TechSpot

Sirefef with 1 minute reboot

By KrisK
Jul 26, 2012
  1. I also seem to be having the same issues as everyone else. This virus was somehow able to install itself and after running MSE in safe mode, I determined it was sirefef and when trying to remove or quarantine it with MSE, it forces a restart. I have included the logs from both the FRST scan and the specific Search of services.exe. Thanks for any help you can give!

    1 - FRST.txt

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 26-07-2012 07:00:17
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1617920 2011-01-26] (Intel® Corporation)
    HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-07-27] (Intel(R) Corporation)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-01-16] (IDT, Inc.)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-10-21] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-10-21] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-10-21] (Intel Corporation)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2012-01-16] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-03-08] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-01-31] ()
    HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
    HKU\Kris\...\Run: [F.lux] "C:\Users\Kris\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
    HKU\Kris\...\Run: [ShutdownGuard] "C:\Program Files\ShutdownGuard\ShutdownGuard.exe" -hide [46080 2010-12-05] (Stefan Sundin)
    HKU\Kris\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-16] (Valve Corporation)
    HKU\Kris\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-17] ()
    HKU\Kris\...\Run: [RadeonPro] "C:\Program Files (x86)\RadeonPro\RadeonPro.exe" [1832448 2011-02-09] (Mr. John aka japamd)
    HKU\Kris\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [642424 2012-02-08] (BitTorrent, Inc.)
    HKU\Kris\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2012-03-08] (AMD)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
    Startup: C:\Users\Kris\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ======

    3 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
    3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1071160 2011-02-15] (Hewlett-Packard Development Company L.P.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-07-16] ()
    2 RadeonPro Support Service; "C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe" [12800 2011-02-09] (Mr. John aka japamd)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-22] (Intel Corporation)

    ========================== Drivers (Whitelisted) =============

    3 tap0801; C:\Windows\System32\Drivers\tap0801.sys [30720 2005-04-13] (The OpenVPN Project)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-26 02:16 - 2012-07-26 02:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5C1E33B99AF709D0
    2012-07-26 02:16 - 2012-07-26 02:16 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\husehwaz.sys
    2012-07-26 01:45 - 2012-07-26 01:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C64FE463A62EB169
    2012-07-26 01:35 - 2012-07-26 01:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.87992FDC4C857C96
    2012-07-26 01:30 - 2012-07-26 01:31 - 00003191 ____A C:\Windows\WindowsUpdate.log
    2012-07-26 01:30 - 2012-07-26 01:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-26 01:30 - 2012-07-26 01:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-26 01:29 - 2012-07-26 01:29 - 12621696 ____A (Microsoft Corporation) C:\Users\Kris\Downloads\mseinstall.exe
    2012-07-26 01:18 - 2012-07-26 01:18 - 00000056 ____A C:\Windows\setupact.log
    2012-07-26 01:18 - 2012-07-26 01:18 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-24 23:32 - 2012-07-24 23:32 - 00000000 ____D C:\Program Files (x86)\EPUB to MOBI
    2012-07-24 23:28 - 2012-07-24 23:28 - 01519124 ____A (epubtomobi.com ) C:\Users\Kris\Downloads\epubtomobi_setup.exe
    2012-07-23 12:41 - 2012-07-25 08:43 - 00000000 ____D C:\Users\Kris\AppData\Local\Downloaded Installations
    2012-07-23 12:40 - 2012-07-23 12:41 - 16884522 ____A (Oleg N. Scherbakov) C:\Users\Kris\Downloads\su-setup.exe
    2012-07-23 07:51 - 2012-07-23 07:51 - 00064080 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
    2012-07-21 21:42 - 2012-07-24 12:22 - 00000000 ____D C:\Users\Kris\AppData\Roaming\six-updater
    2012-07-21 21:42 - 2012-07-23 21:36 - 00000000 ____D C:\Users\Kris\AppData\Local\SIX_Projects
    2012-07-21 21:42 - 2012-07-21 21:42 - 00000000 ____D C:\Users\Kris\AppData\Roaming\six-zsync
    2012-07-21 21:41 - 2012-07-21 21:41 - 00000000 ____D C:\Program Files (x86)\SIX Projects
    2012-07-21 20:35 - 2012-07-25 08:47 - 00000000 ____D C:\Users\Kris\AppData\Local\ArmA 2 OA
    2012-07-21 20:26 - 2012-07-23 13:06 - 00000000 ____D C:\Users\Kris\Documents\ArmA 2
    2012-07-21 20:26 - 2012-07-21 20:26 - 00000000 ____D C:\Users\Kris\AppData\Local\ArmA 2
    2012-07-20 21:25 - 2012-07-20 21:25 - 00000000 ____D C:\Program Files\ATI
    2012-07-20 14:20 - 2012-07-20 14:20 - 00000000 ____D C:\Users\Kris\AppData\Roaming\ATI
    2012-07-20 14:20 - 2012-07-20 14:20 - 00000000 ____D C:\Users\Kris\AppData\Local\ATI
    2012-07-20 14:20 - 2012-07-20 14:20 - 00000000 ____D C:\Users\All Users\ATI
    2012-07-20 13:23 - 2012-07-20 13:23 - 00000000 ____D C:\Users\All Users\AMD
    2012-07-20 13:19 - 2012-07-20 13:22 - 00000000 ____D C:\Program Files\ATI Technologies
    2012-07-20 11:09 - 2012-07-20 11:09 - 00000000 ____D C:\Program Files\HTC
    2012-07-20 11:08 - 2012-07-20 11:08 - 00000000 ____D C:\Program Files (x86)\HTC
    2012-07-19 22:02 - 2012-07-19 22:03 - 00389606 ____A C:\Users\Kris\Downloads\Wrath of the Lamb Version 1.48 (CT Version 1.0 Final).CT
    2012-07-18 16:21 - 2012-07-18 16:21 - 00000000 ____D C:\Users\Kris\Documents\Gaslamp Games
    2012-07-18 11:36 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-18 11:31 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-18 11:31 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-18 11:31 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-18 11:31 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-18 11:31 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-18 11:31 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-18 11:31 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-18 11:31 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-18 11:31 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-18 11:31 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-18 11:31 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-18 11:31 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-18 11:31 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-18 11:31 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-18 11:31 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-18 11:31 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-18 11:31 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-18 11:31 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-18 11:31 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-18 11:31 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-18 11:31 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-18 11:31 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-18 11:31 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-18 11:31 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-18 11:31 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-18 11:31 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-18 11:31 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-18 11:31 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-18 11:30 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-18 11:30 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-18 11:30 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-18 11:30 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-18 11:30 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-18 11:30 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-18 11:30 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-18 11:30 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-18 11:30 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-18 11:30 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-18 11:30 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-18 11:30 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-18 11:30 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-18 11:30 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-18 11:30 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-18 11:30 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-18 11:30 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-18 11:30 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-18 11:30 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-08 20:53 - 2012-07-08 20:54 - 00000000 ____D C:\Program Files (x86)\OpenVPN
    2012-07-08 20:51 - 2012-07-08 20:51 - 01685512 ____A C:\Users\Kris\Downloads\openvpn-2.1_rc19-install.exe
    2012-07-07 21:02 - 2012-07-07 21:02 - 01549882 ____A C:\Users\Kris\Downloads\desmume-0.9.8-win64.zip
    2012-07-07 20:57 - 2012-07-07 20:57 - 00161188 ____A C:\Users\Kris\Downloads\NO$GBA.2.6a.zip
    2012-07-05 21:03 - 2012-07-05 21:03 - 00043976 ____A C:\Users\Kris\Documents\bookmarks.html
    2012-07-05 20:13 - 2012-07-05 20:13 - 00000000 ____D C:\Program Files (x86)\CDisplay
    2012-07-05 20:12 - 2012-07-05 20:12 - 01158444 ____A C:\Users\Kris\Downloads\setup.zip
    2012-07-05 14:34 - 2012-07-11 21:46 - 00000600 ____A C:\Users\Kris\AppData\Local\PUTTY.RND
    2012-07-04 15:04 - 2012-07-04 17:08 - 00000600 ____A C:\Users\Kris\AppData\Roaming\winscp.rnd
    2012-07-04 15:04 - 2012-07-04 15:04 - 00000000 ____D C:\Program Files (x86)\WinSCP
    2012-07-04 14:50 - 2012-07-04 14:45 - 05527637 ____A C:\Users\Kris\Downloads\Torrent Backups.rar
    2012-07-04 13:28 - 2012-07-04 13:28 - 03390816 ____A (Martin Prikryl ) C:\Users\Kris\Downloads\winscp438setup-sponsored.exe
    2012-07-04 10:20 - 2012-07-04 10:20 - 01119521 ____A C:\Users\Kris\Downloads\openvpn-2.0.9-gui-1.0.3-install.exe
    2012-07-03 22:04 - 2012-07-03 22:19 - 278998882 ____A (leshcat ) C:\Users\Kris\Downloads\Catalyst_12.6_WHQL_UnifL.exe
    2012-07-01 14:47 - 2012-07-01 14:48 - 04903985 ____A (Skylabs) C:\Users\Kris\Downloads\OCTGN Setup-3.0.1.11.exe
    2012-06-28 16:51 - 2012-07-25 20:17 - 00000000 ____D C:\Users\Kris\Feral
    2012-06-28 16:24 - 2012-07-25 17:23 - 00000000 ____D C:\Users\Kris\AppData\Roaming\FileZilla
    2012-06-28 16:24 - 2012-06-28 16:24 - 00001960 ____A C:\Users\Public\Desktop\FileZilla Client.lnk
    2012-06-28 16:23 - 2012-06-28 16:24 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
    2012-06-28 16:23 - 2012-06-28 16:23 - 04518720 ____A (FileZilla Project) C:\Users\Kris\Downloads\FileZilla_3.5.3_win32-setup.exe


    ============ 3 Months Modified Files ========================

    2012-07-26 02:16 - 2012-07-26 02:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5C1E33B99AF709D0
    2012-07-26 02:16 - 2012-07-26 02:16 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\husehwaz.sys
    2012-07-26 02:05 - 2009-07-13 21:13 - 00795444 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-26 01:45 - 2012-07-26 01:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C64FE463A62EB169
    2012-07-26 01:35 - 2012-07-26 01:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.87992FDC4C857C96
    2012-07-26 01:31 - 2012-07-26 01:30 - 00003191 ____A C:\Windows\WindowsUpdate.log
    2012-07-26 01:30 - 2011-08-16 21:13 - 00809594 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-26 01:30 - 2011-08-16 21:13 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-26 01:29 - 2012-07-26 01:29 - 12621696 ____A (Microsoft Corporation) C:\Users\Kris\Downloads\mseinstall.exe
    2012-07-26 01:26 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-26 01:26 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-26 01:18 - 2012-07-26 01:18 - 00000056 ____A C:\Windows\setupact.log
    2012-07-26 01:18 - 2012-07-26 01:18 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-26 01:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-26 00:43 - 2012-05-16 23:30 - 00001069 ____A C:\Users\Public\Desktop\Malwarebyte.lnk
    2012-07-24 23:28 - 2012-07-24 23:28 - 01519124 ____A (epubtomobi.com ) C:\Users\Kris\Downloads\epubtomobi_setup.exe
    2012-07-23 12:41 - 2012-07-23 12:40 - 16884522 ____A (Oleg N. Scherbakov) C:\Users\Kris\Downloads\su-setup.exe
    2012-07-23 07:51 - 2012-07-23 07:51 - 00064080 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
    2012-07-23 07:51 - 2011-08-17 17:46 - 00064080 ____A C:\Users\Kris\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-20 08:55 - 2012-02-09 04:58 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForKris.job
    2012-07-19 22:03 - 2012-07-19 22:02 - 00389606 ____A C:\Users\Kris\Downloads\Wrath of the Lamb Version 1.48 (CT Version 1.0 Final).CT
    2012-07-19 15:09 - 2012-01-16 16:25 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-07-19 15:08 - 2012-01-16 17:29 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-07-19 13:16 - 2009-07-13 20:45 - 00293480 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-18 11:32 - 2011-08-16 21:04 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-17 08:06 - 2012-04-01 12:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-17 08:06 - 2011-08-17 18:03 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 21:46 - 2012-07-05 14:34 - 00000600 ____A C:\Users\Kris\AppData\Local\PUTTY.RND
    2012-07-08 20:51 - 2012-07-08 20:51 - 01685512 ____A C:\Users\Kris\Downloads\openvpn-2.1_rc19-install.exe
    2012-07-08 19:05 - 2012-05-20 09:58 - 00022528 __ASH C:\Users\Kris\Thumbs.db
    2012-07-07 21:02 - 2012-07-07 21:02 - 01549882 ____A C:\Users\Kris\Downloads\desmume-0.9.8-win64.zip
    2012-07-07 20:57 - 2012-07-07 20:57 - 00161188 ____A C:\Users\Kris\Downloads\NO$GBA.2.6a.zip
    2012-07-05 21:03 - 2012-07-05 21:03 - 00043976 ____A C:\Users\Kris\Documents\bookmarks.html
    2012-07-05 20:12 - 2012-07-05 20:12 - 01158444 ____A C:\Users\Kris\Downloads\setup.zip
    2012-07-04 17:08 - 2012-07-04 15:04 - 00000600 ____A C:\Users\Kris\AppData\Roaming\winscp.rnd
    2012-07-04 14:45 - 2012-07-04 14:50 - 05527637 ____A C:\Users\Kris\Downloads\Torrent Backups.rar
    2012-07-04 13:28 - 2012-07-04 13:28 - 03390816 ____A (Martin Prikryl ) C:\Users\Kris\Downloads\winscp438setup-sponsored.exe
    2012-07-04 10:20 - 2012-07-04 10:20 - 01119521 ____A C:\Users\Kris\Downloads\openvpn-2.0.9-gui-1.0.3-install.exe
    2012-07-03 22:40 - 2011-07-27 23:38 - 00000352 ____A C:\Users\Kris\Documents\Links.txt
    2012-07-03 22:19 - 2012-07-03 22:04 - 278998882 ____A (leshcat ) C:\Users\Kris\Downloads\Catalyst_12.6_WHQL_UnifL.exe
    2012-07-03 09:46 - 2011-08-16 21:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-01 14:48 - 2012-07-01 14:47 - 04903985 ____A (Skylabs) C:\Users\Kris\Downloads\OCTGN Setup-3.0.1.11.exe
    2012-06-28 16:24 - 2012-06-28 16:24 - 00001960 ____A C:\Users\Public\Desktop\FileZilla Client.lnk
    2012-06-28 16:23 - 2012-06-28 16:23 - 04518720 ____A (FileZilla Project) C:\Users\Kris\Downloads\FileZilla_3.5.3_win32-setup.exe
    2012-06-25 12:04 - 2012-06-25 12:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2012-06-22 15:08 - 2012-06-22 15:08 - 07171633 ____A (Dark Byte ) C:\Users\Kris\Downloads\CheatEngine62.exe
    2012-06-21 19:44 - 2012-06-21 19:44 - 00002543 ____A C:\Users\Kris\Desktop\Magic The Gathering.lnk
    2012-06-20 11:59 - 2012-06-20 11:59 - 00001777 ____A C:\Users\Kris\Documents\Wilmington Info.txt
    2012-06-20 09:19 - 2012-06-20 09:19 - 00001825 ____A C:\Users\Kris\Desktop\OCTGN.lnk
    2012-06-19 23:33 - 2012-06-19 23:33 - 00000988 ____A C:\Users\Kris\Desktop\Magic Workstation.lnk
    2012-06-19 23:33 - 2012-06-19 23:33 - 00000941 ____A C:\Users\Kris\Desktop\MWS Online Play.lnk
    2012-06-19 23:33 - 2012-06-19 23:32 - 09690219 ____A C:\Users\Kris\Downloads\mws094f.exe
    2012-06-14 19:40 - 2011-11-09 22:00 - 00581837 ____A C:\Users\Kris\Downloads\SolEditInstall.exe
    2012-06-11 19:08 - 2012-07-18 11:36 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-18 11:30 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-18 11:30 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-18 11:30 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-18 11:30 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-18 11:30 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-18 11:30 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-18 11:30 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-18 11:30 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 14:19 - 2012-06-19 02:36 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-19 02:36 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-19 02:36 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-19 02:36 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-19 02:36 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-19 02:36 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-19 02:36 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-19 02:36 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-19 02:36 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:49 - 2012-07-18 11:31 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-18 11:31 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-18 11:31 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-18 11:31 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-18 11:31 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-18 11:31 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-18 11:31 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-18 11:31 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-18 11:31 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-18 11:31 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-18 11:31 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-18 11:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-18 11:31 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-18 11:31 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-18 11:31 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-18 11:31 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-18 11:31 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-18 11:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-18 11:31 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-18 11:31 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-18 11:31 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-18 11:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-18 11:31 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-18 11:31 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-18 11:31 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-18 11:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-18 11:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-18 11:31 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:50 - 2012-07-18 11:30 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-18 11:30 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-18 11:30 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-18 11:30 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-18 11:30 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-18 11:30 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-18 11:30 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-18 11:30 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-18 11:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-26 16:00 - 2012-05-26 16:00 - 00000068 ____A C:\Users\Kris\Documents\Bnet.txt
    2012-05-26 13:58 - 2012-05-26 13:58 - 00000000 ____A C:\Windows\ativpsrm.bin
    2012-05-26 11:12 - 2012-05-26 10:30 - 284703496 ____A (leshcat ) C:\Users\Kris\Downloads\Catalyst_12.3_UP2_UnifL.exe
    2012-05-26 10:32 - 2012-05-26 10:31 - 01691498 ____A C:\Users\Kris\Documents\Izalith - One.3ga
    2012-05-26 10:31 - 2012-05-26 10:31 - 02072188 ____A C:\Users\Kris\Documents\Izalith - Two.3ga
    2012-05-24 13:21 - 2012-05-24 13:21 - 00001082 ____A C:\Users\Kris\Desktop\MSI Afterburner.lnk
    2012-05-24 13:21 - 2012-05-24 13:21 - 00000931 ____A C:\Users\Kris\Desktop\RadeonPro.lnk
    2012-05-21 21:55 - 2012-05-21 21:55 - 02442688 ____A (Mr. John aka japamd ) C:\Users\Kris\Downloads\RadeonPro_RC1.exe
    2012-05-21 21:50 - 2012-05-21 21:48 - 24139013 ____A C:\Users\Kris\Downloads\MSIAfterburnerSetup221.zip
    2012-05-21 19:19 - 2012-05-21 19:19 - 00001542 ____A C:\Users\Kris\AppData\Local\PDLSetup.20120521.231907.txt
    2012-05-21 18:09 - 2012-05-21 18:04 - 02162441 ____A C:\Users\Kris\Downloads\RadarSync PC Updater 3.7+Patch[h33t][eSpNs].rar
    2012-05-21 14:48 - 2012-05-21 14:48 - 08134792 ____A C:\Users\Kris\Documents\torrent backups .rar
    2012-05-21 14:13 - 2012-05-21 14:13 - 08140200 ____A C:\Users\Kris\Documents\utorrent backup.utb
    2012-05-20 23:16 - 2012-05-20 23:14 - 00001149 ____A C:\Users\Public\Desktop\Diablo III.lnk
    2012-05-20 23:10 - 2012-05-20 23:02 - 32288896 ____A (Blizzard Entertainment) C:\Users\Kris\Downloads\Diablo-III-Setup-enUS.exe
    2012-05-20 14:48 - 2012-05-20 14:48 - 00000967 ____A C:\Users\Public\Desktop\PowerISO.lnk
    2012-05-16 23:15 - 2011-08-23 16:58 - 00001798 ____A C:\Users\All Users\hpzinstall.log
    2012-05-14 08:12 - 2012-04-28 18:16 - 00007597 ____A C:\Users\Kris\AppData\Local\resmon.resmoncfg
    2012-05-12 15:43 - 2011-08-16 22:29 - 05227019 ____A C:\Users\Kris\Downloads\namebench-1.3.1-Windows.exe
    2012-05-04 03:06 - 2012-06-14 15:37 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 03:00 - 2012-06-14 15:37 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-05-04 02:03 - 2012-06-14 15:37 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-14 15:37 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 01:59 - 2012-06-14 15:37 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-04-30 21:40 - 2012-06-14 15:37 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

    ZeroAccess:
    C:\Users\Kris\AppData\Local\{17fa1868-de07-0457-3d17-6e3b055b5d80}
    C:\Users\Kris\AppData\Local\{17fa1868-de07-0457-3d17-6e3b055b5d80}\@
    C:\Users\Kris\AppData\Local\{17fa1868-de07-0457-3d17-6e3b055b5d80}\L
    C:\Users\Kris\AppData\Local\{17fa1868-de07-0457-3d17-6e3b055b5d80}\n
    C:\Users\Kris\AppData\Local\{17fa1868-de07-0457-3d17-6e3b055b5d80}\U
    C:\Users\Kris\AppData\Local\{17fa1868-de07-0457-3d17-6e3b055b5d80}\U\00000001.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 11%
    Total physical RAM: 8139.86 MB
    Available physical RAM: 7230.03 MB
    Total Pagefile: 8138.01 MB
    Available Pagefile: 7222.97 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:683.99 GB) (Free:53.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:14.36 GB) (Free:1.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
    5 Drive h: () (Removable) (Total:14.8 GB) (Free:14.79 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 698 GB 0 B
    Disk 1 Online 14 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 683 GB 200 MB
    Partition 3 Primary 14 GB 684 GB
    Partition 4 Primary 102 MB 698 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 683 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 102 MB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 1240 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT32 Removable 14 GB Healthy

    ==================================================================================

    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


    ==========================================================

    Last Boot: 2012-07-18 14:55

    ======================= End Of Log ==========================

    2 - Search.txt

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-26 07:02:38
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  3. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    Thanks for helping! Everything seems to be fine with the reboot. I do notice 2 desktop.ini files sitting on my desktop that weren't previously there.

    1 - Fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-26 13:08:32 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Users\Kris\AppData\Local\{17fa1868-de07-0457-3d17-6e3b055b5d80} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  5. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    Combofix Log

    ComboFix 12-07-27.02 - Kris 07/27/2012 4:17.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5874 [GMT -4:00]
    Running from: c:\users\Kris\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\programdata\Roaming
    c:\windows\SysWow64\sqlite3.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-27 08:24 . 2012-07-27 08:24 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA6AE2F7-EC3B-473B-A3F3-58A0FD8A7E91}\offreg.dll
    2012-07-26 22:25 . 2012-07-26 22:25 -------- d-----w- c:\users\Kris\AppData\Roaming\KeePass
    2012-07-26 22:20 . 2012-07-26 22:20 -------- d-----w- c:\program files (x86)\KeePass Password Safe
    2012-07-26 15:00 . 2012-07-26 15:00 -------- d-----w- C:\FRST
    2012-07-26 10:16 . 2012-07-26 10:16 328704 ----a-w- c:\windows\system32\services.exe.5C1E33B99AF709D0
    2012-07-26 09:45 . 2012-07-26 09:45 328704 ----a-w- c:\windows\system32\services.exe.C64FE463A62EB169
    2012-07-26 09:35 . 2012-07-26 09:35 328704 ----a-w- c:\windows\system32\services.exe.87992FDC4C857C96
    2012-07-26 09:34 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5737787-C8DF-4EC4-A4BC-EE17E354A891}\gapaengine.dll
    2012-07-26 09:34 . 2012-07-16 06:40 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA6AE2F7-EC3B-473B-A3F3-58A0FD8A7E91}\mpengine.dll
    2012-07-26 09:30 . 2012-07-26 09:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-26 09:30 . 2012-07-26 09:30 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-25 07:32 . 2012-07-25 07:32 -------- d-----w- c:\program files (x86)\EPUB to MOBI
    2012-07-23 20:41 . 2012-07-25 16:43 -------- d-----w- c:\users\Kris\AppData\Local\Downloaded Installations
    2012-07-22 05:42 . 2012-07-24 20:22 -------- d-----w- c:\users\Kris\AppData\Roaming\six-updater
    2012-07-22 05:42 . 2012-07-22 05:42 -------- d-----w- c:\users\Kris\AppData\Roaming\six-zsync
    2012-07-22 05:42 . 2012-07-24 05:36 -------- d-----w- c:\users\Kris\AppData\Local\SIX_Projects
    2012-07-22 05:41 . 2012-07-22 05:41 -------- d-----w- c:\program files (x86)\SIX Projects
    2012-07-22 04:35 . 2012-07-27 02:52 -------- d-----w- c:\users\Kris\AppData\Local\ArmA 2 OA
    2012-07-22 04:26 . 2012-07-22 04:26 -------- d-----w- c:\users\Kris\AppData\Local\ArmA 2
    2012-07-21 05:25 . 2012-07-21 05:25 -------- d-----w- c:\program files\ATI
    2012-07-20 22:20 . 2012-07-20 22:20 -------- d-----w- c:\users\Kris\AppData\Roaming\ATI
    2012-07-20 22:20 . 2012-07-20 22:20 -------- d-----w- c:\users\Kris\AppData\Local\ATI
    2012-07-20 22:20 . 2012-07-20 22:20 -------- d-----w- c:\programdata\ATI
    2012-07-20 21:23 . 2012-07-20 21:23 -------- d-----w- c:\programdata\AMD
    2012-07-20 21:19 . 2012-07-20 21:22 -------- d-----w- c:\program files\ATI Technologies
    2012-07-20 19:09 . 2012-07-20 19:09 -------- d-----w- c:\program files\HTC
    2012-07-20 19:08 . 2012-07-20 19:08 -------- d-----w- c:\program files (x86)\HTC
    2012-07-19 21:18 . 2012-07-19 21:18 -------- d-----w- c:\users\Kris\temp
    2012-07-18 19:36 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-18 19:30 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-07-09 04:53 . 2012-07-09 04:54 -------- d-----w- c:\program files (x86)\OpenVPN
    2012-07-06 04:13 . 2012-07-06 04:13 -------- d-----w- c:\program files (x86)\CDisplay
    2012-07-04 23:04 . 2012-07-04 23:04 -------- d-----w- c:\program files (x86)\WinSCP
    2012-06-29 00:51 . 2012-07-26 04:17 -------- d-----w- c:\users\Kris\Feral
    2012-06-29 00:24 . 2012-07-26 01:23 -------- d-----w- c:\users\Kris\AppData\Roaming\FileZilla
    2012-06-29 00:23 . 2012-06-29 00:24 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-18 19:32 . 2011-08-17 05:04 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-17 16:06 . 2012-04-01 20:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-17 16:06 . 2011-08-18 02:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-03 17:46 . 2011-08-17 05:12 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-06-02 22:19 . 2012-06-19 10:36 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 10:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-19 10:36 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 10:36 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 10:36 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-19 10:36 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-19 10:36 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-19 10:36 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-19 10:36 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-04 11:06 . 2012-06-14 23:37 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 11:00 . 2012-06-14 23:37 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-05-04 10:03 . 2012-06-14 23:37 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 23:37 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-04 09:59 . 2012-06-14 23:37 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-05-01 05:40 . 2012-06-14 23:37 209920 ----a-w- c:\windows\system32\profsvc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\Kris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\Kris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\Kris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\Kris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F.lux"="c:\users\Kris\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "ShutdownGuard"="c:\program files\ShutdownGuard\ShutdownGuard.exe" [2010-12-05 46080]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-17 1242448]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-17 3077528]
    "RadeonPro"="c:\program files (x86)\RadeonPro\RadeonPro.exe" [2011-02-10 1832448]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-09 642424]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-17 113288]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
    "VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
    .
    c:\users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Kris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2005-04-13 30720]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-17 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-17 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
    S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-01-31 499200]
    S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-17 2413056]
    S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [2011-02-10 12800]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
    S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-01-31 885248]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704]
    S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-01-18 75264]
    S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-01-18 173568]
    S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-01-18 81920]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-10-21 12310112]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2012-01-17 8604672]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-01-17 91648]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-01-17 208896]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-17 338536]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - RTCORE64
    *NewlyCreated* - WS2IFSL
    *Deregistered* - RTCore64
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-27 c:\windows\Tasks\HPCeeScheduleForKris.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 97792 ----a-w- c:\users\Kris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 97792 ----a-w- c:\users\Kris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 97792 ----a-w- c:\users\Kris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 97792 ----a-w- c:\users\Kris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2011-01-27 1617920]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-17 1128448]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=1956&gct=hp
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.200.1
    FF - ProfilePath - c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\l1ojg8w1.default\
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
    c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-27 04:32:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-27 08:32
    .
    Pre-Run: 63,284,219,904 bytes free
    Post-Run: 63,163,465,728 bytes free
    .
    - - End Of File - - 70AFE915D6A1B25AF8E60F7A1C2B5E48
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi again. Please do these steps in order.

    1. Please download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start
      button to begin the process. Depending on how often you clean temp
      files, execution time should be anywhere from a few seconds to a minute
      or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
    2. Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.

    3. Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
    4. Post the following in your next reply:
    • MBAM log
    • ESET log
    And, please tell me how your computer is doing.
     
  7. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    Thanks again for the help! My computer seems to be doing much better. However, I did turn MSE's active scanner back on, after disabling it to run ComboFix. MSE detected Sirefef, but all 3 cases of it were in FRST's quarantine folder, so I assume that is okay.

    1 - MBAM Log

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.27.11

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kris :: KRIS-HP [administrator]

    7/27/2012 6:20:44 PM
    mbam-log-2012-07-27 (18-20-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 195978
    Time elapsed: 4 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    2 - ESET Log

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    # version=7
    # plugin-container.exe=13.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=81f65f4543fb8e4397e001deb1b0dece
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-28 12:17:27
    # local_time=2012-07-27 08:17:27 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776574 100 94 0 94971693 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=269647
    # found=2
    # cleaned=2
    # scan_time=6404
    C:\Program Files (x86)\Decal 3.0\DHS.dll Win32/Mediyes.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Users\Kris\Downloads\cnet_fences_public_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    (User note: I am uncertain that either of these things ESET identified as trogans/viruses actually were, as I am aware of what both those files were.)
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    If you're sure, then look for them in the directory of C:\Program Files (x86)\ESET Online Scanner\ or C:\Program Files\ESET Online Scanner\

    I believe the quarantine is hidden in one of those.

    Anyway, your logs appear to be clean. If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Please download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start
      button to begin the process. Depending on how often you clean temp
      files, execution time should be anywhere from a few seconds to a minute
      or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran TFC
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
     
  9. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    I completed the list of things to do and everything seems to be running fine.

    Security Check

    se Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 24
    Java(TM) 7
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader X (10.1.0)
    Mozilla Firefox 13.0.1 Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbam.exe
    Spybot Teatimer.exe is disabled!
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````
     
  10. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    Here is my updated Security Check. Thanks again for your help.

    Security Check - Updated
    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot - Search & Destroy
    Secunia PSI (3.0.0.3001)
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 33
    Java(TM) 7 Update 5
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader X (10.1.0)
    Mozilla Firefox (14.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````

    Note: Flash should be fully updated, but it isn't showing up as such, unless it is including the beta build that is out.
     
  11. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    I can't seem to find a way to edit older posts on this forum, but I realized that there was an older version of flash installed underneath the current one, so that is now taken care of. However, I also noticed that there is still a folder left behind from ComboFix, Qoobox (in C:), that was not removed by OTC and can not be deleted. Assuming that is no longer supposed to be there, any help in removing it would be appreciated.

    One final Security Check

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot - Search & Destroy
    Secunia PSI (3.0.0.3001)
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 33
    Java(TM) 7 Update 5
    Adobe Reader X (10.1.0)
    Mozilla Firefox (14.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Probably should remove this old Java version in the Control Panel Programs Applet: Java(TM) 6 Update 33

    To uninstall ComboFix

    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /uninstall
    [​IMG]

    (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

    • Then, press Enter, or click OK.
    • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Any other questions before I mark this topic solved?
     
  13. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    When trying to remove ComboFix, to remove that QooBox folder, I get an "Windows cannot find 'ComboFix'. Make sure you typed the name correctly, and then try again." (And I am typing it correctly, so that is not the issue.)

    Also, MSE will not update. Whenever I try to update the virus definitions I can an "Virus and spyware definitions update failed. Security Essentials couldn't check for virus and spyware definition updates. Check your Internet or network connection and try again. (Error Code: 0x80240022 Error description: Security Essentials couldn't download the definition updates. This might be caused by a missing system file, an incorrect system setting, or a problem with a registry file.)" I have tried reinstalling MSE and it does not fix this issue.

    Thanks again for your help!
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Go ahead and delete any folders from ComboFix. Should be fine!

    Go to Start > type in services.msc and hit Enter.

    Search for Windows Update in the list, right-click and select Start.

    Then, attempt the update again.

    If Windows Update is already started, then Stop it, restart your computer, and try the update again.
     
  15. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    I was able to delete the QooBox folder, but I first had to modify permissions for the folder (specifically the BackEnv folder in it), in order to do so.

    However, MSE will still not update. Windows Update was started, so I stopped it and restarted. I tried to update and it didn't work. I check in Services and it was still stopped, so I started it again but it still didn't work. I also tried restarting it without success.
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please go to this page and download Fix Windows Update by Ramesh Kumar and save to your Desktop.
    (Click on the hard drive icon with a downward arrow).
    • Extract it to your Desktop.
    • Then, double-click on the program and click the Fix Windows Update button.
    • Reboot your computer and see if it will work now.
     
  17. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    Unfortunately it still gives me the error message. This happens whether I try to use Windows Update or the update within MSE itself. I have noted that MSE will update right after installing correctly. However, after this update, it gives me that previously mentioned error message to trying to perform new updates (including when Windows Update notifies that there are new updates available for the definitions, not just when I am checking randomly). And I know that even if there were no updates available, MSE should tell me that, instead of giving me that error message.
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Let me take a different look here, then, please...

    Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

    Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results, click Yes to the Optional_Scan
    • Please follow the instructions that pop up for posting the results. Post only the contents of both logs.
    • Close the program window, and delete the program from your Desktop.
     
  19. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    Note: It did not ask me about an optional scan, but it did provide me with 2 logs, one of which it said to zip and attach. Logs to follow.
     
  20. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
    Run by Kris at 15:15:38 on 2012-07-31
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.6243 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=1956&gct=hp
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [F.lux] "C:\Users\Kris\Local Settings\Apps\F.lux\flux.exe" /noshow
    uRun: [ShutdownGuard] "C:\Program Files\ShutdownGuard\ShutdownGuard.exe" -hide
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [RadeonPro] "C:\Program Files (x86)\RadeonPro\RadeonPro.exe"
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    StartupFolder: C:\Users\Kris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kris\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    TCP: DhcpNameServer = 192.168.200.1
    TCP: Interfaces\{84BC2B7B-D138-479C-8F06-D627D0F7334A} : DhcpNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{99E6C4C4-CED8-4FF1-B9B7-7C1D6D951E12} : DhcpNameServer = 192.168.200.1
    TCP: Interfaces\{99E6C4C4-CED8-4FF1-B9B7-7C1D6D951E12}\132364850343030363836303 : DhcpNameServer = 192.168.200.1
    TCP: Interfaces\{99E6C4C4-CED8-4FF1-B9B7-7C1D6D951E12}\14C6C656E656 : DhcpNameServer = 192.168.7.254
    TCP: Interfaces\{99E6C4C4-CED8-4FF1-B9B7-7C1D6D951E12}\341627F6C696E6160224561636860274564716771697 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{99E6C4C4-CED8-4FF1-B9B7-7C1D6D951E12}\4353439316074733 : DhcpNameServer = 192.168.200.1
    TCP: Interfaces\{99E6C4C4-CED8-4FF1-B9B7-7C1D6D951E12}\8416C656 : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{99E6C4C4-CED8-4FF1-B9B7-7C1D6D951E12}\E4F6470295F657270275962756C6563737 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO-X64: TSBHO Class - No File
    BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\l1ojg8w1.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\l1ojg8w1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-5-24 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-1-30 499200]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-8 514232]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-25 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-5-24 2413056]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-17 1153368]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-7-25 681056]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-25 2656280]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-1-30 885248]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
    R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
    R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2012-5-22 12800]
    S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-7-29 276288]
    S3 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
    S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-9 113120]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-7-25 1326176]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 tap0801;TAP-Win32 Adapter V8;C:\Windows\system32\DRIVERS\tap0801.sys --> C:\Windows\system32\DRIVERS\tap0801.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-31 00:11:04 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75394C2D-BE6B-4530-88A3-AB26989416BE}\gapaengine.dll
    2012-07-31 00:10:53 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12DB1722-2521-46C7-92C1-56C1D0045E90}\mpengine.dll
    2012-07-31 00:07:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-07-31 00:07:08 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-07-29 22:52:03 -------- d--h--w- C:\Windows\msdownld.tmp
    2012-07-29 22:42:57 -------- d-----w- C:\Program Files\ATI
    2012-07-29 22:42:55 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-07-29 20:38:24 -------- d-----w- C:\Users\Kris\temp
    2012-07-29 01:31:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-28 22:40:02 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-07-28 22:20:10 544008 ----a-w- C:\Windows\System32\npdeployJava1.dll
    2012-07-28 22:15:20 -------- d-----w- C:\Users\Kris\AppData\Local\Secunia PSI
    2012-07-28 22:14:30 -------- d-----w- C:\Program Files (x86)\Secunia
    2012-07-28 22:13:59 -------- d-----w- C:\Program Files (x86)\FileHippo.com
    2012-07-28 22:13:13 -------- d-----w- C:\Program Files\WOT
    2012-07-28 22:13:13 -------- d-----w- C:\Program Files (x86)\WOT
    2012-07-27 08:25:12 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-07-26 22:25:26 -------- d-----w- C:\Users\Kris\AppData\Roaming\KeePass
    2012-07-26 22:20:44 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe
    2012-07-26 10:16:26 328704 ----a-w- C:\Windows\System32\services.exe.5C1E33B99AF709D0
    2012-07-26 09:45:47 328704 ----a-w- C:\Windows\System32\services.exe.C64FE463A62EB169
    2012-07-26 09:35:05 328704 ----a-w- C:\Windows\System32\services.exe.87992FDC4C857C96
    2012-07-25 07:32:43 -------- d-----w- C:\Program Files (x86)\EPUB to MOBI
    2012-07-23 20:41:38 -------- d-----w- C:\Users\Kris\AppData\Local\Downloaded Installations
    2012-07-22 05:42:41 -------- d-----w- C:\Users\Kris\AppData\Roaming\six-zsync
    2012-07-22 05:42:41 -------- d-----w- C:\Users\Kris\AppData\Roaming\six-updater
    2012-07-22 05:42:35 -------- d-----w- C:\Users\Kris\AppData\Local\SIX_Projects
    2012-07-22 05:41:25 -------- d-----w- C:\Program Files (x86)\SIX Projects
    2012-07-22 04:35:53 -------- d-----w- C:\Users\Kris\AppData\Local\ArmA 2 OA
    2012-07-22 04:26:02 -------- d-----w- C:\Users\Kris\AppData\Local\ArmA 2
    2012-07-20 22:20:42 -------- d-----w- C:\Users\Kris\AppData\Local\ATI
    2012-07-20 21:23:22 -------- d-----w- C:\ProgramData\AMD
    2012-07-20 21:19:31 -------- d-----w- C:\Program Files\ATI Technologies
    2012-07-20 19:09:22 -------- d-----w- C:\Program Files\HTC
    2012-07-20 19:08:57 -------- d-----w- C:\Program Files (x86)\HTC
    2012-07-18 19:36:22 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-09 04:53:48 -------- d-----w- C:\Program Files (x86)\OpenVPN
    2012-07-06 04:13:46 -------- d-----w- C:\Program Files (x86)\CDisplay
    .
    ==================== Find3M ====================
    .
    2012-07-29 01:31:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-28 22:39:48 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-07-28 22:20:03 525576 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-07-12 00:25:38 276288 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
    2012-07-12 00:25:32 170304 ----a-w- C:\Windows\System32\igfxtray.exe
    2012-07-12 00:25:28 509248 ----a-w- C:\Windows\System32\igfxsrvc.exe
    2012-07-12 00:25:26 440640 ----a-w- C:\Windows\System32\igfxpers.exe
    2012-07-12 00:25:22 250176 ----a-w- C:\Windows\System32\igfxext.exe
    2012-07-12 00:25:20 398656 ----a-w- C:\Windows\System32\hkcmd.exe
    2012-07-12 00:25:18 5898560 ----a-w- C:\Windows\System32\GfxUI.exe
    2012-07-12 00:25:14 184640 ----a-w- C:\Windows\System32\difx64.exe
    2012-07-05 14:04:30 8262144 ----a-w- C:\Windows\System32\igdumd64.dll
    2012-07-05 14:04:24 8934976 ----a-w- C:\Windows\System32\drivers\igdpmd64.sys
    2012-07-05 14:04:24 8934976 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
    2012-07-05 14:02:32 80896 ----a-w- C:\Windows\System32\igdde64.dll
    2012-07-05 13:59:54 6703616 ----a-w- C:\Windows\SysWow64\igdumd32.dll
    2012-07-05 13:58:02 64512 ----a-w- C:\Windows\SysWow64\igdde32.dll
    2012-07-05 13:55:58 8490496 ----a-w- C:\Windows\System32\igd10umd64.dll
    2012-07-05 13:37:50 6819328 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
    2012-07-05 12:58:38 12876288 ----a-w- C:\Windows\System32\ig4icd64.dll
    2012-07-05 12:52:42 10664960 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
    2012-07-05 12:49:46 110592 ----a-w- C:\Windows\System32\hccutils.dll
    2012-07-05 12:49:40 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
    2012-07-05 12:49:40 439296 ----a-w- C:\Windows\System32\igfxdev.dll
    2012-07-05 12:49:40 172544 ----a-w- C:\Windows\System32\gfxSrvc.dll
    2012-07-05 12:49:14 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
    2012-07-05 12:49:12 9007616 ----a-w- C:\Windows\System32\igfxress.dll
    2012-07-05 12:49:12 142336 ----a-w- C:\Windows\System32\igfxdo.dll
    2012-07-05 12:48:24 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
    2012-07-05 12:47:52 327680 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
    2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-27 00:36:26 10256384 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-06-27 00:32:02 24827392 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-06-27 00:01:56 20466176 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-06-26 23:28:30 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-06-26 23:28:20 930304 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-06-26 23:26:22 1101312 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-06-26 23:22:48 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-06-26 23:22:44 532992 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-06-26 23:21:54 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-06-26 23:20:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-06-26 23:20:14 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-06-26 23:20:10 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-06-26 23:20:02 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-06-26 23:19:16 6380032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-06-26 23:17:50 70144 ----a-w- C:\Windows\System32\coinst_8.981.2.dll
    2012-06-26 23:02:04 6998016 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-06-26 22:44:06 4254208 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-06-26 22:43:36 5530112 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-06-26 22:40:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-06-26 22:40:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-06-26 22:40:24 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-06-26 22:40:22 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-06-26 22:40:10 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-06-26 22:36:16 4734976 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-06-26 22:35:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-06-26 22:33:54 6674432 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-06-26 22:22:58 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-06-26 22:22:48 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-06-26 22:22:34 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-06-26 22:22:30 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-06-26 22:22:26 41984 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-06-26 22:22:18 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-06-26 22:22:10 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-06-26 22:21:12 55296 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-06-26 22:21:04 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-06-26 22:20:56 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-06-26 22:20:48 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-06-26 22:20:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-06-26 22:18:08 56320 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-06-26 22:18:08 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-06-26 22:18:04 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-06-26 22:18:04 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-06-26 16:41:18 187392 ----a-w- C:\Windows\System32\clinfo.exe
    2012-06-26 16:41:04 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-06-26 16:40:58 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-06-26 16:40:52 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-06-26 16:40:48 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-06-26 16:40:40 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-06-26 16:39:56 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    .
    ============= FINISH: 15:16:49.08 ===============
     

    Attached Files:

  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

  22. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    Okay, so I followed the instructions and it did not fix the issue, at least not completely. I say this because I believe it is giving me a different error code now (80246008). This code led me here - http://windows.microsoft.com/en-US/windows7/Windows-Update-error-80246008

    However, when looking in my Services.msc, no Background Intelligent Transfer Service (BITS) is listed at all. That said, the Windows Event Log is listed and looks to be operating correctly.
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

  24. KrisK

    KrisK TS Rookie Topic Starter Posts: 18

    Whenever I try to run the first command (%windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\qmgr.inf), it just tells me "Installation Failed.".
     
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Fixing the update issue
    1. Create a new System Restore Point
    2. Close all programs, as this method will automatically shut down the computer.
      Click on START then click Run and copy & paste the following entry into the box and click OK
      Code:
      CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30
      • Download and install CCleaner
      • CCleaner
      • Double-click on the downloaded file "ccsetup229_slim.exe" and install the application.
      • Keep the default installation folder "C:\Program Files\CCleaner"
      • Click finish when done and close ALL PROGRAMS including your Web Browser
      • Start the CCleaner program.
      • Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
      • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
      • Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
      • Click on Run Cleaner button on the bottom right side of the program.
      • Click OK to any prompts
      • Close the program now and Restart the computer again
    3. Please open Notepad and enter in the following:
      Then, click File > Save as...
      Save as fixWinUpd.bat to your Desktop.
      Choose Save as type... All Files.
      Click Save.

      Then, exit Notepad.

      Double-click on fixWinUpd.bat. You may see some errors, but let it run. Allow it to finish, then restart your computer. Try the update again.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...