Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Spyware by Infected .exe


  • This topic is locked This topic is locked
14 replies to this topic

#1 infected32

infected32

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 21 April 2012 - 12:42 PM

Here is a link to my problem, located in the "Am I Infected" Section

http://www.bleepingcomputer.com/forums/topic450882.html

Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by USER at 13:36:30 on 2012-04-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3999.2460 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Google Update] "C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B8D539AC-FBEC-4B01-8190-516099FDC15D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B8D539AC-FBEC-4B01-8190-516099FDC15D}\B4B4 : DhcpNameServer = 207.164.234.193 207.164.234.129
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\majh2f7i.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Nexon\NGM\npnxgame.dll
FF - plugin: C:\Users\USER\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-27 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-18 44768]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 253088]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\117D.tmp --> C:\Windows\system32\117D.tmp [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-27 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-21 17:17:43 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A07C48C-4653-4C38-8C8B-6114F187F196}\mpengine.dll
2012-04-21 16:04:38 6144 ------w- C:\Windows\System32\117D.tmp
2012-04-21 15:12:05 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ...Z..ZZZ..ZZZ
2012-04-20 21:23:52 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-04-20 21:23:18 -------- d-----w- C:\Users\USER\AppData\Roaming\uTorrent
2012-04-19 23:04:15 -------- d--h--w- C:\Windows\msdownld.tmp
2012-04-15 17:08:50 711240 ----a-w- C:\Windows\is-LGVT1.exe
2012-04-15 16:06:20 6144 ------w- C:\Windows\System32\4327.tmp
2012-04-12 12:20:07 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-12 03:09:17 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 03:09:15 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:09:15 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 03:06:57 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 03:06:56 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 03:06:55 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 03:06:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 03:06:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 03:06:50 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 03:06:50 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-29 22:50:39 -------- d-----w- C:\Users\USER\AppData\Local\Apple Computer
2012-03-29 22:46:34 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-29 22:43:53 -------- d-----w- C:\Users\USER\AppData\Local\Apple
2012-03-29 17:50:43 -------- d-----w- C:\Users\USER\AppData\Local\Ubisoft Game Launcher
.
==================== Find3M ====================
.
2012-04-19 12:09:57 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-15 02:16:18 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-03-15 02:16:14 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-03-15 02:13:28 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2012-03-15 02:13:28 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
2012-03-15 02:13:28 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2012-03-15 02:13:27 2494056 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-03-15 02:13:27 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2012-03-15 02:13:26 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
2012-03-15 02:13:26 569960 ----a-w- C:\Windows\System32\RtkApi64.dll
2012-03-15 02:13:26 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
2012-03-15 02:13:26 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
2012-03-15 02:13:22 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
2012-03-15 02:13:14 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 13:37:15.45 ===============

I have not run GMER as this is a 64-bit, and I have not included the attach.txt as I don't think I was supposed to.

Thank you very much, in advance, for your help.

Also, I would like the reinforce my earlier question. Even after fixing both computers is it possible that my wireless router is infected? Or that the wireless adapter on our desktop is infected? And does reinstalling windows rid of virus' or does the virus somehow escape that.

Edited by infected32, 21 April 2012 - 12:55 PM.


BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:07:15 PM

Posted 25 April 2012 - 05:29 PM

Greetings and welcome to the forums,

Microsoft purports to be able to remove this so let's allow them to have a swing at it:

Download the Microsoft Safety Scanner.

Just beneath the Download Now button, please click the "Select your version" link, then select which version applies in your situation and download it to your desktop.

When the download completes, double-click the executable file and choose to run the program (please "OK" any prompts). Accept the terms and click "Next". Click "Next" again to choose the type of scan. "Quick scan" is selected by default. Please leave this default setting, then click "Next" to begin the scan.

This scanner works with your antivirus program so disabling it is not necessary. Please do nothing else with your computer while this scan is underway.

If the scan reports something found and removed, then it's best to follow up with the "Full scan". In either case, when the scan(s) complete click the Finish button to close the program. Please locate the log Here:
C:\Windows\Debug\msert.log
...The log will open as a text file using notepad. Please copy it's contents and post that here in your next reply. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 infected32

infected32
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 27 April 2012 - 11:40 PM

Sorry for such a delayed response.

I am scanning as you read this and will update with the necessary file when finished.

Also, not to be rude but what did you mean by "Microsoft purports"? And, why come you aren't recommending me to use combofix like I see so many other people?

Here is the msert.log; as you will see it came up clean, but accompanied by lots of errors.


---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.125.737.0)
Started On Sat Apr 28 00:33:26 2012

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:3560 (code 0x00000490 (1168))
->Scan ERROR: resource process://pid:992 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{7a0652fe-8f06-11e1-a6e9-c80aa9bd7d07}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{7a065447-8f06-11e1-a6e9-c80aa9bd7d07}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{97633deb-90a0-11e1-bfff-c80aa9bd7d07}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{97633def-90a0-11e1-bfff-c80aa9bd7d07}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{a799dc96-8fd2-11e1-989a-c80aa9bd7d07}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{c5171f1f-90e9-11e1-a7c2-c80aa9bd7d07}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{d4e55814-87f9-11e1-bb63-c80aa9bd7d07}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{e3fa5f76-8bc5-11e1-a634-c80aa9bd7d07}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{e572e8c3-8b27-11e1-8485-c80aa9bd7d07}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
No infection found as part of the extended scan

Results Summary:
----------------
No infection found.

Edited by infected32, 28 April 2012 - 06:42 AM.


#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:07:15 PM

Posted 28 April 2012 - 09:33 AM

Sorry for such a delayed response.

...Also, not to be rude but what did you mean by "Microsoft purports"?
What that means, is Microsoft claims to be able to remove the infection...specifically, with the use of the tool we recommended. As you can see though, according to the log you posted, there is no finding of it, much less any removal. So...using the term "purport" seems to have been appropriate, don't you think?

I was a bit skeptical of their claim, but I wanted to test it by recommending the scan. As we see the claim, in this instance, is hot air.


And, why come you aren't recommending me to use combofix like I see so many other people?

Here is the msert.log; as you will see it came up clean, but accompanied by lots of errors...

We don't always use combofix as a first hit scanner. We can use it if you'd like though. Let's do this:
Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 infected32

infected32
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 29 April 2012 - 10:22 AM

After combofix had restarted and produced a log I wasn't able to open any programs. A window would pop up saying something tried to make illegal actions on the
registry files. I restarted my computer again and was able to open windows explorer, etc again. I'm assuming that the program was combofix and this was normal


ComboFix 12-04-29.01 - USER 29/04/2012 10:41:03.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3999.2752 [GMT -4:00]
Running from: c:\users\USER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\majh2f7i.default\weave\toFetch
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 04:30 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4864E963-4EFF-4C43-9436-CAA8097FEF59}\mpengine.dll
2012-04-28 12:56 . 2012-04-28 13:07 -------- d-----w- c:\users\USER\AppData\Local\My Games
2012-04-28 03:51 . 2012-04-28 11:55 -------- d-----w- c:\program files (x86)\2K Games
2012-04-28 03:47 . 2012-04-28 03:47 -------- d-----w- c:\users\USER\AppData\Roaming\InstallShield
2012-04-26 00:52 . 2012-04-26 00:52 -------- d-----w- c:\users\USER\AppData\Local\EA Games
2012-04-26 00:52 . 2012-04-26 00:52 -------- d-----w- c:\programdata\Solidshield
2012-04-25 20:31 . 2012-04-25 20:31 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 20:31 . 2012-04-25 20:31 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 20:31 . 2012-04-25 20:31 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-21 16:04 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\117D.tmp
2012-04-19 23:04 . 2012-04-19 23:04 -------- d--h--w- c:\windows\msdownld.tmp
2012-04-15 21:20 . 2012-04-15 21:20 -------- d-----w- c:\users\Joseph\AppData\Local\Cyberlink
2012-04-15 17:08 . 2012-04-15 17:08 711240 ----a-w- c:\windows\is-LGVT1.exe
2012-04-15 16:06 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\4327.tmp
2012-04-15 13:58 . 2012-04-15 13:58 -------- d-----w- c:\users\Joseph\AppData\Roaming\Hewlett-Packard
2012-04-15 13:58 . 2012-04-15 13:58 -------- d-----w- c:\users\Joseph\AppData\Local\Hewlett-Packard
2012-04-12 12:20 . 2012-04-19 12:09 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 03:09 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:09 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:09 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-31 00:16 . 2012-03-31 00:16 -------- d-----w- c:\users\Rachelle\AppData\Roaming\Hewlett-Packard
2012-03-31 00:16 . 2012-03-31 00:16 -------- d-----w- c:\users\Rachelle\AppData\Local\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 12:09 . 2011-12-11 21:49 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 08:46 . 2011-12-13 01:35 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 19:56 . 2011-12-11 21:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-15 02:16 . 2012-03-15 02:16 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-03-15 02:16 . 2012-03-15 02:16 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-03-15 02:13 . 2012-03-15 02:14 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-03-15 02:13 . 2012-03-15 02:14 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-03-15 02:13 . 2012-03-15 02:14 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-03-15 02:13 . 2012-03-15 02:14 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-03-15 02:13 . 2012-03-15 02:14 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-03-15 02:13 . 2012-03-15 02:14 569960 ----a-w- c:\windows\system32\RtkApi64.dll
2012-03-15 02:13 . 2012-03-15 02:14 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-03-15 02:13 . 2012-03-15 02:14 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2012-03-15 02:13 . 2012-03-15 02:14 80488 ----a-w- c:\windows\system32\RCoInst64.dll
2012-03-15 02:13 . 2012-03-15 02:13 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2012-03-15 02:13 . 2010-04-27 08:28 1251944 ----a-w- c:\windows\RtlExUpd.dll
2012-03-06 23:15 . 2012-03-18 19:01 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-03-18 19:01 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2012-03-18 19:02 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-03-18 19:02 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2012-03-18 19:02 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-18 19:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2012-03-18 19:02 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-03-18 19:02 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-03-18 19:02 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-29 08:03 . 2012-02-29 08:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-29 08:03 . 2012-02-29 08:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-29 08:03 . 2012-02-29 08:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-29 08:03 . 2012-02-29 08:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-29 08:03 . 2012-02-29 08:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-29 08:03 . 2012-02-29 08:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-29 08:03 . 2012-02-29 08:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-29 08:03 . 2012-02-29 08:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-29 08:03 . 2012-02-29 08:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-29 08:03 . 2012-02-29 08:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-29 08:03 . 2012-02-29 08:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-29 08:03 . 2012-02-29 08:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-29 08:03 . 2012-02-29 08:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-29 08:03 . 2012-02-29 08:03 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-29 08:03 . 2012-02-29 08:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-29 08:03 . 2012-02-29 08:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-29 08:03 . 2012-02-29 08:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-29 08:03 . 2012-02-29 08:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-29 08:03 . 2012-02-29 08:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-29 08:03 . 2012-02-29 08:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-29 08:03 . 2012-02-29 08:03 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-29 08:03 . 2012-02-29 08:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-29 08:03 . 2012-02-29 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-29 08:03 . 2012-02-29 08:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-29 08:03 . 2012-02-29 08:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-29 08:03 . 2012-02-29 08:03 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-29 08:03 . 2012-02-29 08:03 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-29 08:03 . 2012-02-29 08:03 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-29 08:03 . 2012-02-29 08:03 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-29 08:03 . 2012-02-29 08:03 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-29 08:03 . 2012-02-29 08:03 448512 ----a-w- c:\windows\system32\html.iec
2012-02-29 08:03 . 2012-02-29 08:03 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 08:03 . 2012-02-29 08:03 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-29 08:03 . 2012-02-29 08:03 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-17 06:38 . 2012-03-14 15:33 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 15:33 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 15:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 15:33 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-11 02:53 . 2012-02-11 02:53 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E98FF67-9BD5-4848-8DD8-B43CCD7E7835}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 15:33 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:33 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 15:33 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-12-11 21:26 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 253088]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\117D.tmp [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 12:09]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2245802825-2973198427-4188101990-1001Core.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 20:23]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2245802825-2973198427-4188101990-1001UA.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 20:23]
.
2012-04-28 c:\windows\Tasks\HPCeeScheduleForUSER.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-15 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\majh2f7i.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\117D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2245802825-2973198427-4188101990-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:d8,15,16,ee,d4,29,46,ea,7d,93,c8,0b,74,72,36,b1,7c,1b,68,4e,7e,e8,50,
bc,57,41,6c,84,50,70,d6,c9,ee,ec,81,69,b2,d7,cd,bd,d1,48,c9,21,97,63,9f,3e,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-04-29 10:54:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-29 14:54
.
Pre-Run: 305,336,102,912 bytes free
Post-Run: 305,271,181,312 bytes free
.
- - End Of File - - 518D749B730C0AEED4D16C691E3224E3


By the way, the folder that held millions of "zz.z.z." files is gone now. I kept searching online and it seemed that it was created by ccleaner when I used "wipe free space". I've attached a picture of the post.

Attached Files

  • Attached File  Cc.JPG   62.61KB   3 downloads

Edited by infected32, 29 April 2012 - 10:29 AM.


#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:07:15 PM

Posted 29 April 2012 - 02:59 PM

You have avast and Microsoft Security Essentials installed. Both of these will conflict, causing system instability and eventually a system crash. Please decide which of those you wish to keep and uninstall the other. Post back when you have, and let me know how the system performs for you now and if you have any other issues. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#7 infected32

infected32
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 30 April 2012 - 03:27 PM

The computer seems to have sped up. Not as much as I had hoped, but it's bearable now. I'm sorry I didn't think my two antivirus programs would conflict. They haven't before, I suppose one of them was updated leading to the conflict.

If the combofix log reported nothing out of the ordinary, then so will I! <- It reported clean right?

Anyways thank you for the help. I am sorry for any inconvenience I may have caused. All my problems could've been solved with a bit more digging.

Thanks 1972vet!

#8 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:07:15 PM

Posted 30 April 2012 - 04:06 PM

Oh we're not quite finished yet. We need to look around a little more. There is a folder on your C:\ drive named qoobox. Inside is a file titled "Add-Remove Programs.txt" Please open the file, copy the contents, and paste them back here on your next reply. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#9 infected32

infected32
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 02 May 2012 - 02:28 PM

Here is my Add-Remove Programs.txt

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Reader 9.1 MUI
Adobe Shockwave Player
Assassin's Creed Brotherhood
avast! Free Antivirus
Call of Duty: Modern Warfare 3 - Multiplayer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
Dead Space 2
DivX Setup
ESU for Microsoft Windows 7
Google Chrome
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Setup
HP Smart Web Printing
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0178
HP Wireless Assistant
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 30
Junk Mail filter update
Kingdoms of Amalur Reckoning
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mise jour Microsoft Office Excel 2007 Help (KB963678)
Mise jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise jour Microsoft Office Word 2007 Help (KB963665)
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
muvee Reveal
NBA 2K12
NVIDIA PhysX
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Software
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Sid Meier's Civilization 4 Complete
Sid Meier's Civilization IV Colonization
Sophos Anti-Rootkit 1.5.20
Steam
System Requirements Lab CYRI
Team Fortress 2
TreeSize Free V2.6
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer

In the other file, ComboFix-quarantined-files.txt, there are four files listed..

Also, I chose to remove Avast instead of Microsoft Security Essentials

Edited by infected32, 02 May 2012 - 02:32 PM.


#10 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:07:15 PM

Posted 02 May 2012 - 04:35 PM

Great, thanks!. I see in the list of programs that some need updating. Please run the free online scan Here. After clicking the Start scan button, please check the box for the option Enable thorough system inspection, then click the Start button.

Just below the "Scan Options:" section, you'll see the status of what's currently processing. You will also see an in process indicator that looks like this: Posted Image

...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs complained of during the scan. This online scanner will find ONLY updates for programs which have had a vulnerability discovered, but no others. Upon successful completion you should scan to find updates to the remaining programs installed which haven't had any vulnerability issues reported. You can do that using the free "FileHippo" scanning utility...

Download FileHippo's Update Checker. Double-click the FHSetup.exe file to install it. When the install completes, you'll find the Update Checker shortcut on the desk top. Double-click on it and a scan begins with the results showing in your browser. Any software it finds to be out of date, will be presented in your browser. Just click on the download link provided there to download your software updates. Ignore the beta software unless you want that...during the scanner initialization, you can click the settings link, then click the results tab and check the box "Hide beta versions". After clicking the OK button, click the "Retry" link to continue the scan with those settings.

When you've finished updating your software you may need to run the system disk cleaner and defrag to speed things up a bit. Next, please run a complete system scan using your Microsoft Security Essentials antivirus. Post back when you finish and let me know how things are running for you now. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#11 infected32

infected32
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 06 May 2012 - 06:38 PM

First of all, my computer was fragmented 16%. I don't know if that would impact performance, but I've never seen it above 3% so I was surprised.

Second, I found FileHippo to be a much better update checker than Secunia. I know Secunia only shows updates for "vulnerable" programs, but still, Secunia told me to update Adobe Reader. After I updated I then ran FileHippo which said my Adobe Reader was an obsolete version so I had to update again. Not to mention the broken Java link given to me by Secunia..

Finally, I ran a full scan with Microsoft Security Essentials and it turned up clean.

Edited by infected32, 06 May 2012 - 06:39 PM.


#12 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:07:15 PM

Posted 06 May 2012 - 07:07 PM

First of all, my computer was fragmented 16%. I don't know if that would impact performance, but I've never seen it above 3% so I was surprised.

Second, I found FileHippo to be a much better update checker than Secunia. I know Secunia only shows updates for "vulnerable" programs, but still, Secunia told me to update Adobe Reader. After I updated I then ran FileHippo which said my Adobe Reader was an obsolete version so I had to update again. Not to mention the broken Java link given to me by Secunia..

Finally, I ran a full scan with Microsoft Security Essentials and it turned up clean.

Thanks for the feedback. I'll forward your findings to Secunia. On to business...
We need to make another run with combofix and then I think we can finish things up for you. Please open a blank Notepad by clicking start-->run...Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



KILLALL::

reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#13 infected32

infected32
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 07 May 2012 - 05:32 PM

ComboFix 12-05-07.02 - USER 07/05/2012 18:15:56.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3999.2717 [GMT -4:00]
Running from: c:\users\USER\Desktop\ComboFix.exe
Command switches used :: c:\users\USER\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 22:21 . 2012-05-07 22:21 -------- d-----w- c:\users\Rachelle\AppData\Local\temp
2012-05-07 22:21 . 2012-05-07 22:21 -------- d-----w- c:\users\Joseph\AppData\Local\temp
2012-05-07 22:21 . 2012-05-07 22:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-07 22:21 . 2012-05-07 22:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-06 21:13 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98C4F0CD-8B45-4A65-A3CD-237E45A4875D}\mpengine.dll
2012-05-05 15:05 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-03 19:54 . 2012-05-03 19:54 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-03 19:54 . 2012-05-03 19:54 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-03 19:54 . 2012-05-03 19:54 -------- d-----w- c:\program files\Java
2012-05-03 19:50 . 2012-05-03 19:50 -------- d-----w- c:\program files (x86)\FileHippo.com
2012-05-01 03:13 . 2012-05-01 03:13 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-28 12:56 . 2012-05-02 19:41 -------- d-----w- c:\users\USER\AppData\Local\My Games
2012-04-28 03:51 . 2012-04-28 11:55 -------- d-----w- c:\program files (x86)\2K Games
2012-04-28 03:47 . 2012-04-28 03:47 -------- d-----w- c:\users\USER\AppData\Roaming\InstallShield
2012-04-26 00:52 . 2012-04-26 00:52 -------- d-----w- c:\users\USER\AppData\Local\EA Games
2012-04-26 00:52 . 2012-04-26 00:52 -------- d-----w- c:\programdata\Solidshield
2012-04-25 20:31 . 2012-04-25 20:31 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 20:31 . 2012-04-25 20:31 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 20:31 . 2012-04-25 20:31 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-21 16:04 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\117D.tmp
2012-04-19 23:04 . 2012-04-19 23:04 -------- d--h--w- c:\windows\msdownld.tmp
2012-04-15 21:20 . 2012-04-15 21:20 -------- d-----w- c:\users\Joseph\AppData\Local\Cyberlink
2012-04-15 17:08 . 2012-04-15 17:08 711240 ----a-w- c:\windows\is-LGVT1.exe
2012-04-15 16:06 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\4327.tmp
2012-04-15 13:58 . 2012-04-15 13:58 -------- d-----w- c:\users\Joseph\AppData\Roaming\Hewlett-Packard
2012-04-15 13:58 . 2012-04-15 13:58 -------- d-----w- c:\users\Joseph\AppData\Local\Hewlett-Packard
2012-04-12 12:20 . 2012-04-19 12:09 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 03:09 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:09 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:09 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-03 20:15 . 2011-03-28 22:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-19 12:09 . 2011-12-11 21:49 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-12-11 21:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 00:44 . 2011-04-27 20:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2011-04-18 18:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-15 02:16 . 2012-03-15 02:16 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-03-15 02:16 . 2012-03-15 02:16 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-03-15 02:13 . 2012-03-15 02:14 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-03-15 02:13 . 2012-03-15 02:14 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-03-15 02:13 . 2012-03-15 02:14 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-03-15 02:13 . 2012-03-15 02:14 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-03-15 02:13 . 2012-03-15 02:14 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-03-15 02:13 . 2012-03-15 02:14 569960 ----a-w- c:\windows\system32\RtkApi64.dll
2012-03-15 02:13 . 2012-03-15 02:14 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-03-15 02:13 . 2012-03-15 02:14 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2012-03-15 02:13 . 2012-03-15 02:14 80488 ----a-w- c:\windows\system32\RCoInst64.dll
2012-03-15 02:13 . 2012-03-15 02:13 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2012-03-15 02:13 . 2010-04-27 08:28 1251944 ----a-w- c:\windows\RtlExUpd.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 23:15 . 2012-03-18 19:02 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-29 08:03 . 2012-02-29 08:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-29 08:03 . 2012-02-29 08:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-29 08:03 . 2012-02-29 08:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-29 08:03 . 2012-02-29 08:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-29 08:03 . 2012-02-29 08:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-29 08:03 . 2012-02-29 08:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-29 08:03 . 2012-02-29 08:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-29 08:03 . 2012-02-29 08:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-29 08:03 . 2012-02-29 08:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-29 08:03 . 2012-02-29 08:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-29 08:03 . 2012-02-29 08:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-29 08:03 . 2012-02-29 08:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-29 08:03 . 2012-02-29 08:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-29 08:03 . 2012-02-29 08:03 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-29 08:03 . 2012-02-29 08:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-29 08:03 . 2012-02-29 08:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-29 08:03 . 2012-02-29 08:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-29 08:03 . 2012-02-29 08:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-29 08:03 . 2012-02-29 08:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-29 08:03 . 2012-02-29 08:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-29 08:03 . 2012-02-29 08:03 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-29 08:03 . 2012-02-29 08:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-29 08:03 . 2012-02-29 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-29 08:03 . 2012-02-29 08:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-29 08:03 . 2012-02-29 08:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-29 08:03 . 2012-02-29 08:03 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-29 08:03 . 2012-02-29 08:03 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-29 08:03 . 2012-02-29 08:03 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-29 08:03 . 2012-02-29 08:03 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-29 08:03 . 2012-02-29 08:03 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-29 08:03 . 2012-02-29 08:03 448512 ----a-w- c:\windows\system32\html.iec
2012-02-29 08:03 . 2012-02-29 08:03 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 08:03 . 2012-02-29 08:03 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-29 08:03 . 2012-02-29 08:03 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-17 06:38 . 2012-03-14 15:33 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 15:33 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 15:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 15:33 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-11 02:53 . 2012-02-11 02:53 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E98FF67-9BD5-4848-8DD8-B43CCD7E7835}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 15:33 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:33 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-29_14.50.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-25 03:49 . 2012-05-06 21:03 46222 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-06 21:03 45114 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-11 21:10 . 2012-05-06 21:03 12210 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2245802825-2973198427-4188101990-1001_UserData.bin
+ 2011-12-11 22:36 . 2012-05-06 14:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-11 22:36 . 2012-04-27 23:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-11 22:36 . 2012-04-27 23:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-11 22:36 . 2012-05-06 14:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-06 14:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-27 23:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-05 15:01 91720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-04-29 14:36 91720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-03 20:18 . 2012-05-03 20:18 23552 c:\windows\Installer\195dd8.msp
+ 2012-05-03 20:18 . 2012-05-03 20:18 29696 c:\windows\Installer\195dd3.msi
+ 2012-05-03 20:18 . 2012-05-03 20:18 60416 c:\windows\Installer\195dce.msp
+ 2012-05-03 20:10 . 2012-05-03 20:10 29184 c:\windows\Installer\195d76.msp
+ 2012-05-03 20:09 . 2012-05-03 20:09 67072 c:\windows\Installer\195d70.msi
+ 2012-05-03 20:11 . 2012-05-03 20:11 39936 c:\windows\Installer\195a72.msp
+ 2012-05-03 20:11 . 2012-05-03 20:11 74240 c:\windows\Installer\195a6d.msi
+ 2012-05-03 20:11 . 2012-05-03 20:11 26112 c:\windows\Installer\195a69.msi
+ 2012-05-03 20:18 . 2012-05-03 20:18 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
+ 2010-09-23 04:17 . 2010-09-23 04:17 86376 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\startuplang.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 93552 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLXImageTranscode.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 56176 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WindowsLivePhotoViewer.exe
+ 2010-09-23 04:37 . 2010-09-23 04:37 12144 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\Microsoft.WindowsLive.SubscribePlugins.dll
+ 2010-09-23 04:37 . 2010-09-23 04:37 11632 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\Microsoft.WindowsLive.PublishPlugins.dll
+ 2010-09-23 04:33 . 2010-09-23 04:33 68976 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVideoCameraAutoPlayManager.exe
+ 2010-09-23 04:33 . 2010-09-23 04:33 98160 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVideoAcquireWizardResources.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 49008 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXQuickTimeShellExt.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 18288 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXQuickTimeControlHostPS.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 19312 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoGalleryRepair.exe
+ 2010-09-23 04:32 . 2010-09-23 04:32 78704 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoClassic.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 82288 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoCinematic.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 19824 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXCodecHostPS.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 46960 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXCodecHost.exe
+ 2010-09-23 04:32 . 2010-09-23 04:32 51568 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\PhotoViewerShimx64.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 43376 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\PhotoViewerShim.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 14704 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\NPWLPG.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 42864 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\AlbumDownloadProtocolHandler.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 17264 c:\windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183\15.4.3502\MovieMakerPreviewClient.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\17a2afe9e92c7eaf86ba583b5f43f812\WindowsLiveWriter.ni.exe
+ 2012-05-03 22:41 . 2012-05-03 22:41 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1c78c244b8033acc827956db14bd4f1e\WindowsLive.Writer.Passport.ni.dll
- 2012-04-29 14:49 . 2012-04-29 14:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-07 22:22 . 2012-05-07 22:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-29 14:49 . 2012-04-29 14:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-07 22:22 . 2012-05-07 22:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-23 04:17 . 2010-09-23 04:17 9576 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettingslang.dll
+ 2010-09-23 04:17 . 2010-09-23 04:17 9064 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelectorLang.dll
+ 2011-03-29 00:31 . 2011-03-29 00:31 209280 c:\windows\SysWOW64\LIVESSP.DLL
+ 2009-07-14 02:36 . 2012-05-01 03:13 618108 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-01 03:13 107388 c:\windows\system32\perfc009.dat
+ 2011-03-29 01:11 . 2011-03-29 01:11 252800 c:\windows\system32\LIVESSP.DLL
+ 2012-05-03 19:54 . 2012-05-03 19:54 268744 c:\windows\system32\javaws.exe
+ 2012-05-03 19:54 . 2012-05-03 19:54 189384 c:\windows\system32\javaw.exe
+ 2012-05-03 19:54 . 2012-05-03 19:54 188872 c:\windows\system32\java.exe
+ 2009-07-14 05:01 . 2012-05-07 22:21 313396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-29 14:48 313396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-03 19:54 . 2012-05-03 19:54 890880 c:\windows\Installer\505e7.msi
+ 2012-05-03 20:18 . 2012-05-03 20:18 153600 c:\windows\Installer\195dc9.msi
+ 2012-05-03 20:17 . 2012-05-03 20:17 509952 c:\windows\Installer\195db4.msp
+ 2012-05-03 20:17 . 2012-05-03 20:17 635904 c:\windows\Installer\195dab.msp
+ 2012-05-03 20:17 . 2012-05-03 20:17 468480 c:\windows\Installer\195d91.msp
+ 2012-05-03 20:10 . 2012-05-03 20:10 625664 c:\windows\Installer\195d83.msp
+ 2012-05-03 20:16 . 2012-05-03 20:16 205824 c:\windows\Installer\195d6c.msp
+ 2012-05-03 20:16 . 2012-05-03 20:16 775168 c:\windows\Installer\195d63.msi
+ 2012-05-03 20:11 . 2012-05-03 20:11 715264 c:\windows\Installer\195b05.msp
+ 2012-05-03 20:10 . 2012-05-03 20:10 136704 c:\windows\Installer\195ad7.msp
+ 2012-05-03 20:10 . 2012-05-03 20:10 429056 c:\windows\Installer\195ad2.msi
+ 2012-05-03 20:10 . 2012-05-03 20:10 147968 c:\windows\Installer\195ace.msi
+ 2012-05-01 03:13 . 2012-05-01 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-05-01 03:13 . 2012-05-01 03:13 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-05-01 03:13 . 2012-05-01 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-05-01 03:13 . 2012-05-01 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-05-01 03:13 . 2012-05-01 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2010-09-23 04:17 . 2010-09-23 04:17 827240 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlupdate.dll
+ 2010-09-23 04:17 . 2010-09-23 04:17 618856 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlstartup.exe
+ 2010-09-23 04:17 . 2010-09-23 04:17 138600 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsres.dll
+ 2010-09-23 04:17 . 2010-09-23 04:17 552296 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlshim.dll
+ 2010-09-23 04:17 . 2010-09-23 04:17 265576 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettingsres.dll
+ 2010-09-23 04:17 . 2010-09-23 04:17 493928 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettings.exe
+ 2010-09-23 04:17 . 2010-09-23 04:17 166248 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlbici.dll
+ 2010-09-23 04:17 . 2010-09-23 04:17 476008 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelectorRes.dll
+ 2010-09-23 04:17 . 2010-09-23 04:17 345960 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelector.exe
+ 2010-09-23 04:32 . 2010-09-23 04:32 822128 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WindowsLivePhotoViewerCore.dll
+ 2010-09-23 04:37 . 2010-09-23 04:37 104304 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\SubscribePluginsInterop.dll
+ 2010-09-23 04:37 . 2010-09-23 04:37 103792 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\PublishPluginsInterop.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 489840 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVideoTrim.dll
+ 2010-09-23 04:33 . 2010-09-23 04:33 684400 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVideoAcquireWizard.exe
+ 2010-09-23 04:32 . 2010-09-23 04:32 139120 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXVAFilt.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 501616 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXSlideshow.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 117616 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXQuickTimeControlHost.exe
+ 2010-09-23 04:32 . 2010-09-23 04:32 731504 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPipetran.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 745328 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPipeline.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 785264 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoLibraryDatabase.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 131440 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoGallery.exe
+ 2010-09-23 04:32 . 2010-09-23 04:32 246640 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoAcquireWizard.exe
+ 2010-09-23 04:32 . 2010-09-23 04:32 301936 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPGSS.SCR
+ 2010-09-23 04:32 . 2010-09-23 04:32 173424 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXMP4Parser.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 130928 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXGrinderScheduler.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 191344 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXDSPA.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 237936 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\wlxclip.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 383344 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXAlbumDownloadWizard.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\a6fb51744921e46bcb668824786e8287\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e69ebc47847db9102611374af36403b1\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e5d7d83a5dadc3af9a6b9625eb0db9dc\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d701b054e9a57d35661106e3129008cb\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b28c0d3b4a7e0daf5aef6c47d42d8af4\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ad9253672ba424757bb3546364e647e5\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8cba3ac89cc2bb34cbe39bb00709c1da\WindowsLive.Writer.Api.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\88c7a220bd93de68022850749e092a74\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\721c6efc6712f9acf006a0473f758151\WindowsLive.Writer.Interop.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6ef8139565fd5dcb17bcc273c6dc1ae0\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5df97542d20b8fddbe83723f71ad63d1\WindowsLive.Writer.Controls.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\593b5448f127bca7f5c06907769a78d6\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\40987d55c7eac08478b5e14f1dc77c5e\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\365fc1ad8068147966183bebb2789ab5\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\337a858556e37fa49fd8673a7c1c79c1\WindowsLive.Writer.Interop.SHDocVw.ni.dll
- 2011-12-18 00:41 . 2011-12-18 00:41 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\337a858556e37fa49fd8673a7c1c79c1\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\41840d318bedd3f3cf820c99b85f7725\WindowsLive.Client.ni.dll
+ 2009-07-14 04:45 . 2012-05-04 18:34 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-04-29 14:18 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-12-11 21:05 . 2012-04-29 14:48 2001488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-12-11 21:05 . 2012-05-06 20:29 2001488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-15 14:26 . 2012-05-05 03:59 3114896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2245802825-2973198427-4188101990-1001-4096.dat
- 2011-12-11 23:56 . 2012-04-29 05:12 2009732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2245802825-2973198427-4188101990-1001-12288.dat
+ 2011-12-11 23:56 . 2012-05-04 02:00 2009732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2245802825-2973198427-4188101990-1001-12288.dat
+ 2012-03-26 23:21 . 2012-03-26 23:21 7622656 c:\windows\Installer\fe4a85.msi
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\5075e.msi
+ 2012-05-03 20:18 . 2012-05-03 20:18 2146304 c:\windows\Installer\195dc4.msp
+ 2012-05-03 20:17 . 2012-05-03 20:17 4250112 c:\windows\Installer\195db9.msi
+ 2012-05-03 20:17 . 2012-05-03 20:17 4175360 c:\windows\Installer\195daf.msi
+ 2012-05-03 20:17 . 2012-05-03 20:17 3410944 c:\windows\Installer\195da5.msi
+ 2012-05-03 20:17 . 2012-05-03 20:17 5124096 c:\windows\Installer\195da0.msp
+ 2012-05-03 20:17 . 2012-05-03 20:17 6661632 c:\windows\Installer\195d96.msi
+ 2012-05-03 20:16 . 2012-05-03 20:16 1070592 c:\windows\Installer\195d87.msi
+ 2012-05-03 20:10 . 2012-05-03 20:10 1492992 c:\windows\Installer\195d7a.msi
+ 2012-05-03 20:16 . 2012-05-03 20:16 3734016 c:\windows\Installer\195d5e.msp
+ 2012-05-03 20:15 . 2012-05-03 20:15 2957312 c:\windows\Installer\195c49.msp
+ 2012-05-03 20:14 . 2012-05-03 20:14 8313856 c:\windows\Installer\195c2f.msi
+ 2012-05-03 20:13 . 2012-05-03 20:13 5868544 c:\windows\Installer\195bfd.msp
+ 2012-05-03 20:13 . 2012-05-03 20:13 3734016 c:\windows\Installer\195b90.msi
+ 2012-05-03 20:12 . 2012-05-03 20:12 3664384 c:\windows\Installer\195b8c.msi
+ 2012-05-03 20:12 . 2012-05-03 20:12 5535744 c:\windows\Installer\195b82.msp
+ 2012-05-03 20:12 . 2012-05-03 20:12 3312128 c:\windows\Installer\195b2d.msp
+ 2012-05-03 20:12 . 2012-05-03 20:12 8332288 c:\windows\Installer\195b11.msi
+ 2012-05-03 20:11 . 2012-05-03 20:11 2310656 c:\windows\Installer\195afd.msi
+ 2012-05-03 20:11 . 2012-05-03 20:11 1139712 c:\windows\Installer\195af9.msp
+ 2012-05-03 20:10 . 2012-05-03 20:10 4004864 c:\windows\Installer\195ae1.msi
+ 2012-05-03 20:10 . 2012-05-03 20:10 2343936 c:\windows\Installer\195aca.msi
+ 2012-05-03 20:10 . 2012-05-03 20:10 4680704 c:\windows\Installer\195abb.msi
+ 2012-05-03 20:10 . 2012-05-03 20:10 2932224 c:\windows\Installer\195ab7.msp
+ 2012-05-03 20:10 . 2012-05-03 20:10 7710720 c:\windows\Installer\195a8e.msi
+ 2012-05-03 20:09 . 2012-05-03 20:09 4426240 c:\windows\Installer\195a85.msp
+ 2012-05-03 20:09 . 2012-05-03 20:09 9433088 c:\windows\Installer\195a76.msi
+ 2012-05-03 20:11 . 2012-05-03 20:11 8822784 c:\windows\Installer\195a65.msi
+ 2010-09-23 04:17 . 2010-09-23 04:17 2668392 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\startupres.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 1378160 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLXMediaPublishSubscribe.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 1245552 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoVoyager.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 1342320 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoViewer.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 1877872 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXPhotoAcq.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 4824432 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXFaceRecognition.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 1507184 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\WLXAlbumDownloadWizardResources.dll
+ 2010-09-23 04:32 . 2010-09-23 04:32 7559024 c:\windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502\Imaging.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2010-09-23 03:28 . 2010-09-23 03:28 1043312 c:\windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502\LivePlatform.dll
+ 2010-09-23 04:17 . 2010-09-23 04:17 1204584 c:\windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133\15.4.3502\wlarp.exe
+ 2012-05-03 22:41 . 2012-05-03 22:41 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a724add261acf0344e45068d5b27c66a\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 7025152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56cbcc886f21818df024d05a0d44ad10\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\468c893374af1c2a332119ff0de5bc26\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-05-03 22:41 . 2012-05-03 22:41 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3de55a3b00709c87b1b685da6b763d77\WindowsLive.Writer.Localization.ni.dll
+ 2011-12-11 23:56 . 2012-05-07 22:22 28027676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2245802825-2973198427-4188101990-1001-8192.dat
+ 2012-04-04 11:17 . 2012-04-04 11:17 16613376 c:\windows\Installer\5075f.msp
+ 2012-05-03 20:16 . 2012-05-03 20:16 11846656 c:\windows\Installer\195d55.msi
+ 2012-05-03 20:16 . 2012-05-03 20:16 14624256 c:\windows\Installer\195cb3.msp
+ 2012-05-03 20:16 . 2012-05-03 20:16 34193408 c:\windows\Installer\195c87.msi
+ 2012-05-03 20:13 . 2012-05-03 20:13 13850624 c:\windows\Installer\195be6.msi
+ 2012-05-03 20:12 . 2012-05-03 20:12 22647296 c:\windows\Installer\195b5c.msi
+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 253088]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\117D.tmp [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 12:09]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2245802825-2973198427-4188101990-1001Core.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 20:23]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2245802825-2973198427-4188101990-1001UA.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 20:23]
.
2012-05-06 c:\windows\Tasks\HPCeeScheduleForUSER.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-15 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\majh2f7i.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\117D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2245802825-2973198427-4188101990-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:d8,15,16,ee,d4,29,46,ea,7d,93,c8,0b,74,72,36,b1,7c,1b,68,4e,7e,e8,50,
bc,57,41,6c,84,50,70,d6,c9,ee,ec,81,69,b2,d7,cd,bd,d1,48,c9,21,97,63,9f,3e,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-05-07 18:27:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-07 22:27
ComboFix2.txt 2012-04-29 14:54
.
Pre-Run: 313,029,058,560 bytes free
Post-Run: 312,806,936,576 bytes free
.
- - End Of File - - 5022BD2A4E93BAF86ABA13557FD20D43

#14 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:07:15 PM

Posted 07 May 2012 - 06:03 PM

Excellent work infected32! You can delete the DDS utility and related logs. Next, please click start, then in the "Search programs and files" box, type Run. When the "Run" box opens, copy/paste the following, then press the Enter key:
ComboFix /Uninstall

Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

To assist in the prevention of malicious software intrusion and infections, you can begin by reading "How to boost your malware defense and protect your PC"...

Please remember to keep antivirus software on board and always use it's real time protection feature. Run a complete system scan at least once a week...preferably in Safe mode.

A word of caution
Security vendors, in recent years, have partnered with "Ask.com" in providing the "Ask Toolbar" bundled with their download(s).

Although the toolbar is considered to be a Legitimate program, it is nonetheless questionable as to it's behavior. It is alleged to be spyware/adware as the behavior of this application tracks a user's history and sends "search" information to it's servers in order to provide a user with targeted search results, many of these results may also be for questionable web sites. In fairness, one should keep in mind, google does the same thing regarding search results.

This tracking is considered by many of us in the security field, to be offensive.

Some of the "Download links" that I may provide, may also contain this program bundled with it. If you choose not to use it, the bundled software will always contain an "Opt Out" measure via some checkbox. The user can check (or uncheck) this box to prevent the download.

If a user isn't cautious and may have mistakenly installed this program, it can easily be removed via the "Uninstall" string provided with the software. Detailed instructions how to remove the program can be found Here.

If your antivirus program is a licensed version that is about to expire, you can consider using one of these available free on the public domain:

Microsoft Security Essentials
AntiVir Personal Edition Classic
Avast! 4 Home Edition

Those of us in the online safety/security community have tried and tested these programs to determine their abilities. Having in mind, nothing is ever a guarantee regarding computer security, these programs nevertheless, combined with the rest of these recommendations are certain to have an impact in helping to keep your system running free and clear. I personally have been completely satisfied from having tested and used each one of those at one time or another.

Immunize your browser by installing Spywareblaster. What does it do?
  • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restricts the actions of potentially unwanted sites in Internet Explorer.
Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

Web of Trust, (WOT,) warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an add-on available for both Firefox and IE.

Install the Winpatrol security monitor utility. WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. What I hear most from users is how much they like the startup control feature and it's ease of use. Need help understanding something about Winpatol? Here it is.

Windows Vista and Windows 7 have a software firewall built in and activated by default. This native firewall is a big improvement and is fine by itself. However, there are third party software Firewalls that offer a bit more configuration options.

Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason. I should also mention, if you choose to use a third party firewall, make certain the Windows firewall is turned off to prevent conflict issues.

...and please remember, you should have only one of these types of third party firewalls running on board:

Zone Alarm...Windows 2k/XP/Vista

Outpost Free

Comodo...I highly recommend this firewall, but it may just be best suited for advanced users.

Stay updated with the most recent Windows patches using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

Run CCleaner often. Please avoid using the "registry" cleaning feature of this utility unless you consider yourself an expert. Contrary to popular thought, the Windows Registry has no need of any "cleaning". I personally challenge anyone to show a substantial benefit from having used any of these "registry cleaning" programs. There is none. Any difference at all is so miniscule that it's nearly impossible to calculate.

On the flip side, rather than any benefit, there is the possibility of slicing out enough pieces of the registry to render things useless...and that includes the operating system.

By default, CCleaner will ask you if you want to backup what is removed, and I suggest you do just that. If you have already used this option and found that something no longer works properly, please find the backup that was created and use it to restore that particular item. Remember, using this to clean the disk is absolutely useful and beneficial. A novice needs only to use the disk cleaning feature...and avoid the registry cleaning aspect. It's not difficult...just don't bother to click the Registry button on the menu.

CCleaner is an excellent...and fast disk cleaning utility that can easily be configured to suit your needs. Often, users find a simple reboot resolves a quirky performance issue which can come about as a result of the collection of temp files while browsing the web...and if you configure CCleaner to run on start up, then your system could be kept running fast and clean with each new user session.

The Yahoo Toolbar is included by default during the installation of the CCleaner utility...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...last download link at the bottom of that page)...

Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files.

Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files.

Don't forget to check your system's "defragmenter" settings. With Windows Vista, you have the option to set this as a scheduled event. It is best to have your system's "defrag" function scheduled for at least once a week.

So how did I get infected in the first place?
Regards, and Happy Surfing!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#15 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:07:15 PM

Posted 07 May 2012 - 06:34 PM

This issue appears resolved and the thread is closed to prevent others from posting here. Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users