I could not run Defogger, Win7 said "You must be administrator to run Defogger." My login is administrator, or at least should be, and was when I first got this machine.
So I skipped step #6 after no response to my original post:
- Step 7: Ran
- Step 8: skipped GMER per instructions as i'm running 64bit
Any ideas what I have/had? (sorry, I ran combofix before hitting this site...)
Problem: My machine is intermittently sluggish after a clean-up attempt and I fear lingering processes might be running still.
At risk of being too verbose:
I have a brand spanking new work machine - dell latitude E6420; brand spanking new image with Windows7 pro 64-bit, quad core i5, 8GB memory. With this throughput the symptoms aren't super noticible to the unobserving eye but i've been using it and notice new lags.
I don't want the PC guys to re-image and the guy I worked with thought everything was just fine on it. However he didn't know about the "Hide system files (recommended)" setting in windows explorer View menu, so, well, here I am.
Friend's netbook had a bug and I copied files onto a USB stick, opening via notepad on my machine. Well I clicked something wrong and opened the file, not open as notepad, and some sort of window I don't remember popped up. Mighta beena .cab file? Things got a little sluggish after, strange directories started appearing, a bogus user got added, duplicate processes running like Dropbox.exe, but one was not the normal ProgramFiles location. c:\SystemVolumeInformation being created...
- McAfee - clean scan. Configured profile to not omit any file type (zip or (mme?)) and rescanned - clean.
- Ran Malwarebytes - clean. Don't remember if it was in safe mode.
- Safe mode: autoruns.exe - nixed some processes, don't remember. I'm impulsive...
- deleted bogus user, after which I noticed some of the random behavior went away
- still have a file dd_vsto_ret20MSI5E2F.txt, which says it installed "c:\4cd......90b\trin_trir.msi This isn't normal..
(at this point I plugged in the same flash drive and McAfee EndPoint Detection sniffed out a GameVance executable and deleted it)
- IT Desktop Support guy created new Windows profile
However, strange files/directories still showing up in new profile:
- c:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab and wsus3setup.cab still being updated
- $RECYCLE.BIN directory?? (is this normal win7 ??)
- hidden "Documents and Settings" folder (was told that's an XP-only folder, not win7). Access denied.
- McAfee - clean scan.
- Configured McAfee profile to _not_ omit any file type (nor zip or (mme?)) and rescanned - clean.
- friend told me to run ComboFix, so ran it. Some .vir files were created in Quarantine.
- Gave up
I'm new to windows7 and the files and folders are a different from XP, and could be normal and I could be paranoid...
I'm suspicious still because the mouse starts to lag on occasion, which shouldn't happen on a new, fast machine. Also, svchost.exe will fire up taking lots of processor on occasion, kicking on the machine's fan. I created a mini dump but haven't figured out how to view it yet.