a------- c:\windows\inf\drvindex.dat 2009-02-16 11:25 60,744 a------- c:\users\eric\g2mdlhlpx.exe 2009-01-13 22:36 27,744 a------- c:\users\eric\appdata\roaming\nvModes.dat 2008-08-25 13:03 0 a------- c:\program files\error.dat 2008-01-20 19:41 174 a--sh--- c:\program files\desktop.ini 2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-06-11 14:58 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-06-11 14:58 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-06-11 14:58 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2009-06-11 14:58 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat ============= FINISH: 22:09:51.71 ===============

Attached Files



#4 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 28 September 2009 - 07:51 AM

EricWoods,

I'm not seeing a whole lot.

You appear to be having some trouble connecting to the internet. Is this a laptop that you connect wirelessly at multiple locations?

JavaRa ...by: Paul McLain and Fred de Vries

Please download JavaRa (Copyright © 2008 RaProducts.org) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
  • Copy and paste the contents of the JavaRa log, in your next reply.


Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#5 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 29 September 2009 - 08:18 AM

Yes, this is a laptop that I use to connect to the Internet at several different public places. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Sep 28 23:38:37 2009 Found and removed: C:\Program Files\Java\jre1.6.0_02 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: C:\Users\Eric\AppData\LocalLow\Sun\Java\jre1.6.0_10 Found and removed: C:\Users\Eric\AppData\LocalLow\Sun\Java\jre1.6.0_11 Found and removed: C:\Users\Eric\AppData\LocalLow\Sun\Java\jre1.6.0_12 Found and removed: C:\Users\Eric\AppData\LocalLow\Sun\Java\jre1.6.0_13 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\JavaPlugin.160_02 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\JavaPlugin.160_02 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, September 29, 2009 Operating system: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, September 29, 2009 09:01:51 Records in database: 2934472 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 274989 Threats found: 1 Infected objects found: 1 Suspicious objects found: 0 Scan duration: 05:15:27 File name / Threat / Threats count C:\Users\Eric\Desktop\Utilities\vnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 Selected area has been scanned.

#6 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 29 September 2009 - 10:40 AM

EricWoods,

Log looks good :D


You need to create a new Clean restore point:

  • Download SysRestorePoint to your desktop and unzip it to it's own folder.
  • Double click SysRestorePoint.exe so that we can make a new system restore point.
  • A box will pop up after it has made a new point, usually after a few seconds. Close that window and exit the program.
Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#7 EricWoods

EricWoods

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 29 September 2009 - 11:12 AM

Thanks, Tomk. Did all that you specified. I appreciate your help.

#8 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 29 September 2009 - 11:27 AM

EricWoods, You are very welcome. Good luck and Be Well. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#9 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 29 September 2009 - 11:27 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users