Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Slow, Adobe Reader 11 virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby vict0r » December 25th, 2011, 1:11 am

t-risk7 wrote:The computer seems to be running quicker now.

Please be more specific. Does the browsers load the pages in a normal time frame now?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm
Advertisement
Register to Remove

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 25th, 2011, 10:56 am

Sites I've repeatedly accessed go quicker, but if I am trying to access a new site, they can take 2-3 minutes to load and sometimes they time out and I have to try repeatedly or give up.

If I type a new site in the address bar it takes a long time and may not load.
I have to go to google and then search for what I want. Then I click on the site and that is usually quicker. But it can still take a minute to load.

I don't know if I turned something off or not.
Thanks for your time and patience with me.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 25th, 2011, 11:44 am

I stepped away from my computer for an hour or two and now I can't even log on to anything without it taking forever.

I am on the older and slower computer right now (because it is running faster and without problems).

I don't know if something is running on startup or what.


I am getting ready to be gone for the day and I rather hope you enjoy your Christmas instead of bothering with me. I am off the next two days and can wait until then to deal with this.

Thanks again and have a merry Christmas.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby vict0r » December 25th, 2011, 11:46 am

Ok, thanks for letting me know.

Merry Christmas.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 27th, 2011, 10:07 am

I have discovered that the internet loads fast when the internet is plugged in.
It is only when it is unplugged that it drags and freezes. It does this on the other computer also.

So I believe that is the problem. Something with connecting to the router when in wireless mode.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby vict0r » December 27th, 2011, 10:43 am

t-risk7 wrote:I have discovered that the internet loads fast when the internet is plugged in.
It is only when it is unplugged that it drags and freezes. It does this on the other computer also.

So I believe that is the problem. Something with connecting to the router when in wireless mode.


Ok. What make and model is the router?


Re-scan with OTL

Some log entries in previous scans may indicate an infected external drive (E:\). Make sure it is connected for the rest of the instructions in this post.

  • Double click on OTL.exe on your desktop to run it.
  • Under Output, ensure that Standard Output is selected.
  • Click the Scan All Users checkbox.
  • Please save all work and close all open program windows.
  • Click on Run Scan at the top left hand corner.
  • When done, this Notepad file will open.
    • OTL.txt
  • Please post the contents of this file in your next reply.


Malwarebytes' Anti-Malware:

This is a false positive detection:
c:\WINDOWS\system32\fsquirt.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.

  • Please start Malwarebytes' Anti Malware (MBAM) (already installed).
  • Click the Quarantine tab.
  • Highlight c:\WINDOWS\system32\fsquirt.exe and click restore. Confirm the restore.
  • Click the Update tab and then click the Check for Updates button to perform the update.
  • Please repeat the previous step (update) if the database was not updated (needed if the program itself was updated).
  • When the update is finished, click the Scanner tab, select Perform Quick Scan and then click the Scan button.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Remember to post:
  • Router information.
  • Please confirm that the external hard drive was connected to this computer while performing the scans.
  • OTL log.
  • MBAM log.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 27th, 2011, 4:29 pm

TrendNet TEW-651BR

External Hard Drive in F:drive
Printer in E: drive
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 27th, 2011, 4:36 pm

OTL:
OTL logfile created on: 12/27/2011 3:29:12 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tad Palmer\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.11% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 26.96 Gb Free Space | 72.37% Space Free | Partition Type: NTFS
Drive F: | 189.92 Gb Total Space | 154.98 Gb Free Space | 81.60% Space Free | Partition Type: NTFS

Computer Name: SILVER_BULLET | User Name: Tad Palmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/27 15:22:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tad Palmer\My Documents\Downloads\OTL(2).exe
PRC - [2011/12/27 09:14:00 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/07/06 11:39:58 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/06/30 12:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/15 14:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/02/09 15:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/21 10:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 10:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 10:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/02/21 10:13:26 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 04:18:34 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 04:11:24 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 04:11:14 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/02/21 10:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/10/17 15:13:20 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (CiSvc)
SRV - [2011/12/27 09:14:00 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/07/06 11:39:58 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/06/30 12:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/02/21 10:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2011/12/27 09:18:23 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80F1D130-57CA-4F6A-837C-0126EA4780F9}\MpKsl2a03e1d6.sys -- (MpKsl2a03e1d6)
DRV - [2007/02/21 10:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/08 12:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/08/03 22:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 14:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/05/26 14:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 09:47:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/11 06:57:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tad Palmer\Application Data\Mozilla\Extensions
[2011/12/24 22:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/16 13:44:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/09 09:47:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 09:47:15 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/15 18:12:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-287218729-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30F4F4BD-9581-485C-8D47-7889B282CA43}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB015A66-3C56-42D0-9DC8-ED11386EBE90}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/10 18:34:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/08 03:41:21 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 09:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/27 09:14:19 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2011/12/27 09:14:19 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/12/27 09:14:19 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/12/27 09:14:19 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/12/27 09:14:19 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/27 09:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/23 04:42:33 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/12/23 04:42:33 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/12/22 20:58:55 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/12/22 20:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/20 17:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 17:24:53 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/20 17:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/17 14:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tad Palmer\Local Settings\Application Data\Google
[2011/12/14 13:45:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/14 13:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/14 13:37:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/14 13:35:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/14 13:35:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/14 13:35:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/14 13:35:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/13 22:01:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/13 11:03:35 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/09 07:31:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/12/08 06:41:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tad Palmer\My Documents\My Videos
[2011/11/28 21:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tad Palmer\Desktop\New Folder

========== Files - Modified Within 30 Days ==========

[2011/12/27 09:42:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/27 09:23:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/27 09:18:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/27 09:14:00 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/12/27 09:14:00 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/12/27 09:14:00 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/12/27 09:14:00 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/27 09:13:59 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2011/12/27 09:13:59 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/12/22 20:51:41 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/22 20:41:33 | 000,987,676 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2011/12/20 17:24:58 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Tad Palmer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/18 19:27:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/15 18:12:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/15 07:36:03 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/15 04:34:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/14 13:37:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/13 11:03:35 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/12/25 09:48:25 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/22 20:51:41 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/22 20:51:01 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/20 17:24:58 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Tad Palmer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/14 13:37:45 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/12/14 13:37:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/14 13:35:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/14 13:35:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/14 13:35:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/14 13:35:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/14 13:35:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/08 18:00:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/16 19:20:49 | 000,126,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/11 08:10:03 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/10/11 06:50:18 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/10/11 06:50:18 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/10/11 06:50:03 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/10/11 06:46:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2011/10/11 06:46:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/10/11 06:37:20 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/10/10 19:24:29 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/10/10 18:37:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/10 18:30:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/10 14:24:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/10 14:23:16 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/20 09:14:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,439,182 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,070,192 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

< End of report >
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 27th, 2011, 4:46 pm

Restored MBAM file.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122704

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/27/2011 3:42:06 PM
mbam-log-2011-12-27 (15-42-06).txt

Scan type: Quick scan
Objects scanned: 171508
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


This should be everything. Thanks alot.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby vict0r » December 28th, 2011, 5:21 pm

A hard reset of the wireless router may solve the problem with slow loading websites. After the reset you will need to change the password for the login to the router using a strong password (some infections is known to exploit routers with unchanged or weak passwords). The wireless encryption should be set up using strong encryption and strong pass phrase. Use a pin‐shaped item to push and hold the reset button for 30 seconds to reset to factory default settings.

The E:\ drive didn't show up on the OTL log. Make sure your printer is connected and open the E:\ drive. Right click the E:\autorun.inf file (if present) and select Edit. A notepad window with the content will appear. Please post the content of this file in your next reply.


FixPolicies

Please Download FixPolicies.exe, a self-extracting ZIP archive from Here and Save it to your Desktop.
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box should briefly appear and then close. This will enable your Control Panel and stop the Administrative warnings, at least until the malware infection resets the registry policy keys again. You can run this as many times as you like. A permanent fix requires removing the infection.


Re-download & re-run Combofix

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper.

Delete your current copy of Combofix and download the latest version.

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Please download ComboFix from one of the following links, do not run the tool yet:

Link1
Link2

Disable your anti virus:

Disable Microsoft Security Essentials

  • Open MSE and go to Settings > Real Time Protection.
  • Then uncheck "Turn on real time protection".
  • Exit MSE when done.


Double click the ComboFix icon on the desktop to run the tool and click through the prompts.

Please include the ComboFix log (C:\ComboFix.txt) and C:\Qoobox\ComboFix-quarantined-files.txt in your next reply.

Please enable MSE after ComboFix is finished.


Remember to post:
  • E:\autorun.inf
  • C:\ComboFix.txt
  • C:\Qoobox\ComboFix-quarantined-files.txt
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 28th, 2011, 8:59 pm

There was no E:\autorun.inf file for the edrive. Will work on the rest.
Would it make a difference if the printer and external harddrive were in different usb ports?
Would the printer then be F: drive and external hard drive E: drive?
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 28th, 2011, 9:34 pm

Combo fix log:
ComboFix 11-12-28.03 - Tad Palmer 12/28/2011 20:21:35.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1570 [GMT -5:00]
Running from: c:\documents and settings\Tad Palmer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-29 01:12 . 2007-02-16 02:20 139776 ----a-w- c:\program files\Mozilla Firefox\Desktop\FixPolicies\swreg.exe
2011-12-28 21:06 . 2011-12-28 21:06 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC8B2AD-4956-48B0-A93F-B4896B3F93D6}\MpKslcdfa53d0.sys
2011-12-28 21:05 . 2011-12-28 21:05 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC8B2AD-4956-48B0-A93F-B4896B3F93D6}\offreg.dll
2011-12-28 21:05 . 2011-11-21 07:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC8B2AD-4956-48B0-A93F-B4896B3F93D6}\mpengine.dll
2011-12-27 20:37 . 2011-12-27 20:37 193024 -c--a-w- c:\windows\system32\dllcache\fsquirt.exe
2011-12-27 20:37 . 2011-12-27 20:37 193024 ----a-w- c:\windows\system32\fsquirt.exe
2011-12-27 14:14 . 2011-12-27 14:14 -------- d-----w- c:\program files\Common Files\Java
2011-12-27 14:14 . 2011-12-27 14:14 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-27 14:14 . 2011-12-27 14:13 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-27 14:13 . 2011-12-27 14:13 -------- d-----w- c:\program files\Java
2011-12-25 02:46 . 2011-11-21 07:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-23 09:42 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-12-23 09:42 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-12-23 01:58 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-23 01:50 . 2011-12-23 01:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-20 22:24 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-20 22:24 . 2011-12-20 22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-17 19:40 . 2011-12-23 19:51 -------- d-----w- c:\documents and settings\Tad Palmer\Local Settings\Application Data\Google
2011-12-14 19:02 . 2011-12-14 19:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-13 16:03 . 2011-12-13 16:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 14:13 . 2011-10-11 00:34 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-23 13:25 . 2008-04-14 05:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2008-04-14 09:42 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 09:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2008-04-14 04:07 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 09:42 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 09:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2008-04-14 04:57 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 04:01 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2008-04-14 09:41 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-11 00:41 . 2011-10-11 00:41 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-10-10 14:22 . 2011-10-10 23:31 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-09 14:47 . 2011-10-11 00:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-10 . 6460FBE53566E18B9B07EDCAD804FBE5 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-12-14_18.42.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 03:51 . 2011-04-19 03:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 01:17 . 2011-05-14 01:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 06:06 . 2011-05-14 06:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 06:23 . 2011-05-14 06:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 23:37 . 2011-05-13 23:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2011-12-27 21:00 . 2011-12-27 21:00 16384 c:\windows\temp\Perflib_Perfdata_568.dat
+ 2008-04-14 09:42 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
- 2008-04-14 09:42 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 08:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
- 2008-04-14 09:41 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 09:41 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
+ 2011-10-11 01:02 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
- 2011-10-11 01:02 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 09:42 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-14 09:42 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-10-11 01:02 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2011-10-11 01:02 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-14 09:41 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 09:41 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 09:41 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-14 09:41 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 09:41 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2008-04-14 09:41 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-10-10 23:33 . 2011-12-17 00:22 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2011-10-10 23:33 . 2011-10-10 23:33 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2011-12-15 09:34 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2011-12-15 09:34 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2011-12-15 09:34 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2011-12-15 09:34 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2011-12-15 09:34 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2011-10-10 23:33 . 2011-12-17 00:22 2850 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2011-04-19 03:51 . 2011-04-19 03:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2011-05-14 06:17 . 2011-05-14 06:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 06:12 . 2011-05-14 06:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 06:11 . 2011-05-14 06:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
- 2008-04-14 09:42 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
+ 2008-04-14 09:42 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
+ 2008-04-14 09:42 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
- 2008-04-14 09:42 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
+ 2008-04-14 09:42 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
- 2008-04-14 09:42 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 08:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
+ 2011-12-27 14:14 . 2011-12-27 14:14 223112 c:\windows\system32\javaws.exe
+ 2011-12-27 14:14 . 2011-12-27 14:14 173960 c:\windows\system32\javaw.exe
+ 2011-12-27 14:14 . 2011-12-27 14:14 173960 c:\windows\system32\java.exe
+ 2008-04-14 09:41 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 09:41 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 09:41 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 09:41 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 09:42 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
- 2008-04-14 09:42 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
+ 2011-10-10 19:23 . 2011-12-15 12:36 135664 c:\windows\system32\FNTCACHE.DAT
- 2011-10-10 19:23 . 2011-10-13 09:10 135664 c:\windows\system32\FNTCACHE.DAT
+ 2011-04-18 18:18 . 2011-04-18 18:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2008-04-14 09:42 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 09:42 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
+ 2008-04-14 09:42 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
- 2008-04-14 09:42 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 09:42 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 09:42 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 09:42 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
+ 2011-10-11 01:02 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2011-10-11 01:02 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-10-11 01:02 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2011-10-11 01:02 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2008-04-14 09:41 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 09:41 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-10-11 01:02 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2011-10-11 01:02 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2008-04-14 09:41 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 09:41 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 09:42 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 09:42 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 09:41 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-04-14 09:41 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
+ 2011-12-27 14:14 . 2011-12-27 14:14 176128 c:\windows\Installer\df630.msi
+ 2011-12-27 14:13 . 2011-12-27 14:13 938496 c:\windows\Installer\df62b.msi
+ 2011-12-23 01:51 . 2011-12-23 01:51 785920 c:\windows\Installer\840ad.msi
+ 2011-12-23 01:51 . 2011-12-23 01:51 483840 c:\windows\Installer\840a7.msi
+ 2011-12-23 01:50 . 2011-12-23 01:50 301056 c:\windows\Installer\840a2.msi
+ 2011-12-23 10:11 . 2011-12-23 10:11 223744 c:\windows\Installer\1d1c145.msi
+ 2011-12-23 10:11 . 2011-12-23 10:11 467456 c:\windows\Installer\1d1c13f.msi
+ 2011-12-15 09:34 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2011-12-15 09:34 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2011-12-15 09:34 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2011-12-15 09:34 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2011-12-15 09:34 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2011-12-15 09:34 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2011-12-15 09:34 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2011-12-15 09:34 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2011-12-15 09:34 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2011-12-15 09:34 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2011-12-15 09:34 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2011-12-15 09:34 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2011-12-23 19:46 . 2011-12-23 19:46 262144 c:\windows\ERDNT\12-23-2011\Users\00000002\UsrClass.dat
+ 2011-12-23 19:46 . 2005-10-20 16:02 163328 c:\windows\ERDNT\12-23-2011\ERDNT.EXE
+ 2011-04-19 03:51 . 2011-04-19 03:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
- 2008-04-14 09:42 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
+ 2008-04-14 09:42 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2008-04-14 09:42 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
- 2009-03-08 08:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
+ 2009-03-08 08:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2008-04-14 05:00 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
- 2008-04-14 09:42 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 09:42 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 09:42 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
- 2011-10-11 00:27 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2011-10-11 00:27 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2011-10-11 00:27 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2011-10-11 00:27 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2011-10-11 00:27 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2011-10-11 00:27 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2011-10-11 00:27 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2011-10-11 00:27 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-04-14 09:42 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
- 2011-10-11 01:02 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-10-11 01:02 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-10-11 12:19 . 2011-12-14 19:02 9049600 c:\windows\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\{D2B942CC-0565-43C6-82F9-DE26EA4928E6}\HIPS2.msi
- 2011-10-11 12:19 . 2011-10-11 12:19 9049600 c:\windows\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\{D2B942CC-0565-43C6-82F9-DE26EA4928E6}\HIPS2.msi
+ 2011-12-15 09:34 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2011-12-15 09:34 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2011-12-15 09:34 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2011-12-23 19:46 . 2011-12-23 19:46 2924544 c:\windows\ERDNT\12-23-2011\Users\00000001\NTUSER.DAT
+ 2011-10-11 00:27 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2011-10-11 00:27 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-10-11 00:27 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2011-10-11 00:27 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2011-10-11 00:27 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2011-10-11 00:27 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2011-10-11 00:27 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2011-10-11 00:27 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-10-11 00:54 . 2011-12-14 19:28 52988224 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
- 2009-03-08 08:39 . 2011-08-23 21:48 11081728 c:\windows\system32\ieframe.dll
- 2011-10-11 01:02 . 2011-08-23 21:48 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-10-11 01:02 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-15 09:34 . 2011-08-23 21:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 MpKslcdfa53d0;MpKslcdfa53d0;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC8B2AD-4956-48B0-A93F-B4896B3F93D6}\MpKslcdfa53d0.sys [12/28/2011 4:06 PM 29904]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 12:25 PM 1248256]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [10/11/2011 6:46 AM 245760]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLCDFA53D0
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{30F4F4BD-9581-485C-8D47-7889B282CA43}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Tad Palmer\Application Data\Mozilla\Firefox\Profiles\d4m1k4fi.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-28 20:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1268)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-28 20:28:36
ComboFix-quarantined-files.txt 2011-12-29 01:28
ComboFix2.txt 2011-12-14 18:43
.
Pre-Run: 28,822,020,096 bytes free
Post-Run: 28,850,528,256 bytes free
.
- - End Of File - - F29460D3A4BC97B071BC7780F19CC167


Here is Qoobox quarantined files or at least all I could find. Had to go to run C:\Qoobox\ComboFix-quarantined-files.txt to find it.

2011-12-14 18:43:15 . 2011-12-14 18:43:15 260 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-PFW.reg.dat
2011-12-14 18:40:47 . 2011-12-29 01:24:04 7,491 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-14 18:35:42 . 2011-12-29 01:20:18 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 28th, 2011, 9:40 pm

I forgot my routers password. Either that or my username.
I did reset it though.

My brother told me I should just buy a better router. I only paid $20 bucks for this one.
He said a Linksys/Cisco would be better.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 28th, 2011, 9:48 pm

I opened run and typed in E:\autorun.inf and got nothing.

Did one for F:\autorun.inf and got an old flash disinfector log I could not open, nor did I know what program created it.

Hope this helps.
Thanks for your time.

I may be missing something in finding E: drive stuff.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: Computer Slow, Adobe Reader 11 virus?

Unread postby t-risk7 » December 28th, 2011, 9:50 pm

I deleted combofix, should I delete the Qoobox folder on my C: drive also?
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware