Jump to content

XP Internet Security


Recommended Posts

I have another infected computer. This time it's XP Internet Security. Using Safe Mode and exefix.reg I was able to install and run Malwarebytes. Attached is the log, as well as the Combofix log.

One symptom I've never seen before - the keyboard doesn't work. It works fine in Safe Mode, but not in a standard boot up. I'm having to use the on screen keyboard to do anything.

Please help!

For what it's worth, I applied for one of the Malware boot camps today. Hopefully I'll be accepted so I can help with this stuff.

Thank you!

mbam_log_2010_04_09__17_55_24_.txt

Combofix_log.txt

Link to post
Share on other sites

Hello DaileyComputer!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install any software or hardware, while work on.

Which Boot Camp? What you will find during your training is that ComboFix is a very powerful tool and you can start whenever you want, this is not a program type MalwareBytes' Anti-Malware.

Step 1:

Please manually delete ComboFix.exe

Step 2:

Go into C:\Program Files\Malwarebytes' Anti-Malware and you will see a file called mbam.exe Right click on it and drop down to Rename change the name to firefox.com From mbam.exe to firefox.com . Please, restart your computer.

Step 3:

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 4:

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

In your next reply, please include these log(s):

* MalwareBytes' Anti-Malware log

* DDS log with Attach.txt

Link to post
Share on other sites

I applied for the WhattheTech course. Is that a good one? Should I apply elsewhere? I had applied to the Bleeping Computer one months ago but never heard back.

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3982

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/12/2010 2:07:28 PM

mbam-log-2010-04-12 (14-07-28).txt

Scan type: Quick scan

Objects scanned: 132531

Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "firefox.exe -safe-mode") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Here's the DDS log:

DDS (Ver_10-03-17.01) - NTFSx86

Run by David Alvarez at 14:16:11.03 on Mon 04/12/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1437 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\OSK.exe

C:\Program Files\SiteAdvisor\6172\SAService.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

svchost.exe

C:\WINDOWS\system32\MSSWCHX.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\David Alvarez\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6172\SiteAdv.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6172\SiteAdv.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\firefox.exe" /runcleanupscript

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: thenation.com\www

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://www.co.jefferson.wa.us/imw32o40.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.co.jefferson.wa.us/PrntPRO2.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6172\SiteAdv.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-2 214664]

R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15 58984]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 116328]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-2 359952]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-2 144704]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 779496]

R3 Angel;Angel MPEG Device;c:\windows\system32\drivers\Angel.sys [2005-12-20 376320]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-2 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-2 35272]

S2 gupdate1ca2f0c89cc2445;Google Update Service (gupdate1ca2f0c89cc2445);c:\program files\google\update\GoogleUpdate.exe [2009-9-6 133104]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-2 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-2 40552]

S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-2 606736]

=============== Created Last 30 ================

2010-04-10 01:17:44 0 d-sha-r- C:\cmdcons

2010-04-10 01:11:14 98816 ----a-w- c:\windows\sed.exe

2010-04-10 01:11:14 77312 ----a-w- c:\windows\MBR.exe

2010-04-10 01:11:14 261632 ----a-w- c:\windows\PEV.exe

2010-04-10 01:11:14 161792 ----a-w- c:\windows\SWREG.exe

2010-04-09 23:25:33 0 d-----w- c:\docume~1\davida~1\applic~1\Malwarebytes

2010-04-09 23:25:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-09 23:25:25 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-09 23:25:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-09 23:25:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-04-08 01:14:20 0 d-----w- c:\docume~1\alluse~1\applic~1\avG

==================== Find3M ====================

2010-02-25 18:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2004-08-10 11:00:00 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll

2009-04-04 21:04:24 56 --sh--r- c:\windows\system32\2A9EAE7B3B.sys

2009-04-04 21:04:28 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-04-14 00:11:56 1028096 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll

2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

2008-08-23 20:12:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 14:17:51.60 ===============

And the Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/25/2005 6:43:54 PM

System Uptime: 4/12/2010 2:08:13 PM (0 hours ago)

Motherboard: Dell Inc. | | 0GC375

Processor: Intel® Pentium® D CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 143.248 GiB free.

D: is CDROM (UDF)

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: Microsoft USB Natural Keyboard Pro

Device ID: HID\VID_045E&PID_001D&MI_00\8&1504BAE&0&0000

Manufacturer: Microsoft

Name: Microsoft USB Natural Keyboard Pro

PNP Device ID: HID\VID_045E&PID_001D&MI_00\8&1504BAE&0&0000

Service: kbdhid

==== System Restore Points ===================

RP1381: 12/9/2009 11:06:16 PM - Software Distribution Service 3.0

RP1382: 12/10/2009 6:53:26 AM - Software Distribution Service 3.0

RP1383: 12/10/2009 11:15:28 PM - Software Distribution Service 3.0

RP1384: 12/12/2009 2:21:06 AM - Software Distribution Service 3.0

RP1385: 12/12/2009 11:04:04 PM - Software Distribution Service 3.0

RP1386: 12/13/2009 3:42:07 PM - Software Distribution Service 3.0

RP1387: 12/13/2009 10:11:54 PM - Software Distribution Service 3.0

RP1388: 12/14/2009 10:15:06 PM - Software Distribution Service 3.0

RP1389: 12/15/2009 11:00:33 PM - System Checkpoint

RP1390: 12/16/2009 4:00:14 AM - Software Distribution Service 3.0

RP1391: 12/16/2009 6:16:22 PM - Software Distribution Service 3.0

RP1392: 12/17/2009 1:55:18 AM - Software Distribution Service 3.0

RP1393: 12/18/2009 2:23:06 AM - System Checkpoint

RP1394: 12/18/2009 9:30:38 PM - Software Distribution Service 3.0

RP1395: 12/19/2009 10:16:14 PM - System Checkpoint

RP1396: 12/20/2009 11:03:33 AM - Removed Sonic DLA

RP1397: 12/21/2009 11:47:21 AM - System Checkpoint

RP1398: 12/22/2009 7:09:53 PM - System Checkpoint

RP1399: 12/23/2009 8:02:18 PM - System Checkpoint

RP1400: 12/24/2009 8:29:11 PM - System Checkpoint

RP1401: 12/25/2009 8:38:43 PM - System Checkpoint

RP1402: 12/28/2009 7:16:54 PM - System Checkpoint

RP1403: 12/29/2009 9:06:48 PM - System Checkpoint

RP1404: 12/30/2009 8:16:54 PM - Software Distribution Service 3.0

RP1405: 12/30/2009 8:47:38 PM - Software Distribution Service 3.0

RP1406: 12/31/2009 9:51:02 PM - System Checkpoint

RP1407: 1/2/2010 8:50:43 AM - System Checkpoint

RP1408: 1/3/2010 9:26:32 AM - System Checkpoint

RP1409: 1/6/2010 9:06:49 AM - System Checkpoint

RP1410: 1/7/2010 7:40:44 PM - System Checkpoint

RP1411: 1/8/2010 7:57:45 PM - System Checkpoint

RP1412: 1/10/2010 7:15:13 PM - System Checkpoint

RP1413: 1/11/2010 7:56:28 PM - System Checkpoint

RP1414: 1/12/2010 8:20:42 PM - System Checkpoint

RP1415: 1/13/2010 4:00:21 AM - Software Distribution Service 3.0

RP1416: 1/14/2010 9:37:15 PM - System Checkpoint

RP1417: 1/16/2010 11:14:47 AM - System Checkpoint

RP1418: 1/17/2010 12:16:25 PM - System Checkpoint

RP1419: 1/18/2010 5:16:12 PM - System Checkpoint

RP1420: 1/19/2010 10:03:40 PM - Software Distribution Service 3.0

RP1421: 1/21/2010 7:59:28 PM - System Checkpoint

RP1422: 1/21/2010 8:29:56 PM - Software Distribution Service 3.0

RP1423: 1/24/2010 2:48:23 PM - System Checkpoint

RP1424: 1/25/2010 9:26:34 PM - System Checkpoint

RP1425: 1/26/2010 10:02:45 PM - System Checkpoint

RP1426: 1/28/2010 9:29:26 PM - System Checkpoint

RP1427: 1/30/2010 8:28:52 AM - System Checkpoint

RP1428: 1/31/2010 4:30:21 PM - System Checkpoint

RP1429: 2/1/2010 8:34:30 PM - System Checkpoint

RP1430: 2/3/2010 8:11:02 PM - System Checkpoint

RP1431: 2/5/2010 11:42:30 PM - System Checkpoint

RP1432: 2/8/2010 8:36:39 PM - System Checkpoint

RP1433: 2/9/2010 10:41:11 PM - Software Distribution Service 3.0

RP1434: 2/11/2010 4:21:39 PM - System Checkpoint

RP1435: 2/12/2010 8:31:20 PM - System Checkpoint

RP1436: 2/13/2010 8:40:46 PM - System Checkpoint

RP1437: 2/14/2010 8:59:35 PM - System Checkpoint

RP1438: 2/18/2010 6:46:19 PM - System Checkpoint

RP1439: 2/19/2010 7:20:32 PM - System Checkpoint

RP1440: 2/20/2010 12:38:39 PM - Installed Rapport

RP1441: 2/21/2010 1:20:12 PM - System Checkpoint

RP1442: 2/22/2010 10:11:35 PM - System Checkpoint

RP1443: 2/23/2010 10:07:27 PM - Software Distribution Service 3.0

RP1444: 2/25/2010 8:06:55 PM - System Checkpoint

RP1445: 2/26/2010 9:12:18 PM - System Checkpoint

RP1446: 2/27/2010 10:09:01 PM - System Checkpoint

RP1447: 2/28/2010 11:20:59 PM - System Checkpoint

RP1448: 3/3/2010 2:21:15 PM - System Checkpoint

RP1449: 3/4/2010 5:06:47 PM - System Checkpoint

RP1450: 3/5/2010 5:57:48 PM - System Checkpoint

RP1451: 3/7/2010 7:03:07 PM - System Checkpoint

RP1452: 3/8/2010 8:00:11 PM - System Checkpoint

RP1453: 3/9/2010 9:41:08 PM - System Checkpoint

RP1454: 3/10/2010 10:58:20 PM - Software Distribution Service 3.0

RP1455: 3/12/2010 8:20:56 PM - System Checkpoint

RP1456: 3/13/2010 9:37:53 PM - System Checkpoint

RP1457: 3/15/2010 6:14:32 PM - System Checkpoint

RP1458: 3/17/2010 8:49:53 PM - System Checkpoint

RP1459: 3/19/2010 5:18:26 PM - System Checkpoint

RP1460: 3/20/2010 5:58:00 PM - System Checkpoint

RP1461: 3/21/2010 6:37:23 PM - System Checkpoint

RP1462: 3/26/2010 6:56:30 PM - Installed Rapport

RP1463: 3/27/2010 6:57:04 PM - System Checkpoint

RP1464: 3/29/2010 6:07:06 PM - System Checkpoint

RP1465: 3/31/2010 7:28:00 PM - System Checkpoint

RP1466: 3/31/2010 10:51:24 PM - Software Distribution Service 3.0

RP1467: 4/2/2010 2:12:34 PM - System Checkpoint

RP1468: 4/3/2010 2:30:34 PM - System Checkpoint

RP1469: 4/7/2010 6:18:23 PM - System Checkpoint

RP1470: 4/9/2010 6:59:56 PM - System Checkpoint

RP1471: 4/12/2010 1:49:25 PM - System Checkpoint

==== Installed Programs ======================

AC3Filter (remove only)

ACDSee

Adobe Acrobat - Reader 6.0.2 Update

Adobe Acrobat Elements 6.0

Adobe Flash Player 10 ActiveX

Adobe Flash Player Plugin

Adobe Reader 6.0.1

Adobe Reader 7.0.8

Adobe Reader 7.0.9

Adobe Reader 7.1.0

Adobe

Link to post
Share on other sites

Step 1:

Please uninstall the following applications:

Adobe Acrobat - Reader 6.0.2 Update

Adobe Acrobat Elements 6.0

Adobe Reader 6.0.1

Adobe Reader 7.0.8

Adobe Reader 7.0.9

Adobe Reader 7.1.0

After finish our work, please download and install the latest version of Adobe software from:

http://www.adobe.com

Step 2:

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Let me know how are things running now.

P.S.: WTT is a perfect choise! :) I wish you good luck! :P

Link to post
Share on other sites

I'm working through the Java uninstalls right now, but I have to run pretty soon. By the time I get back, hopefully you'll be asleep. It does seem to be better - I can get online and open up Task Manager without anything popping up. The keyboard still isn't working, but that may be a driver issue.

Anything else you want me to run when I'm done with Adobe Reader and Java so I can post a log?

Thanks. And thanks for the encouragement. While I have enjoyed working with you and appreciate your help, it'll be nice to know this stuff for myself.

Link to post
Share on other sites

Here's the JavaRa log. I look forward to hearing from you tomorrow.

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Apr 12 14:47:29 2010

Found and removed: C:\Program Files\Java\j2re1.4.2_03

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\JavaPlugin.140

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.0

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.0

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

------------------------------------

Finished reporting.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.