Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware "Windows Home Protector"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware "Windows Home Protector"

Unread postby reallyfreespirit » August 2nd, 2012, 4:35 pm

Will do, although we're on the road for about a week, so will not be able to "exercise" the computer significantly. I will continue to back up files. I'll watch for that message I noted in my last post. I'll post something before I "time out" in 3 days.
reallyfreespirit
Regular Member
 
Posts: 29
Joined: July 21st, 2012, 5:14 pm
Advertisement
Register to Remove

Re: Malware "Windows Home Protector"

Unread postby reallyfreespirit » August 4th, 2012, 4:44 pm

Booted up this morning on a relative's wireless connection.
Encountered a message that McAfee blocked "Host processes for Windows Services".
No option to allow this, and don't know the implications of this, nor whether it may cause problems.
Thoughts?
reallyfreespirit
Regular Member
 
Posts: 29
Joined: July 21st, 2012, 5:14 pm

Re: Malware "Windows Home Protector"

Unread postby diver79 » August 6th, 2012, 1:15 pm

Hi reallyfreespirit,

Farbar Service Scanner
Please download Farbar Service Scanner save the file to your Desktop.
  • Double click on FSS.exe to start the program.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Malware "Windows Home Protector"

Unread postby reallyfreespirit » August 6th, 2012, 3:57 pm

Also received two other messages yesterday at bootup, titled in a window, as follows.
1. Microsoft Visual C++ Runtime Library
The application has requested the runtime to terminate in an unusual way.
Contact the application's support team for more information.
I closed this window.
2. Microsoft Windows
HP Cue Status Root has stopped working. A problem caused the program to stop working correctly.
Windows will close the program and notify you if a solution is available.
I closed this window.

FSS Scan log (FSS.txt)
Farbar Service Scanner Version: 06-08-2012
Ran by Bob (administrator) on 06-08-2012 at 15:46:59
Running from "C:\Users\Bob\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-12-13 22:01] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 11:49] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 09:13] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-13 20:03] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-12-13 22:02] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-12-13 22:01] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-12-13 22:02] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-12-13 22:01] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-12-13 22:02] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-12-13 22:02] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-12-13 22:02] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 23:40] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-12-13 22:02] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****
reallyfreespirit
Regular Member
 
Posts: 29
Joined: July 21st, 2012, 5:14 pm

Re: Malware "Windows Home Protector"

Unread postby diver79 » August 7th, 2012, 3:38 pm

Hi reallyfreespirit,

Those error messages do not appear to be related to malware or to any of the fixes I have given. Are they happening every time you boot or just intermittently?

I can take a closer look at these errors later, for now I am concerned with the message McAfee gave regarding Host processes for Windows. I would like to get a scan with FRST to investigate this. You will need a USB flashdrive for this.

Farbar Recovery Scanner Tool
  • Plug a USB flashdrive drive into the infected machine.
  • Download FRST64 and save it to the USB flash drive.


Boot your computer into Recovery Environment
  • Make sure the flashdrive is still plugged into the computer and that FRST64.exe is present.
  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image

Find the Flashdrive's Drive letter.
  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.

Run FRST.exe
  • Back in the command window ....
  • Type e:/frst64.exe and hit Enter (where e: is the drive letter of your USB drive)
  • FRST will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Post me the FRST.txt log please.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Malware "Windows Home Protector"

Unread postby reallyfreespirit » August 7th, 2012, 9:40 pm

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012
Ran by SYSTEM at 07-08-2012 21:31:26
Running from D:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [309760 2009-04-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2008-12-17] (Creative Technology Ltd.)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-30] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [dlcxmon.exe] "C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [292336 2007-01-12] ()
HKLM\...\Run: [MemoryCardManager] "C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe" [304008 2006-11-03] ()
HKLM\...\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCXtime.dll,RunDLLEntry [31744 2006-10-15] ()
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [237693 2008-12-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [405639 2009-01-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKU\Bob\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Bob\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Bob\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Bob\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 66.189.0.100 24.159.64.23 24.247.24.53
AppInit_DLLs: acaptuser64.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dell Remote Access.lnk
ShortcutTarget: Dell Remote Access.lnk -> C:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe (Acresso Software Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23\Remind.exe (Broderbund Properties LLC)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 AbsoluteNotifier; "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe" [10408 2010-10-08] (Microsoft)
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 dlcx_device; C:\Windows\system32\dlcxcoms.exe -service [561152 2006-10-11] ( )
2 dlcx_device; C:\Windows\SysWow64\dlcxcoms.exe -service [532480 2006-10-11] ( )
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199304 2012-05-25] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210616 2012-05-25] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162224 2012-05-25] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe [144672 2008-07-30] (Nuance Communications, Inc.)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74384 2008-03-24] (MicroVision Development, Inc.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 mfeavfk01; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-06 11:46 - 2012-08-06 11:47 - 00003498 ____A C:\Users\Bob\Downloads\FSS.txt
2012-08-06 11:43 - 2012-08-06 11:43 - 00693235 ____A (Farbar) C:\Users\Bob\Downloads\FSS.exe
2012-08-02 12:05 - 2009-08-19 20:50 - 00024416 ___RA (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll
2012-08-02 11:37 - 2012-08-02 11:37 - 00015576 ____A C:\Users\Bob\Desktop\OTL-Delete.txt
2012-08-02 03:45 - 2012-08-02 03:45 - 00548736 ____A C:\Users\Bob\Downloads\Scores_Posted_By_Date_July_1-31_2012.xls
2012-08-01 03:23 - 2012-08-01 03:23 - 00139136 ____A C:\Users\Bob\Downloads\Golfer_Handicap_By_Tees_8-1-2012.xls
2012-08-01 03:22 - 2012-08-01 03:22 - 00548736 ____A C:\Users\Bob\Downloads\Scores_Posted_By_Date_July_1-31_2012x.xls
2012-07-31 19:32 - 2012-07-31 19:39 - 00046592 ____A C:\Users\Bob\Downloads\Golfer_Default_Tee_8-1-2012.xls
2012-07-31 19:01 - 2012-07-31 19:01 - 00148100 ____A C:\Users\Bob\Desktop\OTL.Txt-2.txt
2012-07-30 19:14 - 2012-07-30 19:21 - 00001299 ____A C:\Users\Bob\Desktop\checkhd.txt
2012-07-28 09:02 - 2012-07-28 09:02 - 00000000 ____D C:\Users\Bob\Desktop\2012 Videos-3
2012-07-28 09:01 - 2012-07-28 09:01 - 00000000 ____D C:\Users\Bob\Desktop\2012 Videos-2
2012-07-28 09:01 - 2012-07-28 09:01 - 00000000 ____D C:\Users\Bob\Desktop\2011 Videos-3
2012-07-28 08:58 - 2012-07-28 08:58 - 00000000 ____D C:\Users\Bob\Desktop\2011 Videos-2
2012-07-27 19:12 - 2012-07-27 19:12 - 00019594 ____A C:\Users\Bob\Desktop\07272012_224851.log
2012-07-27 18:48 - 2012-07-27 18:48 - 00000000 ____D C:\_OTL
2012-07-26 15:08 - 2012-07-26 15:08 - 00082362 ____A C:\Users\Bob\Desktop\Extras.Txt
2012-07-26 15:06 - 2012-07-31 18:45 - 00148100 ____A C:\Users\Bob\Desktop\OTL.Txt
2012-07-26 14:44 - 2012-07-26 14:44 - 00597504 ____A (OldTimer Tools) C:\Users\Bob\Desktop\OTL.exe
2012-07-26 12:45 - 2012-07-26 12:45 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller.exe
2012-07-26 08:15 - 2012-07-26 08:15 - 00001933 ____A C:\Users\Bob\Downloads\aswMBR.txt
2012-07-26 08:14 - 2012-07-26 08:14 - 00000512 ____A C:\Users\Bob\Downloads\MBR.dat
2012-07-26 06:59 - 2012-07-26 07:00 - 04731392 ____A (AVAST Software) C:\Users\Bob\Downloads\aswMBR.exe
2012-07-26 06:36 - 2012-07-26 06:36 - 00003188 ____A C:\Users\Bob\Downloads\ckfiles.txt
2012-07-26 06:29 - 2012-07-26 06:29 - 00458240 ____A () C:\Users\Bob\Downloads\CKScanner.exe
2012-07-24 10:58 - 2012-07-24 10:58 - 00000237 ____A C:\Users\Bob\Desktop\MalWare Removal • User Control Panel • Login.url
2012-07-24 09:08 - 2012-07-24 09:08 - 00001861 ____A C:\Users\Public\Desktop\Belarc Advisor.lnk
2012-07-24 09:08 - 2012-07-24 09:08 - 00001861 ____A C:\Users\All Users\Desktop\Belarc Advisor.lnk
2012-07-24 09:08 - 2012-07-24 09:08 - 00000000 ____D C:\Program Files (x86)\Belarc
2012-07-24 09:06 - 2012-07-24 09:06 - 03243624 ____A C:\Users\Bob\Downloads\advisorinstaller.exe
2012-07-24 06:47 - 2012-07-24 06:47 - 00000000 ____D C:\Users\Bob\Desktop\Memories
2012-07-22 13:17 - 2012-07-22 13:18 - 00000000 ____D C:\Users\Bob\Local Settings\MigWiz
2012-07-22 13:17 - 2012-07-22 13:18 - 00000000 ____D C:\Users\Bob\Local Settings\Application Data\MigWiz
2012-07-22 13:17 - 2012-07-22 13:18 - 00000000 ____D C:\Users\Bob\AppData\Local\MigWiz
2012-07-21 13:47 - 2012-07-21 13:47 - 00019503 ____A C:\Users\Bob\Downloads\Attach - Notepad.txt
2012-07-21 13:46 - 2012-07-21 13:46 - 00030067 ____A C:\Users\Bob\Downloads\DDS - Notepad.txt
2012-07-21 13:38 - 2012-07-21 13:38 - 00606738 ___RA (Swearware) C:\Users\Bob\Desktop\dds.scr
2012-07-21 13:01 - 2012-07-21 13:03 - 00022799 ____A C:\Users\Bob\Downloads\Hijackthis - Notepad.log
2012-07-21 12:57 - 2012-07-21 12:57 - 00388608 ____A (Trend Micro Inc.) C:\Users\Bob\Downloads\HijackThis.exe
2012-07-21 11:57 - 2012-07-21 11:57 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-21 11:57 - 2012-07-21 11:57 - 00000910 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-21 11:57 - 2012-07-21 11:57 - 00000000 ____D C:\Users\Bob\Application Data\Malwarebytes
2012-07-21 11:57 - 2012-07-21 11:57 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Malwarebytes
2012-07-21 11:57 - 2012-07-21 11:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-21 11:57 - 2012-07-21 11:57 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-07-21 11:57 - 2012-07-21 11:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-21 11:57 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-21 11:51 - 2012-07-21 11:51 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Bob\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-21 11:27 - 2012-07-21 11:27 - 00000840 ____A C:\Users\Bob\Desktop\stinger - Shortcut.lnk
2012-07-21 11:26 - 2012-07-24 08:26 - 00000039 __RAH C:\Users\Bob\Downloads\stinger.opt
2012-07-21 11:26 - 2012-07-21 11:28 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-07-21 11:25 - 2012-07-24 08:26 - 00000000 ____D C:\Program Files (x86)\stinger
2012-07-21 11:21 - 2012-07-21 11:24 - 09670760 ____A (McAfee Inc.) C:\Users\Bob\Downloads\stinger.exe
2012-07-21 10:03 - 2012-05-31 08:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-07-21 08:19 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-21 08:19 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-21 08:19 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-21 08:19 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-21 08:19 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-21 08:19 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-21 08:19 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-21 08:19 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-21 08:19 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-21 08:19 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-21 08:19 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-21 08:19 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-21 08:19 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-21 08:19 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-21 08:18 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-21 08:18 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-21 08:18 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-21 08:18 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-21 08:18 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-21 08:18 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-21 08:18 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-21 08:18 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-21 08:18 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-21 08:18 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-21 08:18 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-21 08:18 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-21 08:18 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-21 08:18 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-21 08:18 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-21 08:16 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-21 08:16 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-21 08:16 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-21 08:16 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-21 08:16 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-21 08:16 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-21 08:16 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-21 08:16 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-21 08:16 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-21 08:16 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-21 08:15 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-21 08:15 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-19 10:58 - 2012-07-19 10:59 - 00004357 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b05.log
2012-07-18 14:32 - 2012-07-18 14:32 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-07-18 13:40 - 2012-07-18 13:40 - 00000669 ____A C:\Users\Bob\Application Data\result.db
2012-07-18 13:40 - 2012-07-18 13:40 - 00000669 ____A C:\Users\Bob\AppData\Roaming\result.db
2012-07-15 05:09 - 2012-07-15 05:09 - 00130944 ____A C:\Users\Bob\Downloads\Golfer_Handicap_By_Tees_7-15-2012.xls
2012-07-15 05:08 - 2012-07-15 05:08 - 00065408 ____A C:\Users\Bob\Downloads\Golfer_Default_Tee_7-15-2012.xls
2012-07-13 19:10 - 2012-07-13 19:10 - 00000000 ____D C:\Users\Bob\Application Data\Bridge Baron 21
2012-07-13 19:10 - 2012-07-13 19:10 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Bridge Baron 21
2012-07-13 19:10 - 2012-07-13 19:10 - 00000000 ____D C:\Program Files (x86)\Great Game Products


============ 3 Months Modified Files ========================

2012-08-07 17:23 - 2009-09-30 20:25 - 01993625 ____A C:\Windows\WindowsUpdate.log
2012-08-07 17:23 - 2006-11-02 07:42 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-07 17:23 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-07 17:23 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-07 17:23 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-07 17:17 - 2006-11-02 04:46 - 00717426 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-07 11:14 - 2010-04-27 11:15 - 00002611 ____A C:\Users\Bob\Desktop\Word 2007.lnk
2012-08-07 11:06 - 2010-04-27 11:16 - 00002567 ____A C:\Users\Bob\Desktop\Access 2007.lnk
2012-08-07 11:06 - 2010-04-27 11:15 - 00002579 ____A C:\Users\Bob\Desktop\PowerPoint 2007.lnk
2012-08-07 11:06 - 2010-04-27 11:15 - 00002569 ____A C:\Users\Bob\Desktop\Excel 2007.lnk
2012-08-07 10:43 - 2012-06-24 10:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-07 09:52 - 2008-01-20 19:26 - 00501040 ____A C:\Windows\PFRO.log
2012-08-06 11:47 - 2012-08-06 11:46 - 00003498 ____A C:\Users\Bob\Downloads\FSS.txt
2012-08-06 11:43 - 2012-08-06 11:43 - 00693235 ____A (Farbar) C:\Users\Bob\Downloads\FSS.exe
2012-08-03 15:59 - 2009-12-28 14:44 - 00031232 ____A C:\Users\Bob\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-03 15:59 - 2009-12-28 14:44 - 00031232 ____A C:\Users\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-03 15:59 - 2009-12-28 14:44 - 00031232 ____A C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-03 15:43 - 2012-05-10 07:37 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 15:43 - 2011-05-20 03:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-02 12:05 - 2009-11-05 16:21 - 00001932 ____A C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
2012-08-02 12:05 - 2009-11-05 16:21 - 00001932 ____A C:\Users\All Users\Desktop\Adobe Acrobat 9 Pro Extended.lnk
2012-08-02 11:37 - 2012-08-02 11:37 - 00015576 ____A C:\Users\Bob\Desktop\OTL-Delete.txt
2012-08-02 03:45 - 2012-08-02 03:45 - 00548736 ____A C:\Users\Bob\Downloads\Scores_Posted_By_Date_July_1-31_2012.xls
2012-08-01 03:23 - 2012-08-01 03:23 - 00139136 ____A C:\Users\Bob\Downloads\Golfer_Handicap_By_Tees_8-1-2012.xls
2012-08-01 03:22 - 2012-08-01 03:22 - 00548736 ____A C:\Users\Bob\Downloads\Scores_Posted_By_Date_July_1-31_2012x.xls
2012-07-31 19:39 - 2012-07-31 19:32 - 00046592 ____A C:\Users\Bob\Downloads\Golfer_Default_Tee_8-1-2012.xls
2012-07-31 19:01 - 2012-07-31 19:01 - 00148100 ____A C:\Users\Bob\Desktop\OTL.Txt-2.txt
2012-07-31 18:45 - 2012-07-26 15:06 - 00148100 ____A C:\Users\Bob\Desktop\OTL.Txt
2012-07-30 19:21 - 2012-07-30 19:14 - 00001299 ____A C:\Users\Bob\Desktop\checkhd.txt
2012-07-27 19:12 - 2012-07-27 19:12 - 00019594 ____A C:\Users\Bob\Desktop\07272012_224851.log
2012-07-26 15:08 - 2012-07-26 15:08 - 00082362 ____A C:\Users\Bob\Desktop\Extras.Txt
2012-07-26 14:44 - 2012-07-26 14:44 - 00597504 ____A (OldTimer Tools) C:\Users\Bob\Desktop\OTL.exe
2012-07-26 12:45 - 2012-07-26 12:45 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Bob\Downloads\tdsskiller.exe
2012-07-26 08:15 - 2012-07-26 08:15 - 00001933 ____A C:\Users\Bob\Downloads\aswMBR.txt
2012-07-26 08:14 - 2012-07-26 08:14 - 00000512 ____A C:\Users\Bob\Downloads\MBR.dat
2012-07-26 07:00 - 2012-07-26 06:59 - 04731392 ____A (AVAST Software) C:\Users\Bob\Downloads\aswMBR.exe
2012-07-26 06:36 - 2012-07-26 06:36 - 00003188 ____A C:\Users\Bob\Downloads\ckfiles.txt
2012-07-26 06:29 - 2012-07-26 06:29 - 00458240 ____A () C:\Users\Bob\Downloads\CKScanner.exe
2012-07-24 10:58 - 2012-07-24 10:58 - 00000237 ____A C:\Users\Bob\Desktop\MalWare Removal • User Control Panel • Login.url
2012-07-24 09:08 - 2012-07-24 09:08 - 00001861 ____A C:\Users\Public\Desktop\Belarc Advisor.lnk
2012-07-24 09:08 - 2012-07-24 09:08 - 00001861 ____A C:\Users\All Users\Desktop\Belarc Advisor.lnk
2012-07-24 09:06 - 2012-07-24 09:06 - 03243624 ____A C:\Users\Bob\Downloads\advisorinstaller.exe
2012-07-24 08:26 - 2012-07-21 11:26 - 00000039 __RAH C:\Users\Bob\Downloads\stinger.opt
2012-07-21 13:47 - 2012-07-21 13:47 - 00019503 ____A C:\Users\Bob\Downloads\Attach - Notepad.txt
2012-07-21 13:46 - 2012-07-21 13:46 - 00030067 ____A C:\Users\Bob\Downloads\DDS - Notepad.txt
2012-07-21 13:38 - 2012-07-21 13:38 - 00606738 ___RA (Swearware) C:\Users\Bob\Desktop\dds.scr
2012-07-21 13:03 - 2012-07-21 13:01 - 00022799 ____A C:\Users\Bob\Downloads\Hijackthis - Notepad.log
2012-07-21 12:57 - 2012-07-21 12:57 - 00388608 ____A (Trend Micro Inc.) C:\Users\Bob\Downloads\HijackThis.exe
2012-07-21 11:57 - 2012-07-21 11:57 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-21 11:57 - 2012-07-21 11:57 - 00000910 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-21 11:51 - 2012-07-21 11:51 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Bob\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-21 11:28 - 2012-07-21 11:26 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-07-21 11:27 - 2012-07-21 11:27 - 00000840 ____A C:\Users\Bob\Desktop\stinger - Shortcut.lnk
2012-07-21 11:24 - 2012-07-21 11:21 - 09670760 ____A (McAfee Inc.) C:\Users\Bob\Downloads\stinger.exe
2012-07-21 11:10 - 2010-08-22 09:34 - 00007052 ____A C:\Users\Bob\Local Settings\d3d9caps.dat
2012-07-21 11:10 - 2010-08-22 09:34 - 00007052 ____A C:\Users\Bob\Local Settings\Application Data\d3d9caps.dat
2012-07-21 11:10 - 2010-08-22 09:34 - 00007052 ____A C:\Users\Bob\AppData\Local\d3d9caps.dat
2012-07-21 08:42 - 2006-11-02 07:21 - 01211856 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-21 08:28 - 2006-11-02 04:34 - 00000254 ____A C:\Windows\win.ini
2012-07-21 08:21 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-21 07:41 - 2006-11-02 04:33 - 88342528 ____A C:\Windows\System32\config\software_previous
2012-07-21 07:41 - 2006-11-02 04:33 - 55836672 ____A C:\Windows\System32\config\components_previous
2012-07-21 07:41 - 2006-11-02 04:33 - 24903680 ____A C:\Windows\System32\config\system_previous
2012-07-21 07:41 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-07-21 07:41 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-07-21 07:41 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-07-19 10:59 - 2012-07-19 10:58 - 00004357 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b05.log
2012-07-18 13:40 - 2012-07-18 13:40 - 00000669 ____A C:\Users\Bob\Application Data\result.db
2012-07-18 13:40 - 2012-07-18 13:40 - 00000669 ____A C:\Users\Bob\AppData\Roaming\result.db
2012-07-15 05:09 - 2012-07-15 05:09 - 00130944 ____A C:\Users\Bob\Downloads\Golfer_Handicap_By_Tees_7-15-2012.xls
2012-07-15 05:08 - 2012-07-15 05:08 - 00065408 ____A C:\Users\Bob\Downloads\Golfer_Default_Tee_7-15-2012.xls
2012-07-07 11:58 - 2011-09-10 19:00 - 00000020 ____H C:\Users\All Users\PKP_DLev.DAT
2012-07-07 11:58 - 2011-09-10 19:00 - 00000020 ____H C:\Users\All Users\Application Data\PKP_DLev.DAT
2012-07-07 11:49 - 2011-09-10 19:00 - 00000020 ____H C:\Users\All Users\PKP_DLet.DAT
2012-07-07 11:49 - 2011-09-10 19:00 - 00000020 ____H C:\Users\All Users\Application Data\PKP_DLet.DAT
2012-07-03 14:37 - 2012-07-03 13:33 - 00925184 ____A C:\Users\Bob\Downloads\Scores_Posted_By_Date_June_1-30_2012.xls
2012-07-03 09:46 - 2012-07-21 11:57 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 09:01 - 2012-07-03 08:14 - 00095232 ____A C:\Users\Bob\Downloads\Golfer_Handicap_By_Tees_7-1-2012.xls
2012-07-03 08:40 - 2012-07-03 08:40 - 00019303 ____A C:\Users\Bob\Downloads\Golfer_Default_Tee_7-1-2012.xlsx
2012-07-03 08:15 - 2012-07-03 08:15 - 00057216 ____A C:\Users\Bob\Downloads\Golfer_Default_Tee_7-1-2012.xls
2012-06-23 04:14 - 2012-06-23 04:14 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-23 04:14 - 2012-06-23 04:14 - 00001890 ____A C:\Users\All Users\Desktop\Skype.lnk
2012-06-18 03:34 - 2012-06-18 03:34 - 00130944 ____A C:\Users\Bob\Downloads\Golfer_Handicap_By_Tees_6-15-2012.xls
2012-06-18 03:33 - 2012-06-18 03:33 - 00057216 ____A C:\Users\Bob\Downloads\Golfer_Default_Tee_6-15-2012.xls
2012-06-13 05:58 - 2012-07-21 08:18 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 15:40 - 2012-06-12 15:40 - 00001656 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-12 15:40 - 2012-06-12 15:40 - 00001656 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-06-08 09:59 - 2012-07-21 08:15 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 09:47 - 2012-07-21 08:15 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 08:47 - 2012-07-21 08:16 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 08:47 - 2012-07-21 08:16 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 08:22 - 2012-07-21 08:16 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 08:22 - 2012-07-21 08:16 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 19:17 - 2012-06-04 19:13 - 00042748 ____A C:\Users\Bob\Downloads\Golfer_Handicap_By_Tees_6-1-2012.xlsx
2012-06-04 19:12 - 2012-06-04 18:34 - 00899072 ____A C:\Users\Bob\Downloads\Scores_Posted_By_Date_May_1-31_2012.xls
2012-06-04 19:08 - 2012-06-04 18:35 - 00044032 ____A C:\Users\Bob\Downloads\Golfer_Default_Tee_6-1-2012.xls
2012-06-04 18:33 - 2012-06-04 18:33 - 00130944 ____A C:\Users\Bob\Downloads\Golfer_Handicap_By_Tees_6-1-2012.xls
2012-06-04 07:29 - 2012-07-21 08:16 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-04 04:39 - 2012-05-23 19:45 - 00001448 ____A C:\Users\Bob\Sti_Trace.log
2012-06-02 14:19 - 2012-06-21 06:10 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 06:10 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 06:10 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 06:09 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 06:09 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-21 06:09 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 06:09 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-21 06:10 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 06:09 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 06:09 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 11:19 - 2012-06-21 06:09 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:19 - 2012-06-21 06:09 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 06:09 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 11:12 - 2012-06-21 06:09 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-02 04:49 - 2012-07-21 08:18 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-21 08:18 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-21 08:18 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-21 08:19 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:05 - 2012-07-21 08:18 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:04 - 2012-07-21 08:19 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:04 - 2012-07-21 08:18 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:03 - 2012-07-21 08:18 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-21 08:19 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-21 08:18 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-21 08:19 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-21 08:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-21 08:19 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-21 08:19 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-21 08:18 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-21 08:18 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-21 08:18 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-21 08:19 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-21 08:18 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-21 08:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-21 08:19 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-21 08:18 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-21 08:19 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-21 08:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-21 08:18 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-21 08:19 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-21 08:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-21 08:19 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 16:22 - 2012-07-21 08:16 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:22 - 2012-07-21 08:16 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 16:05 - 2012-07-21 08:16 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 16:04 - 2012-07-21 08:16 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 16:03 - 2012-07-21 08:16 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 10:24 - 2012-06-01 10:24 - 00000877 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-06-01 10:24 - 2012-06-01 10:24 - 00000877 ____A C:\Users\All Users\Desktop\RealPlayer.lnk
2012-06-01 10:23 - 2011-12-04 13:53 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-06-01 10:22 - 2011-12-04 13:52 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-06-01 10:22 - 2011-12-04 13:52 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-06-01 10:22 - 2011-12-04 13:52 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-05-31 08:25 - 2012-07-21 10:03 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-23 16:18 - 2012-05-23 16:12 - 00028910 ____A C:\Windows\System32\LexFiles.ulf
2012-05-23 16:15 - 2012-05-23 16:15 - 00001853 ____A C:\Users\Public\Desktop\Dell Printer Supplies - Inkjet.LNK
2012-05-23 16:15 - 2012-05-23 16:15 - 00001853 ____A C:\Users\All Users\Desktop\Dell Printer Supplies - Inkjet.LNK
2012-05-23 16:12 - 2006-11-02 07:27 - 00196833 ____A C:\Windows\setupact.log
2012-05-21 07:45 - 2012-05-21 07:31 - 00011272 ____A C:\Users\Bob\My Documents\Social Security-Medicare Analysis.xlsx
2012-05-21 07:45 - 2012-05-21 07:31 - 00011272 ____A C:\Users\Bob\Documents\Social Security-Medicare Analysis.xlsx
2012-05-20 14:02 - 2012-05-20 14:02 - 00001718 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-20 14:02 - 2012-05-20 14:02 - 00001718 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-05-15 09:07 - 2012-05-15 08:20 - 00091136 ____A C:\Users\Bob\Downloads\Golfer_Handicap_By_Tees_5-15-2012.xls
2012-05-15 08:55 - 2012-05-15 08:22 - 00044544 ____A C:\Users\Bob\Downloads\Golfer_Default_Tee_5-15-2012.xls
2012-05-14 17:01 - 2011-03-24 16:30 - 00001866 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-14 17:01 - 2011-03-24 16:30 - 00001866 ____A C:\Users\All Users\Desktop\Safari.lnk

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 6075.98 MB
Available physical RAM: 5537.31 MB
Total Pagefile: 5889.37 MB
Available Pagefile: 5514.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:450.68 GB) (Free:266.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (UDISK 20X) (Removable) (Total:0.46 GB) (Free:0.45 GB) FAT
4 Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:4.8 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 476 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 78 MB 32 KB
Partition 2 Primary 15 GB 79 MB
Partition 3 Primary 451 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 78 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 476 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D UDISK 20X FAT Removable 476 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-07 16:56

======================= End Of Log ==========================
reallyfreespirit
Regular Member
 
Posts: 29
Joined: July 21st, 2012, 5:14 pm

Re: Malware "Windows Home Protector"

Unread postby diver79 » August 8th, 2012, 4:58 pm

Hi reallyfreespirit,

No sign of a rootkit infection in the FRST log. At this point I do not believe there is any malware on your system.

The HP CUE status error relates to a service for your HP Multi function printer. I would suggest you install the latest software for the device to resolve this issue.

Before I close this topic I'd like to check that there are no insecure programs installed on the machine.

Security Check
  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Malware "Windows Home Protector"

Unread postby reallyfreespirit » August 9th, 2012, 10:17 am

The Security Check log has a few interesting items. Let me know if there are any actions that I should take.
Before you close out this topic, I have a few questions that I'll send later. I would appreciate it if you would either point out any action necessary or confirm any that I may propose. Thanks.

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 32
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
reallyfreespirit
Regular Member
 
Posts: 29
Joined: July 21st, 2012, 5:14 pm

Re: Malware "Windows Home Protector"

Unread postby diver79 » August 9th, 2012, 2:45 pm

Hi reallyfreespirit,

As you have noticed, securitycheck has flagged Java and Adobe Reader as insecure. Older versions of these applications contain vulnerabilities that can be exploited by malware resulting in malicious code execution. See instructions below to remove these programs and install up to date versions.

Remove Out of date Programs
  • The following programs installed on your PC are out of date and represent a significant risk of re-infection.
    Java(TM) 6 Update 32
    Adobe Reader 9
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red).
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Adobe Reader
You can get the latest version of Adobe Reader here http://get.adobe.com/uk/reader/
Java
You can get the latest version of Java here http://www.java.com/en/download/index.jsp

Feel free to ask any questions you may have.

diver79
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Malware "Windows Home Protector"

Unread postby reallyfreespirit » August 9th, 2012, 4:41 pm

There is also another version of Java shown in the list of programs (Java 6 Update 13 (64 bit) installed from Sun Microsystems on 10/1/2009). Should this also be removed?

I have the following questions for you. I would appreciate it if you would comment on any solution or action that I've noted, or recommend anything different.

Questions for diver79:
1. Some time back, you indicated that there was a hidden file attached to a video file (MVI_3315), but did not indicate that this was a problem or that any action was necessary. Is there anything that I should do? I've not opened it, but it remains on the Desktop. This is probably a video of family that I would like to retain, but cannot get McAfee to scan it for any potential problem. How can I force a scan of that file? If I run a complete scan, does this include all of the files on my Desktop? Thoughts?
2. I haven’t yet completely backed up all directories to CD that I might need if the computer actually becomes totally inoperative. I am working on that, but am in the middle of travel for the next two weeks. I will continue to use both CDs and USB drive to do this. If something happens that I cannot reply within the three day window or if something appears after you close the topic, how do I resume this process with you?
3. What software should I retain from this exercise? There is OTL, Belarc Advisor, stinger, dds, checkhd, tdsskiller, aswMBR, CKScanner, advisorinstaller, HijackThis, Spyhunter, FRST64 and mbam-setup--1.62.0.1300. The free version of Malwarebytes has timed out, but remains on the Desktop Taskbar, as well as a shortcut. Some are stored in the Downloads directory, with a shortcut on the Desktop.
4. Are any of the software results files needed? There are about 13 or so .txt/Notepad documents remaining in my Downloads directory, USB drive or on the Desktop. There may be others in the directory where the software was originally installed/copied/stored/executed.
5. I continue to open software from the Desktop and sometimes am getting strange results. (MS Word 2007 and MS PowerPoint 2007 both start up a box by Windows to configure Nuance PDF Professional 5, for instance). I have to "Cancel" a number of times before I can continue. Nuance PDF Professional 5 shows on MS Word 2007, MS Excel 2007 and MS PowerPoint 2007 as items in the top row Quick Access toolbar. I do not get the same strange set of windows for MS Excel 2007, however, only Word and PowerPoint. I will try to locate the original installation disk(s) for Nuance PDF Professional 5, reinstall it and see if the issues continue or not.
6. Is it possible for me to save the entire message stream between you and I, so that I can answer any questions in the future? If so, how do I do that?
reallyfreespirit
Regular Member
 
Posts: 29
Joined: July 21st, 2012, 5:14 pm

Re: Malware "Windows Home Protector"

Unread postby diver79 » August 9th, 2012, 5:54 pm

Hi

Answers to your questions below.

1. Re: Video
The video C:\Users\Bob\Desktop\MVI_3315.AVI should have been deleted by OTL. Not sure why it remains. It appears to contain another file called TOC.WMV, After a bit of research on this it appears that Windows Photo Gallery and Movie maker do this to add metadata to the file. The nature of this technique is suspicious so that is why I alerted you to it. I no longer believe there is anything of suspicion in this file. If there was, it should have showed in the subsequent scans we did.

2. Re: Resuming topic
If this topic is closed for any reason you can open a new topic again. Either myself or another helper will pick it up.

3. What software should I retain from this exercise?
Once I issue cleanup instructions OTL and some of the other tools we have used will be removed. Anything else that is left over can be removed but I would recommend keeping malwarebytes.

4. Are any of the software results files needed?
There should be no need to keep them but you can if you choose. The logs you have posted here will remain here after the topic is closed.

5. Nuance PDF Professional 5
The Nuance icons in the quick access bar sound like convert to PDF links that allow you to convert you Office documents to PDF. It sounds like the plugin for this is only partially installed, so everytime you open Office it tries to load the rest of it. I would suggest loading the CD for Nuance and running a repair install. I do apologise if I have caused this. I removed some of the Nuance toolbars from loading to reduce the amount of programs you have loading at startup. Running the repair option will fix this.
  • Open the Control Panel
  • Select Programs and Features.
  • Select Nuance PDF Professional 5.0.
  • Click Change to auto-repair it.

6. Save topic.
You can either copy the contents of each page into MS Word or you can use your browsers Save as function to save a copy of each page. Either way you will still have access to this topic once it has been closed.

Let me know if you have any more questions, otherwise I will post cleanup instructions.

diver79
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Malware "Windows Home Protector"

Unread postby reallyfreespirit » August 10th, 2012, 11:50 am

Should the Sun Microsystems version of Java noted in the last message be deleted using appwiz.cpl?

Let's do cleanup. I'll save the topic contents later.

Talk some about Malwarebytes. I used the free, expiring version. Would that version be available to me later?
If I subscribe to the paid version, how would this react with my current McAfee Security Center processes?
reallyfreespirit
Regular Member
 
Posts: 29
Joined: July 21st, 2012, 5:14 pm

Re: Malware "Windows Home Protector"

Unread postby diver79 » August 10th, 2012, 12:46 pm

Hi reallyfreespirit,

Yes, please do remove Java 6 Update 13 (64 bit), instructions to do so below.

Malwarebytes is classed as Anti-Spyware so you can safely use it to compliment your McAfee protection. The general rule of thumb is to have One AntiVirus application and at least one Anti-Spyware application The paid version of mabam provides real time scanning that will give you an extra layer of protection against malware. I would recommend this purchase.


Congratulations your PC is now free from infection 8) Follow the below steps to cleanup the tools we have used and tighten your systems security.


Remove Out of date Programs
  • The following programs installed on your PC are out of date and represent a significant risk of re-infection.
    Java 6 Update 13 (64 bit)
  • Click on Start...then... Click the Search Programs and Files search box on the Start Menu.
  • Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  • Locate the out of date program(s) above.
  • Select the program and click on Uninstall to uninstall it.
  • Repeat these steps for each program in the list. When finished... Close the Control Panel window.


Clean up with OTL
  • Right click OTL.exe and select Run as Administrator to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • You may now remove any remaining programs\files that we used in this topic.


Create a new, clean System Restore point
  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> Right click on Computer, and select Properties.
  • Click on the System Protection link, located on the left hand side menu.
  • Select Create , type a name like All Clean then press the Create button and once it's done press Close and close any remaining windows.
Now remove old, infected System Restore points:
  • Next click Start >> in the Search Programs and Files search box type cleanmgr and press OK
  • Select the C: drive and click OK.
  • Ensure the following boxes are checked;
    • Recycle Bin
    • Temporary Files
    • Temporary Internet Files
  • Select the Clean Up System Files button.
  • Select the C: drive again and select OK.
  • Select the More Options tab and under System Restore and Shadow Copies click the Clean up button.
  • Select Delete, Press OK and Delete Files to confirm.


Additional Security Tips.
Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia. This app will monitor programs on your computer for known vulnerabilities. You can set it to auto-update for you, or just prompt you if an update is available. I highly recommend it.
F-secure Health Check - Copyright © F-Secure Corporation. F-Secure Health Check is a free application that tells you if your computer is protected and helps you fix possible security issues.


Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.


Read, stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please let me know that you completed the cleanup steps. Once I receive your reply, unless there are other malware questions or concerns, I will have this topic closed as resolved.

Safe Surfin,

diver79
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Malware "Windows Home Protector"

Unread postby reallyfreespirit » August 10th, 2012, 1:51 pm

Uninstalled the old Java Update.
Ran OTL successfully. There are still files created by OTL that I'll send to the Recycle bin and then delete.
Created a new System Restore point successfully.
Started Disk Cleanup of C:. Checked Recycle Bin, Temporary Internet Files and Temporary Files.
The box showing this does not have "Cleanup System Files" button, only an OK button.
Will send followup message with what happens next.
reallyfreespirit
Regular Member
 
Posts: 29
Joined: July 21st, 2012, 5:14 pm

Re: Malware "Windows Home Protector"

Unread postby reallyfreespirit » August 10th, 2012, 1:58 pm

After OK, asked to confirm that I wanted to delete files, then everything closed and nothing else in your message stream could be performed in "cleanmgr". I assume the remaining instructions would have deleted old, possibly infected System Restore points.
Remaining instructions were:
Select the Clean Up System Files button.
Select the C: drive again and select OK.
Select the More Options tab and under System Restore and Shadow Copies click the Clean up button.
Select Delete, Press OK and Delete Files to confirm.

Could not do this in "cleanmgr".
reallyfreespirit
Regular Member
 
Posts: 29
Joined: July 21st, 2012, 5:14 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware