Free Malware Removal Forum

[eracerteam]

I use port 3389 for RDP (I can't change it since I RDP from a secure lan into my machine and can only use 3389)
When I have port 3389 open.. my computer gets really slow.
multiple malware scanners claim nothing going on.
I use CurrPorts and find that
3389 has established to 184.172.5.179.static.reverse.softlayer.com (this changes to differnet IP's and .com's)

Only way I can get my computer running back to normal is to turn off remote desktop, but then I can't access it remotely.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Doug at 22:37:22 on 2011-08-23
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2039.1191 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\RioMSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Documents and Settings\Doug\Desktop\cports.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - PC Tools Browser Guard BHO
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: FPBrowserHelperObject Class: {6427806d-3820-11d5-9939-00b0d0522eb5} - c:\palm\FireConverterBrowserHelperObject.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat

6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} -
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PhilipsLime] "c:\program files\philips\philips lime service\bin\LimeAlive.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\doug\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [SystemTray] "c:\windows\system32\SysTray.Exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] "c:\progra~1\symant~1\VPTray.exe"
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search &

destroy\SDHelper.dll
IE: {F1296981-399F-11D5-993C-00B0D0522EB5} - {A59CE2AD-38C6-11D5-82DA-C7B092035D71} - c:\palm\FireConverterIEToolbarButton.dll
Trusted Zone: broilkingbbq.com\www
Trusted Zone: jbonamassa.com\www
Trusted Zone: legacylearningsystems.com\community
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: ustream.tv\www
Trusted Zone: wwwjbonamassa.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0 ... ontrol.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/Me ... b31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Cust ... anager.CAB
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/Mi ... b31267.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se6087.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/Fac ... loader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/windows ... 5080550750
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microso ... 5308877218
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/viru ... ebscan.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/Me ... b31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/softwa ... Plugin.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMe ... loader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZI ... b27513.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} -

hxxp://content.systemrequirementslab.co ... 1.66.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{067ABB7F-C7F9-406F-958D-DCCD4D25A1E1} : NameServer = 20.20.20.1
TCP: Interfaces\{A11BFC78-FF4E-45C4-BC11-ED35EF365F95} : NameServer = 20.20.20.1
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Trend Micro Anti-Spyware Shell Extension: {03a80b1d-5c6a-42c2-9dfb-81b6005d8023} - c:\program files\trend

micro\tmas\sshook.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Notification Packages = scecli scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 24.114.210.235 ctxsrv01.MicroageToronto.ca
Hosts: 24.114.210.236 ctxsrv02.MicroageToronto.ca
Hosts: 24.114.210.237 ctxsrv03.MicroageToronto.ca
Hosts: 24.114.210.238 ctxsrv04.MicroageToronto.ca
Hosts: 24.114.210.239 ctxsrv05.MicroageToronto.ca
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\doug\application data\mozilla\firefox\profiles\dtt1pian.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.com/
FF - plugin: c:\documents and settings\doug\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla

firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

%profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-19 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-5 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-17 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-17 656320]
R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [2008-3-19 53412]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 67656]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2009-6-14 339328]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2009-6-14 55168]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2009-8-3 191848]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2009-8-3 169320]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2002-9-20 53248]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2009-9-1 1966008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys

[2011-8-3 105592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110823.002\naveng.sys [2011-8-23 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110823.002\navex15.sys [2011-8-23 1576312]
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\drivers\wg311tn5.sys [2008-8-4 346784]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2005-3-25 16194]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2008-3-19 17920]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 dlttape;dlttape;c:\windows\system32\drivers\dlttape.sys [2004-8-3 8320]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software

group\spyhunter\esgiguard.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2009-9-1 116664]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-5 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-5-5 1145304]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasusb.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CA_LIC_CLNT;CA License Client;c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [2003-10-12 143360]
S4 CA_LIC_SRVR;CA License Server;c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe [2003-9-12 151552]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
scrfile="%1" %*
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-08-24 00:11:37 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-08-24 00:11:37 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-08-24 00:11:37 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-08-24 00:11:37 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-08-24 00:11:37 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-08-24 00:11:32 -------- d-----w- c:\program files\Trojan Remover
2011-08-24 00:11:32 -------- d-----w- c:\documents and settings\doug\application data\Simply Super Software
2011-08-24 00:11:32 -------- d-----w- c:\documents and settings\all users\application data\Simply Super

Software
2011-08-22 22:22:42 388096 ----a-r- c:\documents and settings\doug\application

data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-21 01:39:12 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-08-19 23:22:33 -------- d-----w- c:\documents and settings\all users\application data\Garmin
2011-08-09 13:43:39 -------- d-----w- c:\documents and settings\doug\dwhelper
2011-08-09 12:53:36 -------- d-----w- c:\program files\ConvertHelper
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 22:38:36.46 ===============

[askey127]

Hi eracerteam,
I don't understand why you need us.
You have a connection to Computer Sciences
You have a corporate Antivirus.
This surely looks like it is a business related machine.
You do need to get rid of all that stuff in the Internet Explorer Trusted Zone - except Microsoft
askey127

[eracerteam]

I shouldn't have a connect to Computer Sciences
I don't know who that is.
or why they are connected to my machine.

it's not a business machine it's my home machine.
there are some enteries in the HOST file to help connection to my work since they think that it helps connection to the citrix server (but its not comupter Sciences ).
the noroton corp is there because of work as well.

otherwise if I open up port 3389,
I used to see the performance go down, and winlogon.exe would be spike the CPU from 40% to 80%.
Then I started seeing under currports.exe that there is an IP address that has connected to port 3389.

I can't find what's connecting and I've used almost every malware scanner I can find.

That's why I came here, needing help.

[askey127]

Sorry about that business connection. We won't be able to help further.
http://malwareremoval.com/forum/viewtop ... 10#p531110
This topic will be closed.