Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Strange Deletion of Cafeefac files by Spybot

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Strange Deletion of Cafeefac files by Spybot

Unread postby luther034 » October 26th, 2011, 3:04 am

I have been getting this message from spybot search and destroy that tells me that a value is deleted under category Active X Distribution unit. The file it is deleting is CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA and CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA. This happens every time I boot up my computer and logged on. Is there a malware in my computer or some program conflict? I've already ran several other virus scan without internet connection: avast, ad-aware, spybot, and bitdefender, but found nothing.

~DDS file~
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by WH at 23:59:46 on 2011-10-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12283.9904 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Users\WH\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
svchost.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskmgr.exe
svchost.exe
C:\Program Files (x86)\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\WH\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\WH\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\WH\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 128.114.142.6 128.114.129.33
TCP: Interfaces\{4C8084CC-C6E1-47BF-A072-882F7A286D6D} : DhcpNameServer = 128.114.142.6 128.114.129.33
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\WH\AppData\Roaming\Mozilla\Firefox\Profiles\qw0fv57k.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-12 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-9 2214504]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-9 1153368]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-9 17152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-9 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-9 136176]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-26 06:39:27 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DDBFF29-F040-4D24-A9EB-3DA3F5135B39}\offreg.dll
2011-10-26 06:24:14 -------- d-----w- C:\ProgramData\VS
2011-10-26 02:29:22 -------- d-----w- C:\Users\WH\AppData\Roaming\Malwarebytes
2011-10-26 02:29:15 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-26 02:29:12 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-26 02:29:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-25 19:52:53 -------- d-----w- C:\Program Files (x86)\ASCII
2011-10-25 19:52:24 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DDBFF29-F040-4D24-A9EB-3DA3F5135B39}\mpengine.dll
2011-10-25 18:36:52 -------- d-----w- C:\Users\WH\AppData\Local\{0B0BC307-F5D7-4F85-A641-678A2ACE6C06}
2011-10-25 18:36:42 -------- d-----w- C:\Users\WH\AppData\Local\{25E95172-693E-4913-9C8B-9C073CA75EFC}
2011-10-25 09:38:15 -------- d-----w- C:\Users\WH\AppData\Local\Opera
2011-10-23 23:42:21 -------- d-----w- C:\Users\WH\AppData\Roaming\KompoZer
2011-10-23 17:30:54 -------- d-----w- C:\Users\WH\AppData\Local\{4CF398E0-BACA-4564-9A03-66A4E2DED064}
2011-10-23 17:30:43 -------- d-----w- C:\Users\WH\AppData\Local\{438B1F8A-FF63-455E-B817-0E2BE9ABAB67}
2011-10-20 21:40:48 -------- d-----w- C:\Users\WH\AppData\Local\{FF45446A-D2DF-4566-9F26-ECF6D15DD185}
2011-10-20 10:57:00 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-10-19 22:14:45 -------- d-----w- C:\Users\WH\AppData\Local\{0C3D60BF-597E-4713-A4F1-4BE13DEF78C4}
2011-10-19 22:14:35 -------- d-----w- C:\Users\WH\AppData\Local\{6D19110D-B7E4-42A2-8776-21CEF61D8EB1}
2011-10-19 17:34:25 -------- d-----w- C:\Users\WH\AppData\Roaming\SSH
2011-10-19 17:30:16 -------- d-----w- C:\Program Files (x86)\SSH Communications Security
2011-10-19 17:29:43 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-10-19 17:29:43 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-10-19 17:29:43 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-10-19 17:29:43 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-10-19 17:29:42 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-10-18 03:28:06 -------- d-----w- C:\WTablet
2011-10-16 09:44:02 -------- d-----w- C:\Users\WH\AppData\Local\{8906B71C-9724-4E19-818C-46D3FCB58D34}
2011-10-16 09:43:52 -------- d-----w- C:\Users\WH\AppData\Local\{0494E234-F310-41FD-9B2A-47AF089B6791}
2011-10-14 07:54:00 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-10-13 18:46:53 -------- d-----w- C:\Users\WH\AppData\Local\{4341157C-A306-40BF-B6CC-B2210A97A827}
2011-10-13 04:57:26 -------- d-----w- C:\Users\WH\AppData\Local\{40E88F90-89B8-406B-9973-FD93154DE283}
2011-10-13 04:57:15 -------- d-----w- C:\Users\WH\AppData\Local\{6E3203DF-8625-4BCB-84F0-ED0895BDBD89}
2011-10-13 04:27:35 -------- d-----w- C:\Users\WH\AppData\Local\PackageAware
2011-10-13 02:06:50 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-13 02:06:48 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 02:06:48 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 02:06:48 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 02:06:48 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 02:06:42 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 02:06:42 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 02:06:41 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 02:06:41 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-11 03:35:05 -------- d-----w- C:\Users\WH\AppData\Local\{FF36A408-3EE0-4F98-8B31-E058CF7D61F7}
2011-10-10 22:35:36 237568 ----a-w- C:\Windows\System32\glut32.dll
2011-10-10 22:29:16 -------- d-----w- C:\Program Files (x86)\Inform 7
2011-10-10 07:21:09 -------- d-----w- C:\Users\WH\AppData\Local\{C4253F7E-E563-4790-9157-5F073ADBF378}
2011-10-10 07:20:59 -------- d-----w- C:\Users\WH\AppData\Local\{3F2310C5-7BED-4A63-BC4D-AE5B4AB41CE8}
2011-10-08 21:31:47 -------- d-----w- C:\Users\WH\AppData\Local\{71D7C438-2387-4D3E-9ABE-055F31E7A07D}
2011-10-08 21:31:37 -------- d-----w- C:\Users\WH\AppData\Local\{E9CFE0FD-2953-46F4-93E6-23AE9F07A82B}
2011-10-06 17:36:41 -------- d-----w- C:\Users\WH\AppData\Local\{75190C5B-B5BF-4F21-9783-25A8B0501CCF}
2011-10-06 17:36:23 -------- d-----w- C:\Users\WH\AppData\Local\{1F204415-9855-4F78-8CA2-338ADD1FA62D}
2011-10-06 02:34:43 -------- d-----w- C:\Users\WH\AppData\Local\{B5547B2B-6033-4BF1-8846-AB69A944ED63}
2011-10-06 02:34:27 -------- d-----w- C:\Users\WH\AppData\Local\{408A96D8-0A2C-4E7D-A265-3FB86E5297DB}
2011-10-05 06:36:33 -------- d-----w- C:\Users\WH\AppData\Roaming\WTablet
2011-10-05 06:36:20 4949800 ------w- C:\Windows\System32\PenTablet.cpl
2011-10-05 06:36:13 12976 ----a-w- C:\Windows\System32\drivers\WacomVKHid.sys
2011-10-05 06:36:04 15272 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys
2011-10-05 06:36:04 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys
2011-10-05 06:36:00 18216 ----a-w- C:\Windows\System32\drivers\wacmoumonitor.sys
2011-10-05 06:36:00 -------- d-----w- C:\Windows\System32\WTablet
2011-10-05 06:35:58 172840 ------w- C:\Windows\SysWow64\Wintab32.dll
2011-10-05 06:35:56 227624 ------w- C:\Windows\System32\Pen_Tablet.dll
2011-10-05 06:35:56 186152 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll
2011-10-05 06:35:55 3589416 ------w- C:\Windows\System32\Pen_Tablet.exe
2011-10-05 06:35:53 -------- d-----w- C:\Program Files (x86)\Tablet
2011-10-05 04:12:04 -------- d-----w- C:\Users\WH\AppData\Local\{AFB3C433-982F-408F-BB19-05F20EEFCA86}
2011-10-05 04:11:47 -------- d-----w- C:\Users\WH\AppData\Local\{631EF1D6-F8AB-482E-9073-C7FA337E2244}
2011-10-04 03:40:01 -------- d-----w- C:\Users\WH\AppData\Local\{9B259B25-06B2-4AED-9A7A-8898AF19B56E}
2011-10-04 03:39:45 -------- d-----w- C:\Users\WH\AppData\Local\{F355E104-4CD3-4749-9DE7-5DEF4E43597B}
2011-10-03 21:56:20 -------- d-----w- C:\Users\WH\AppData\Local\{2FA1FA6A-6D75-48AE-BF3A-1312ED8C9A2F}
2011-10-03 21:56:05 -------- d-----w- C:\Users\WH\AppData\Local\{614DC541-777B-4FCB-9A62-238F3A8913AB}
2011-10-03 07:50:58 -------- d-----w- C:\Users\WH\AppData\Local\{A7488A84-C3CE-429A-B84D-0A1A6F4920C4}
2011-10-03 07:50:41 -------- d-----w- C:\Users\WH\AppData\Local\{9CC9FBD9-D6C1-41D8-98D6-56EE1498F483}
2011-10-02 19:09:44 -------- d-----w- C:\Users\WH\AppData\Local\{823AF46B-8716-48C0-AB0C-6ED0A07A8A4D}
2011-10-02 19:09:24 -------- d-----w- C:\Users\WH\AppData\Local\{FEED19D9-2F70-44CF-BFB2-5BE3F1E2E65D}
2011-10-02 05:05:38 -------- d-----w- C:\Users\WH\AppData\Roaming\.minecraft
2011-10-01 20:02:35 -------- d-----w- C:\Users\WH\AppData\Local\{FF726D07-DF03-4057-A6D9-C683A7DFB239}
2011-10-01 20:02:25 -------- d-----w- C:\Users\WH\AppData\Local\{4A07EA40-6EF5-4324-8260-B037034234E6}
2011-09-30 08:04:16 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-09-30 08:03:45 -------- d-----w- C:\ProgramData\ALM
2011-09-30 07:31:08 -------- d-----w- C:\Users\WH\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-09-30 07:31:06 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2011-09-29 19:39:55 -------- d-----w- C:\Users\WH\AppData\Local\Diagnostics
2011-09-29 07:28:35 -------- d-----w- C:\Users\WH\AppData\Local\{A71C7C3F-13FB-4599-B96C-14196F40934E}
2011-09-28 03:24:46 -------- d-----w- C:\Users\WH\AppData\Local\{22D2B909-B069-41B9-BCA9-32146C390EDF}
2011-09-28 03:24:34 -------- d-----w- C:\Users\WH\AppData\Local\{1BAE6380-9715-4778-A691-784ED1C2CC8B}
2011-09-26 22:08:30 -------- d-----w- C:\Users\WH\AppData\Local\{34864FD3-33BF-4401-8E13-29805E74113A}
2011-09-26 22:08:19 -------- d-----w- C:\Users\WH\AppData\Local\{8F1C5E9A-E0EA-4B48-974F-DB3A05E8F0FA}
.
==================== Find3M ====================
.
2011-10-26 02:13:17 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-26 17:05:35 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-12 06:53:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-09-12 06:53:37 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-10 04:05:29 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-18 22:25:12 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
.
============= FINISH: 0:01:27.96 ===============





~Attach File~

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/9/2011 7:37:46 PM
System Uptime: 10/25/2011 11:36:40 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P55M-UD2
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | Socket 1156 | 2661/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 484 GiB total, 413.353 GiB free.
D: is FIXED (NTFS) - 447 GiB total, 303.228 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP53: 10/21/2011 11:33:46 AM - Windows Update
RP54: 10/24/2011 12:12:46 AM - Installed Java(TM) 6 Update 29
RP55: 10/24/2011 12:16:53 AM - Windows Backup
RP56: 10/25/2011 1:38:25 AM - Installed Microsoft AppLocale
RP57: 10/25/2011 1:45:57 AM - Installed Microsoft AppLocale
RP58: 10/25/2011 1:46:37 AM - Installed Microsoft AppLocale
RP59: 10/25/2011 1:49:52 AM - Installed Microsoft AppLocale
RP60: 10/25/2011 12:51:07 PM - Windows Update
RP61: 10/25/2011 1:36:48 PM - Windows Update
RP62: 10/25/2011 7:11:59 PM - Removed Java(TM) 6 Update 29
RP63: 10/25/2011 7:13:04 PM - Installed Java(TM) 6 Update 29
RP64: 10/25/2011 8:42:01 PM - Installed Java(TM) 7 Update 1 (64-bit)
RP65: 10/25/2011 11:18:05 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Ad-Aware
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Illustrator CS5.1
Adobe Photoshop CS2
Adobe Reader X (10.1.1)
Adobe Stock Photos 1.0
AIM 7
Apple Application Support
Apple Software Update
avast! Free Antivirus
Combined Community Codec Pack 2010-10-10
Crystal Reports for Visual Studio
D3DX10
Download Updater (AOL LLC)
Dropbox
Eusing Free Registry Cleaner
GameMaker 8.1
Google Chrome
Google Update Helper
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
Inform 7
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Magicka
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio Macro Tools
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio Platform Tools
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Notepad++
Opera 11.52
PDF Settings CS5
Pen Tablet
QuickTime
RPG Maker VX RTP
SafeConnect
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Spybot - Search & Destroy
SSH Secure Shell
Steam
TortoiseSVN 1.6.16.21511 (32 bit)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WCF RIA Services V1.0 SP1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Tanks v.0.6.6
.
==== Event Viewer Messages From Past Week ========
.
10/24/2011 11:04:23 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
10/24/2011 11:04:23 AM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
10/21/2011 12:38:45 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
10/20/2011 8:46:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/20/2011 8:46:04 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
luther034
Active Member
 
Posts: 2
Joined: October 26th, 2011, 2:08 am
Advertisement
Register to Remove

Re: Strange Deletion of Cafeefac files by Spybot

Unread postby deltalima » October 27th, 2011, 3:35 pm

Hi luther034,

A couple of quick questions.

What is Microsoft Visual Studio 2010 Professional - ENU used for and is the computer connected to a University network?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Strange Deletion of Cafeefac files by Spybot

Unread postby luther034 » October 28th, 2011, 12:40 am

The Microsoft Visual Studio 2010 Professional is a program editor. ENU is an English version. The computer is connected to a University network.
luther034
Active Member
 
Posts: 2
Joined: October 26th, 2011, 2:08 am

Re: Strange Deletion of Cafeefac files by Spybot

Unread postby deltalima » October 28th, 2011, 3:41 am

I see you are posting for help for a computer connected to an "Educational" Network.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section ....


.... explains why we do not offer help for such computers.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 304 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware