Jump to content

PWeis909

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Gringo, Just letting you know I read your last post and have no questions at this time. See you over at paypal.
  2. Gringo, I executed your most recent instructions. My system appears to be running smoothly. However, the eset scan did find four files that I believe were identified as viruses. I have made no effort to remove these files. Here is the log: C:\Program Files\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application Thanks for you help.
  3. Gringo, Sorry for my earlier mistake. I think I now managed to follow your instructions. As far as I can tell, my system is performing fine. I'm pasting logs from Malwarebytes and HijackThis below: Malwarebytes log: alwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.06.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 CarmenPeter :: CARMENPETER-PC [administrator] 7/5/2013 7:40:56 PM mbam-log-2013-07-05 (19-40-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209662 Time elapsed: 8 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HijackThis Log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:08:16 PM, on 7/5/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16490) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files\Dell DataSafe Local Backup\Toaster.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\CarmenPeter\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.33/uploader2.cab O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update Service (gupdate1c9e838ebf50dc0) (gupdate1c9e838ebf50dc0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- End of file - 10922 bytes
  4. Gringo, I tried to uninstall the programs you suggested and ran into problems, so I have not completed your instructions. I successfully uninstalled Adobe Reader X (10.1.6) through the Windows Control Panel. However, the Control Panel did not display Ask Toolbar, Ask Toolbar Updater, and Coupon Printer for Windows. I then download and installled Revo Uninstaller as per your suggestion, but it too did not display the remaining three programs. Using Windows Search function, I was able to track down and uninstall Coupon Printer, which was in a folder in my Program Files Folder but nevertheless did not display in the lists of programs to remove. That leaves the two files Ask Toolbar and Ask Toolbar Updater to remove. When I search for them with the explorer search function, the only hits are among the log files that were created and pasted into my earlier post. I haven't proceeded with your other instructions yet. Do you have suggestions for location and removing these Ask programs?
  5. Gringo, I was able to follow your instructions and am pasting the results of the CFScript-Combofix logfile below. As far as I am able to observe, my system seems to be working fine. Thanks for your help. omboFix 13-07-02.03 - CarmenPeter 07/03/2013 8:19.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3030.1558 [GMT -5:00] Running from: c:\users\CarmenPeter\Desktop\ComboFix.exe Command switches used :: c:\users\CarmenPeter\Desktop\CFScript.txt AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . F:\autorun.inf . . ((((((((((((((((((((((((( Files Created from 2013-06-03 to 2013-07-03 ))))))))))))))))))))))))))))))) . . 2013-07-03 13:29 . 2013-07-03 13:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-30 15:25 . 2013-06-30 15:25 -------- d-----w- c:\windows\ERUNT 2013-06-30 15:25 . 2013-06-30 15:25 -------- d-----w- C:\JRT 2013-06-21 20:36 . 2013-06-21 20:36 -------- d-----w- c:\users\CarmenPeter\AppData\Roaming\Malwarebytes 2013-06-21 20:36 . 2013-06-21 20:36 -------- d-----w- c:\programdata\Malwarebytes 2013-06-21 20:36 . 2013-06-21 20:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-06-21 20:36 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-16 22:35 . 2013-06-19 20:34 -------- d-----w- c:\windows\system32\drivers\NAV\1404000.028 2013-06-12 08:12 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 08:12 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 08:12 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll 2013-06-12 08:12 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 08:12 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 08:12 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 08:12 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 08:12 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 08:12 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-12 08:12 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 08:12 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-09 12:56 . 2013-06-09 12:57 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-18 17:55 . 2012-04-07 15:08 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-06-12 00:07 . 2012-04-17 08:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 00:07 . 2011-06-02 10:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-15 14:20 . 2013-05-15 10:27 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-13 10:56 . 2013-05-15 10:27 37376 ----a-w- c:\windows\system32\cdd.dll 2013-04-10 10:24 . 2013-04-10 10:24 16384 ----a-w- c:\users\CarmenPeter\wmdmhelper.dll 2013-04-10 10:24 . 2013-04-10 10:24 139264 ----a-w- c:\users\CarmenPeter\dunzip32.dll 2013-04-10 10:24 . 2013-04-10 10:24 8704 ----a-w- c:\users\CarmenPeter\fixrjb.exe 2013-04-10 10:24 . 2013-04-10 10:24 641536 ----a-w- c:\users\CarmenPeter\rjbres.dll 2013-04-10 10:24 . 2013-04-10 10:24 45568 ----a-w- c:\users\CarmenPeter\ierjplug.dll 2013-04-10 10:24 . 2013-04-10 10:24 370176 ----a-w- c:\users\CarmenPeter\rjdlg.dll 2013-04-10 10:24 . 2013-04-10 10:24 31232 ----a-w- c:\users\CarmenPeter\rjprog.dll 2013-04-10 10:24 . 2013-04-10 10:24 943344 ----a-w- c:\users\CarmenPeter\cddblink.dll 2013-04-10 10:24 . 2013-04-10 10:24 1115376 ----a-w- c:\users\CarmenPeter\cddbmusicid.dll 2013-04-10 10:24 . 2013-04-10 10:24 2041072 ----a-w- c:\users\CarmenPeter\cddbcontrol.dll 2013-04-10 10:24 . 2013-04-10 10:24 44544 ----a-w- c:\users\CarmenPeter\mmcdda32.dll 2013-04-10 10:24 . 2013-04-10 10:24 22528 ----a-w- c:\users\CarmenPeter\tnetdtct.dll 2013-04-10 10:24 . 2013-04-10 10:24 73216 ----a-w- c:\users\CarmenPeter\tsasdk.dll 2013-04-10 10:24 . 2013-04-10 10:24 48640 ----a-w- c:\users\CarmenPeter\tpasdk.dll 2013-04-10 10:24 . 2013-04-10 10:24 56320 ----a-w- c:\users\CarmenPeter\rpwa3260.dll 2013-04-10 10:24 . 2013-04-10 10:24 16296 ----a-w- c:\users\CarmenPeter\realtfon.fon 2013-04-10 10:24 . 2013-04-10 10:24 45184 ----a-w- c:\users\CarmenPeter\rpshellsearch.dll 2013-04-10 10:24 . 2013-04-10 10:24 389712 ----a-w- c:\users\CarmenPeter\realcleaner.exe 2013-04-10 10:24 . 2013-04-10 10:24 3303936 ----a-w- c:\users\CarmenPeter\mediainfo.dll 2013-04-10 10:23 . 2013-04-10 10:23 384088 ----a-w- c:\users\CarmenPeter\realconverter.exe 2013-04-10 10:23 . 2013-04-10 10:23 355416 ----a-w- c:\users\CarmenPeter\convert.exe 2013-04-10 10:23 . 2013-04-10 10:23 390384 ----a-w- c:\users\CarmenPeter\mc_enc_h263.dll 2013-04-10 10:23 . 2013-04-10 10:23 389712 ----a-w- c:\users\CarmenPeter\realtrimmer.exe 2013-04-10 10:23 . 2013-04-10 10:23 136784 ----a-w- c:\users\CarmenPeter\realshare.exe 2013-04-10 10:23 . 2013-04-10 10:23 115200 ----a-w- c:\users\CarmenPeter\rpshellextension.dll 2013-04-10 10:23 . 2013-04-10 10:23 719360 ----a-w- c:\users\CarmenPeter\dbghelp.dll 2013-04-10 10:23 . 2013-04-10 10:23 69632 ----a-w- c:\users\CarmenPeter\rjwmapln.dll 2013-04-10 10:23 . 2013-04-10 10:23 47616 ----a-w- c:\users\CarmenPeter\rpau3260.dll 2013-04-10 10:22 . 2013-04-10 10:22 30816 ----a-w- c:\users\CarmenPeter\rndevicedbbuilder.exe 2013-04-10 10:22 . 2013-04-10 10:22 87552 ----a-w- c:\users\CarmenPeter\hxaudiodevicehook.dll 2013-04-10 10:22 . 2013-04-10 10:22 86016 ----a-w- c:\users\CarmenPeter\rpplugprot.dll 2013-04-10 10:22 . 2013-04-10 10:22 112248 ----a-w- c:\users\CarmenPeter\rdsf3260.dll 2013-04-10 10:22 . 2013-04-10 10:22 71280 ----a-w- c:\users\CarmenPeter\rpshell.dll 2013-04-10 10:22 . 2013-04-10 10:22 9216 ----a-w- c:\users\CarmenPeter\realjbox.exe 2013-04-10 10:22 . 2013-04-10 10:22 17528 ----a-w- c:\users\CarmenPeter\rphelperapp.exe 2013-04-10 10:22 . 2013-04-10 10:22 501328 ----a-w- c:\users\CarmenPeter\realplay.exe 2013-04-10 10:22 . 2013-04-10 10:22 499712 ----a-w- c:\windows\system32\msvcp71.dll 2013-04-10 10:22 . 2013-04-10 10:22 348160 ----a-w- c:\windows\system32\msvcr71.dll 2013-04-09 01:36 . 2013-05-15 10:27 2049024 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-05 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392] "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableRegedit"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-02-18 20:51 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Users^CarmenPeter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk] path=c:\users\CarmenPeter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk backup=c:\windows\pss\Dell Dock.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00] 2010-06-10 18:42 2621440 ------r- c:\program files\Browny02\Brother\BrStMonW.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2008-06-03 21:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter] 2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2008-12-03 04:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed] 2008-08-15 21:03 4812664 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2013-04-10 10:22 295512 ----a-w- c:\users\CarmenPeter\Update\realsched.exe . S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-20 11:14 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 00:07] . 2013-07-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-05 17:11] . 2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 12:59] . 2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 12:59] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-03 08:30 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NSL] "ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,e7,65,54,97,42,2c,47,be,74,c4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,e7,65,54,97,42,2c,47,be,74,c4,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-07-03 08:32:07 ComboFix-quarantined-files.txt 2013-07-03 13:32 ComboFix2.txt 2013-07-02 15:55 . Pre-Run: 156,231,065,600 bytes free Post-Run: 155,478,609,920 bytes free . - - End Of File - - 7E16A290142BD03914D4ACD31887B8D1 CDB4DE4BBD714F152979DA2DCBEF57EB
  6. Gringo, I think I managed to do as you suggested without any problems. As far as I am able to tell, my system still seems to be running fine. If I don't hear otherwise, I'll assume the case is closed. Here is the log from combo-fix that you asked to see: ComboFix 13-07-02.03 - CarmenPeter 07/02/2013 10:43:46.1.2 - x86 Running from: c:\users\CarmenPeter\Desktop\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\CarmenPeter\g2mdlhlpx.exe D:\AUTORUN.INF . . ((((((((((((((((((((((((( Files Created from 2013-06-02 to 2013-07-02 ))))))))))))))))))))))))))))))) . . 2013-07-02 15:53 . 2013-07-02 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-30 15:25 . 2013-06-30 15:25 -------- d-----w- c:\windows\ERUNT 2013-06-30 15:25 . 2013-06-30 15:25 -------- d-----w- C:\JRT 2013-06-21 20:36 . 2013-06-21 20:36 -------- d-----w- c:\users\CarmenPeter\AppData\Roaming\Malwarebytes 2013-06-21 20:36 . 2013-06-21 20:36 -------- d-----w- c:\programdata\Malwarebytes 2013-06-21 20:36 . 2013-06-21 20:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-06-21 20:36 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-16 22:35 . 2013-06-19 20:34 -------- d-----w- c:\windows\system32\drivers\NAV\1404000.028 2013-06-12 08:12 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 08:12 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 08:12 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll 2013-06-12 08:12 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 08:12 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 08:12 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 08:12 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 08:12 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 08:12 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-12 08:12 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 08:12 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-09 12:56 . 2013-06-09 12:57 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-18 17:55 . 2012-04-07 15:08 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-06-12 00:07 . 2012-04-17 08:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 00:07 . 2011-06-02 10:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-15 14:20 . 2013-05-15 10:27 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-13 10:56 . 2013-05-15 10:27 37376 ----a-w- c:\windows\system32\cdd.dll 2013-04-10 10:24 . 2013-04-10 10:24 16384 ----a-w- c:\users\CarmenPeter\wmdmhelper.dll 2013-04-10 10:24 . 2013-04-10 10:24 139264 ----a-w- c:\users\CarmenPeter\dunzip32.dll 2013-04-10 10:24 . 2013-04-10 10:24 8704 ----a-w- c:\users\CarmenPeter\fixrjb.exe 2013-04-10 10:24 . 2013-04-10 10:24 641536 ----a-w- c:\users\CarmenPeter\rjbres.dll 2013-04-10 10:24 . 2013-04-10 10:24 45568 ----a-w- c:\users\CarmenPeter\ierjplug.dll 2013-04-10 10:24 . 2013-04-10 10:24 370176 ----a-w- c:\users\CarmenPeter\rjdlg.dll 2013-04-10 10:24 . 2013-04-10 10:24 31232 ----a-w- c:\users\CarmenPeter\rjprog.dll 2013-04-10 10:24 . 2013-04-10 10:24 943344 ----a-w- c:\users\CarmenPeter\cddblink.dll 2013-04-10 10:24 . 2013-04-10 10:24 1115376 ----a-w- c:\users\CarmenPeter\cddbmusicid.dll 2013-04-10 10:24 . 2013-04-10 10:24 2041072 ----a-w- c:\users\CarmenPeter\cddbcontrol.dll 2013-04-10 10:24 . 2013-04-10 10:24 44544 ----a-w- c:\users\CarmenPeter\mmcdda32.dll 2013-04-10 10:24 . 2013-04-10 10:24 22528 ----a-w- c:\users\CarmenPeter\tnetdtct.dll 2013-04-10 10:24 . 2013-04-10 10:24 73216 ----a-w- c:\users\CarmenPeter\tsasdk.dll 2013-04-10 10:24 . 2013-04-10 10:24 48640 ----a-w- c:\users\CarmenPeter\tpasdk.dll 2013-04-10 10:24 . 2013-04-10 10:24 56320 ----a-w- c:\users\CarmenPeter\rpwa3260.dll 2013-04-10 10:24 . 2013-04-10 10:24 16296 ----a-w- c:\users\CarmenPeter\realtfon.fon 2013-04-10 10:24 . 2013-04-10 10:24 45184 ----a-w- c:\users\CarmenPeter\rpshellsearch.dll 2013-04-10 10:24 . 2013-04-10 10:24 389712 ----a-w- c:\users\CarmenPeter\realcleaner.exe 2013-04-10 10:24 . 2013-04-10 10:24 3303936 ----a-w- c:\users\CarmenPeter\mediainfo.dll 2013-04-10 10:23 . 2013-04-10 10:23 384088 ----a-w- c:\users\CarmenPeter\realconverter.exe 2013-04-10 10:23 . 2013-04-10 10:23 355416 ----a-w- c:\users\CarmenPeter\convert.exe 2013-04-10 10:23 . 2013-04-10 10:23 390384 ----a-w- c:\users\CarmenPeter\mc_enc_h263.dll 2013-04-10 10:23 . 2013-04-10 10:23 389712 ----a-w- c:\users\CarmenPeter\realtrimmer.exe 2013-04-10 10:23 . 2013-04-10 10:23 136784 ----a-w- c:\users\CarmenPeter\realshare.exe 2013-04-10 10:23 . 2013-04-10 10:23 115200 ----a-w- c:\users\CarmenPeter\rpshellextension.dll 2013-04-10 10:23 . 2013-04-10 10:23 719360 ----a-w- c:\users\CarmenPeter\dbghelp.dll 2013-04-10 10:23 . 2013-04-10 10:23 69632 ----a-w- c:\users\CarmenPeter\rjwmapln.dll 2013-04-10 10:23 . 2013-04-10 10:23 47616 ----a-w- c:\users\CarmenPeter\rpau3260.dll 2013-04-10 10:22 . 2013-04-10 10:22 30816 ----a-w- c:\users\CarmenPeter\rndevicedbbuilder.exe 2013-04-10 10:22 . 2013-04-10 10:22 87552 ----a-w- c:\users\CarmenPeter\hxaudiodevicehook.dll 2013-04-10 10:22 . 2013-04-10 10:22 86016 ----a-w- c:\users\CarmenPeter\rpplugprot.dll 2013-04-10 10:22 . 2013-04-10 10:22 112248 ----a-w- c:\users\CarmenPeter\rdsf3260.dll 2013-04-10 10:22 . 2013-04-10 10:22 71280 ----a-w- c:\users\CarmenPeter\rpshell.dll 2013-04-10 10:22 . 2013-04-10 10:22 9216 ----a-w- c:\users\CarmenPeter\realjbox.exe 2013-04-10 10:22 . 2013-04-10 10:22 17528 ----a-w- c:\users\CarmenPeter\rphelperapp.exe 2013-04-10 10:22 . 2013-04-10 10:22 501328 ----a-w- c:\users\CarmenPeter\realplay.exe 2013-04-10 10:22 . 2013-04-10 10:22 499712 ----a-w- c:\windows\system32\msvcp71.dll 2013-04-10 10:22 . 2013-04-10 10:22 348160 ----a-w- c:\windows\system32\msvcr71.dll 2013-04-09 01:36 . 2013-05-15 10:27 2049024 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-05 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392] "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableRegedit"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-02-18 20:51 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Users^CarmenPeter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk] path=c:\users\CarmenPeter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk backup=c:\windows\pss\Dell Dock.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00] 2010-06-10 18:42 2621440 ------r- c:\program files\Browny02\Brother\BrStMonW.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2008-06-03 21:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter] 2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2008-12-03 04:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed] 2008-08-15 21:03 4812664 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2013-04-10 10:22 295512 ----a-w- c:\users\CarmenPeter\Update\realsched.exe . S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-20 11:14 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 00:07] . 2013-07-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-05 17:11] . 2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 12:59] . 2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 12:59] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100 . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-02 10:53 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\users\CARMEN~1\AppData\Local\Temp\catchme.dll 53248 bytes executable . scan completed successfully hidden files: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NSL] "ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,e7,65,54,97,42,2c,47,be,74,c4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,e7,65,54,97,42,2c,47,be,74,c4,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-07-02 10:55:49 ComboFix-quarantined-files.txt 2013-07-02 15:55 . Pre-Run: 152,652,685,312 bytes free Post-Run: 154,681,528,320 bytes free . - - End Of File - - AB67851098E9CB2A251ACA146F1D2817 CDB4DE4BBD714F152979DA2DCBEF57EB
  7. Gringo, I've downloaded and run the tools you suggested. I think my problems have been solved. The White Trader icon and messages no longer appear upon rebooting. Furthermore, now I have turned the tooltip balloons back on so I can tell if Malwarebytes is blocking malicious websites, and my computer no longer seems to be trying to do this - no messages are showing up, at rate, whereas prior to running these programs, I would continually get these warnings about blocking malicious websites. One concern: I didn't have my Norton Antivirus turned off for the first step, and as soon as AdwCleaner finished running, Norton quarantined Trojan.Ransomlock.P, which sounds sort of nasty, from what I have read. I'm not sure where that came from, but it seems like the threat has been contained. I'll post the contents of the AdwCleaner and Junkremoval txt files below. However, unless I hear otherwise from you, I'll assume this case is closed. Thanks for your help. AdwCleaner # AdwCleaner v2.303 - Logfile created 06/30/2013 at 07:46:15 # Updated 08/06/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : CarmenPeter - CARMENPETER-PC # Boot Mode : Normal # Running from : C:\Users\CarmenPeter\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\Ask.com Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\Users\CarmenPeter\AppData\LocalLow\AskToolbar Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Registry is clean. -\\ Google Chrome v27.0.1453.116 File : C:\Users\CarmenPeter\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [7962 octets] - [30/06/2013 07:46:15] ########## EOF - C:\AdwCleaner[s1].txt - [8022 octets] ########## Junkremoval Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows Vista Home Premium x86 Ran by CarmenPeter on Sun 06/30/2013 at 10:25:54.54 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B219D719-FF1E-4319-97E3-E255D68709FD} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{169611CD-48F0-41D0-A90C-7B72FE3267C7} ~~~ Files Successfully deleted: [File] "C:\Windows\couponprinter.ocx" ~~~ Folders Successfully deleted: [Folder] "C:\Program Files\coupons" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 06/30/2013 at 10:28:52.63 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8. Gringo, Thanks for your reply. For some reason, I missed notification of your first response, which accounts for my initial delay in responding to your message. I am unable to implement your suggestions immediately because I cannot dowload the tools from the infected computer. I'll need to do this from a different computer and transfer the downloads, as before. I'll reply again with a progress update within 48 hours. Please keep this thread open. Thanks. PWeis909
  9. Hi, I just read elsewhere that it is easier for you if I copy and paste logs into the message. From my previous post, here is attach and dds logs Attach Log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 2/18/2009 8:22:06 AM System Uptime: 6/22/2013 6:10:36 AM (1 hours ago) . Motherboard: Dell Inc. | | 0P173H Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 126.886 GiB free. D: is FIXED (NTFS) - 15 GiB total, 8.489 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0165 Manufacturer: Microsoft Name: Microsoft 6to4 Adapter #6 PNP Device ID: ROOT\*6TO4MP\0165 Service: tunnel . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.6) Advanced Audio FX Engine Amazon MP3 Downloader 1.0.15 Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar Ask Toolbar Updater Banctec Service Agreement BeerSmith 2 BeerSmith Brewing Software Bonjour BreWater 3.0 Choice Guard Compatibility Pack for the 2007 Office system Coupon Printer for Windows Dell-eBay Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Dell Touchpad Dell Video Chat (remove only) Dell Webcam Central DELL0604 EDocs Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Updater GoToAssist 8.0.0.514 GoToMeeting 4.8.0.723 H&R Block Deluxe + Efile + State 2011 H&R Block Deluxe + Efile + State 2012 H&R Block Wisconsin 2011 H&R Block Wisconsin 2012 HL-2240 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) ImageJ 1.45s Integrated Webcam Driver (1.06.03.0309) Intel® Graphics Media Accelerator Driver iPhone Configuration Utility ITECIR Driver iTunes Junk Mail filter update Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.75.0.1300 Maxtor Manager MediaDirect Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Napster Download Manager Norton AntiVirus Norton Safe Web Lite Octoshape add-in for Adobe Flash Player OGA Notifier 2.0.0048.0 Pdf995 (installed by H&R Block) PdfEdit995 (installed by H&R Block) QuickSet RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer RealUpgrade 1.1 Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Safari Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Spelling Dictionaries Support For Adobe Reader 9 Symantec Technical Support Web Controls TaxACT 2009 TaxACT 2009 Wisconsin TaxACT 2010 TaxACT 2010 Wisconsin Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Vortex9.99 WildTangent Games Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer . ==== End Of File =========================== DDS LOG DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16490 Run by CarmenPeter at 7:16:43 on 2013-06-22 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3030.1494 [GMT -5:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe C:\Windows\system32\SLsvc.exe C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Dell DataSafe Local Backup\Toaster.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k SDRSVC . ============== Pseudo HJT Report =============== . uWindow Title = Internet Explorer provided by Dell uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\20.4.0.40\ips\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll BHO: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - c:\program files\norton safe web lite\engine\2.0.0.16\CoIEPlg.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Norton Safe Web Lite: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - c:\program files\norton safe web lite\engine\2.0.0.16\CoIEPlg.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - c:\program files\norton safe web lite\engine\2.0.0.16\CoIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe" mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 68.115.71.53 68.113.206.10 66.189.0.100 TCP: Interfaces\{0A969D32-7B37-44AE-92F7-F04E8D66F7D6} : DHCPNameServer = 68.115.71.53 68.113.206.10 66.189.0.100 TCP: Interfaces\{571F2119-0EE7-4183-B0D7-5318A8F5522A} : DHCPNameServer = 68.115.71.53 68.113.206.10 66.189.0.100 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1404000.028\symds.sys [2013-6-16 367704] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1404000.028\symefa.sys [2013-6-16 934488] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.3.1.22\definitions\bashdefs\20130531.001\BHDrvx86.sys [2013-5-31 1002072] R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1404000.028\ccsetx86.sys [2013-6-16 134744] R1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\nst\0200000.010\ccSetx86.sys [2012-4-6 132744] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_20.3.1.22\definitions\ipsdefs\20130621.001\IDSvix86.sys [2013-6-21 386720] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1404000.028\ironx86.sys [2013-6-16 175264] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1404000.028\symtdiv.sys [2013-6-16 352344] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f091b975\AEstSrv.exe [2009-2-18 73728] R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-21 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-21 701512] R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\20.4.0.40\ccsvchst.exe [2013-6-16 144368] R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\2.0.0.16\ccSvcHst.exe [2012-4-6 138760] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056] R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2010-11-21 705856] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-10 106656] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-18 112128] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-2-18 203264] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-21 22856] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-2-18 3663360] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1c9e838ebf50dc0;Google Update Service (gupdate1c9e838ebf50dc0);c:\program files\google\update\GoogleUpdate.exe [2009-6-8 133104] S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2013-3-17 245760] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-06-21 20:36:48 -------- d-----w- c:\users\carmenpeter\appdata\roaming\Malwarebytes 2013-06-21 20:36:33 -------- d-----w- c:\programdata\Malwarebytes 2013-06-21 20:36:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-21 20:36:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-06-16 22:35:25 934488 ----a-w- c:\windows\system32\drivers\nav\1404000.028\symefa.sys 2013-06-16 22:35:25 603224 ----a-w- c:\windows\system32\drivers\nav\1404000.028\srtsp.sys 2013-06-16 22:35:25 367704 ----a-w- c:\windows\system32\drivers\nav\1404000.028\symds.sys 2013-06-16 22:35:25 352344 ----a-w- c:\windows\system32\drivers\nav\1404000.028\symtdiv.sys 2013-06-16 22:35:25 339544 ----a-w- c:\windows\system32\drivers\nav\1404000.028\symnets.sys 2013-06-16 22:35:25 32344 ----a-w- c:\windows\system32\drivers\nav\1404000.028\srtspx.sys 2013-06-16 22:35:25 21400 ----a-r- c:\windows\system32\drivers\nav\1404000.028\symelam.sys 2013-06-16 22:35:25 175264 ----a-w- c:\windows\system32\drivers\nav\1404000.028\ironx86.sys 2013-06-16 22:35:25 134744 ----a-w- c:\windows\system32\drivers\nav\1404000.028\ccsetx86.sys 2013-06-16 22:35:04 14818 ----a-w- c:\windows\system32\drivers\nav\1404000.028\symvtcer.dat 2013-06-16 22:35:04 -------- d-----w- c:\windows\system32\drivers\nav\1404000.028 2013-06-12 08:12:41 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 08:12:36 443904 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 08:12:36 37376 ----a-w- c:\windows\system32\printcom.dll 2013-06-12 08:12:34 985600 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 08:12:34 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 08:12:34 812544 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 08:12:34 41984 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 08:12:34 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 08:12:29 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-12 08:12:29 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 08:12:21 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-09 12:56:32 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-06-07 15:46:04 -------- d-----w- c:\windows\pss 2013-05-27 18:09:17 -------- d-----r- c:\users\carmenpeter\appdata\roaming\Brother . ==================== Find3M ==================== . 2013-06-18 17:55:06 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-06-12 00:07:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 00:07:13 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll 2013-04-10 10:23:32 384088 ----a-w- c:\users\carmenpeter\realconverter.exe 2013-04-10 10:23:31 355416 ----a-w- c:\users\carmenpeter\convert.exe 2013-04-10 10:23:20 390384 ----a-w- c:\users\carmenpeter\mc_enc_h263.dll 2013-04-10 10:23:13 389712 ----a-w- c:\users\carmenpeter\realtrimmer.exe 2013-04-10 10:23:13 136784 ----a-w- c:\users\carmenpeter\realshare.exe 2013-04-10 10:23:13 115200 ----a-w- c:\users\carmenpeter\rpshellextension.dll 2013-04-10 10:23:12 719360 ----a-w- c:\users\carmenpeter\dbghelp.dll 2013-04-10 10:23:11 69632 ----a-w- c:\users\carmenpeter\rjwmapln.dll 2013-04-10 10:23:05 47616 ----a-w- c:\users\carmenpeter\rpau3260.dll 2013-04-10 10:22:54 30816 ----a-w- c:\users\carmenpeter\rndevicedbbuilder.exe 2013-04-10 10:22:53 87552 ----a-w- c:\users\carmenpeter\hxaudiodevicehook.dll 2013-04-10 10:22:53 86016 ----a-w- c:\users\carmenpeter\rpplugprot.dll 2013-04-10 10:22:53 112248 ----a-w- c:\users\carmenpeter\rdsf3260.dll 2013-04-10 10:22:52 71280 ----a-w- c:\users\carmenpeter\rpshell.dll 2013-04-10 10:22:49 9216 ----a-w- c:\users\carmenpeter\realjbox.exe 2013-04-10 10:22:49 17528 ----a-w- c:\users\carmenpeter\rphelperapp.exe 2013-04-10 10:22:48 501328 ----a-w- c:\users\carmenpeter\realplay.exe 2013-04-10 10:22:32 499712 ----a-w- c:\windows\system32\msvcp71.dll 2013-04-10 10:22:32 348160 ----a-w- c:\windows\system32\msvcr71.dll 2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 7:17:47.52 ===============
  10. Hi, A couple weeks ago I noticed a short cut item called White Trader that appeared on my desktop. Simultaneously, a pop-up message appeared on my toolbar informing me that I haven't used White Trader in a while. Simultaneously, I noticed that my Norton Antivirus program had been turned off, and it had not run live update for several days. When I tried to manually run live update, it failed. Here is a list of observations and measures I have taken before turning to you for help: - The White Trader icon keeps appearing when I start up, even though I delete it. - The White Trader pop-up message kept showing up upon start up, until recently. - My internet usage has been hampered. It is slow. Some site content would not properly load. Some sites would not load at all. - My ability to download files has been hampered. I mentioned that Norton's Live Update would not download. - I was able to get Norton's updates to load upon restarting. A scan with Norton detected no problem. However, the problems above continued. - I googled "White Trader Pop-up" which led me to a site that recommended I try Malwarebytes. - I was unable to download the free trial version of MWB (same as with Norton) on my infected computer, so I downloaded it to a non-infected computer and transferred it via thumbdrive. - The MWB definitions were 78 days out date; a scan with these definitions detected nothing. - Upon restarting my computer, I was able to update the MWB definitions, and a subsequent full system scan found and quarantined Trojan.Agent.Ed -I restarted the computer and the White Trader shortcut icon and pop-up still showed up. -I keep getting messages that say Malwarebytes “Successfully blocked access to a potentially malicious website: 95.211.194.79 Type: Outgoing Port 60551 Process: svchost" -Googling eventually led me to I’m infected - what do I do now. -I’ve been following the instructions from the latter page and tried downloading dds.scr. However, this download failed, and I had to download to a thumbdrive using a second computer and load it onto the infected computer. - I am attaching the two files created by dds.scr I am concerned that the continually repeated message message about blocking a malicious site means I still have a problem (it happens every minute or so). Also, the White Trader icon still shows up on my desktop when I restart, but the pop-up cloud message did not show up the last time I restarted. Also, the fact that I had trouble downloading dds.scr concernes me. My webbrowsing might be a little slow, but I do not seem to have problems loading content or site (yet?). Can you help me eliminate the White Trader shorcut icon, stop my computer from trying to contact malicious websites, and restore my ability to download stuff? attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.