TheChicken

I think I'm good now, MrC. Again, thank you for all of your excellent help. In appreciation, paypal has been sent. best regards, TC

hello MrC; when trying to uninstall combofix, which I did use, from the run box as you suggested, I am getting the message that it can not be found ant to make sure I am spelling it correctly which I copied it from your post above, including the space between the "x" and "/". Just want to make sure that this is okay since I did use it - maybe it disappeared due to some of the other utilities I used after it? I did perform the OTC successfully. and finally, I did remove the remaining couple of desktop icons which were just notepad text files, except for one which I want to ask you about. mbar is not listed in my control panel programs and it has more of a file look when double clicked containing 18 items including things like: read me data license plug ins language mbar mbamnet qt4dll etc etc etc How should I proceed to delete this - can it be done by right clicking and delete or will that leave parts of it behind? or does it really matter? thank you. TC

MrC; I saw the Pandora in my programs folder and uninstalled it. since doing so, the inproxy.exe warning has also not popped up so maybe these two were associated. I think you have led me and my pc out of the woods. unpleasant woods! What may be my final question for you is should I delete mbar, dds, attach, RK quarantine and RK Report all of which are all listed on my desktop? and, if so, is there any particular procedure to do this? Is right clicking each icon and deleting enough or do I need to hunt them down in control panel "programs"? Thank you MrC for hanging in with me and seeing me all the way through this virus. This site is an incredible resource and is very appreciated by myself, and I'm sure, *many* others. I will be making a donation to further show my appreciation for your kind help. best regards, Brian aka The Chicken

is there anything further I need to do? Is that popup going to keep on - glad it indicates it's doing its job. can the source be cleaned off mt pc? thx! TC

it says they are being successfully blocked by malwarebytes anti-malware

the other one just popped up. it is improxy.exe TC

WOW!!!!!!!!!!!!!!!!! Progress!!!! this personalization to basic has replaced almost all of what was missing. Am I virus free yet? I do still have the malware anti-malware alert popping up regularly indicating it has successfully blocked access to a potentially malicious site. the one I remember was Pandora.exe and there has been another name which I don't recall. Either shows website 111.111.111.111 I think we're on the home stretch. thank you *very much*. TC

# AdwCleaner v3.001 - Report created 01/09/2013 at 13:09:23 # Updated 24/08/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Brian Carroll - BRIANCARROLL # Running from : C:\Users\Brian Carroll\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MV80BBAX\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Brian Carroll\AppData\Roaming\Systweak File Deleted : C:\Windows\System32\roboot64.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photoimpact-x3_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photoimpact-x3_RASMANCS Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\PIP Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\systweak ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\Brian Carroll\AppData\Roaming\Mozilla\Firefox\Profiles\gzpb9pao.default\prefs.js ] -\\ Google Chrome v29.0.1547.62 [ File : C:\Users\Brian Carroll\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1587 octets] - [01/09/2013 12:58:12] AdwCleaner[R1].txt - [1647 octets] - [01/09/2013 13:07:45] AdwCleaner[s0].txt - [1468 octets] - [01/09/2013 13:09:23] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1528 octets] ##########

# AdwCleaner v3.001 - Report created 01/09/2013 at 12:58:12 # Updated 24/08/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Brian Carroll - BRIANCARROLL # Running from : C:\Users\Brian Carroll\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RT8P9393\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Windows\System32\roboot64.exe Folder Found C:\Users\Brian Carroll\AppData\Roaming\Systweak ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\PIP Key Found : HKCU\Software\Softonic Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\PIP Key Found : [x64] HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photoimpact-x3_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photoimpact-x3_RASMANCS Key Found : HKLM\Software\PIP Key Found : HKLM\Software\systweak ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\Brian Carroll\AppData\Roaming\Mozilla\Firefox\Profiles\gzpb9pao.default\prefs.js ] -\\ Google Chrome v29.0.1547.62 [ File : C:\Users\Brian Carroll\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1435 octets] - [01/09/2013 12:58:12] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1495 octets] ##########

MrC; I uninstalled old java and downloaded the new java 7 using the link you provided. I also took your advice and uninstalled adobe reader and changed to foxreader via the link you provided. I did the flash test and I I saw a red ball going back and forth across the screen with java text also scrolling in and out so if that's the movie they are referring to, then it checks out okay. However, I am still missing buttons, content as before such as the malwarebytes webpage appearance as shown in the pics I provided from my monitor. No change there. Worth mentioning is that just after running combofix last night, the alert pop-up box(if that's what they call these) stating malwarebytes anti-malware has successfully blocked access to a potentially malicious website 111.111.111.111 had gone away. Now, right after doing these adobe/java/foxit unintalls/installs, that box had reared its head again. thank you. TC

Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 24 Java version out of Date! Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (23.0.1) Google Chrome 29.0.1547.57 Google Chrome 29.0.1547.62 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Trend Micro Client Server Security Agent ntrtscan.exe Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe Trend Micro Client Server Security Agent tmlisten.exe Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe Trend Micro Client Server Security Agent TmProxy.exe Trend Micro Client Server Security Agent TmPfw.exe Trend Micro Client Server Security Agent CNTAoSMgr.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

An example of what I'm dealing with can be seen below. My infected pc has missing info, as you see from this webpage header, the word "malware" is missing as well as many other things when compared to my laptop view as you see in the 2nd pic. It's like this on pretty much all websites I go but is also doing similar views in my other programs such as access, quickbooks, etc. best, TC

It's a new day, I have renewed optimism; maybe today we'll get-r-fixed. Thx for your help thus far. TC

ComboFix 13-08-31.01 - Brian Carroll 08/31/2013 20:45:53.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3977.2296 [GMT -4:00] Running from: c:\users\Brian Carroll\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15MNTQ0L\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Brian Carroll\AppData\Roaming\skype.ini . . ((((((((((((((((((((((((( Files Created from 2013-08-01 to 2013-09-01 ))))))))))))))))))))))))))))))) . . 2013-09-01 00:03 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27C0A548-5D84-4DF3-B6B6-26832EB94813}\mpengine.dll 2013-08-31 22:19 . 2013-08-31 22:19 -------- d-----w- c:\users\Brian Carroll\AppData\Local\Macromedia 2013-08-31 21:12 . 2013-08-31 21:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-08-31 19:23 . 2013-08-31 19:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-08-31 19:23 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-31 18:08 . 2013-08-31 18:08 -------- d-----w- c:\users\Brian Carroll\AppData\Roaming\Malwarebytes 2013-08-31 18:08 . 2013-08-31 18:08 -------- d-----w- c:\programdata\Malwarebytes 2013-08-31 14:30 . 2013-08-31 14:30 -------- d-----w- c:\users\Brian Carroll\AppData\Local\Programs 2013-08-30 22:41 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-30 13:49 . 2013-08-30 13:49 -------- d-----w- c:\programdata\HP 2013-08-29 19:53 . 2013-08-29 19:53 -------- d-----w- c:\users\Brian Carroll\AppData\Local\Mozilla 2013-08-29 19:53 . 2013-08-29 19:53 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-08-29 16:14 . 2012-11-08 03:00 81920 ----a-w- c:\windows\SysWow64\mvusbews.dll 2013-08-29 16:11 . 2013-08-29 16:11 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio 2013-08-29 16:10 . 2013-08-29 16:11 -------- d-----w- C:\LJM1130_M1210_MFP_Full_Solution 2013-08-29 15:06 . 2012-09-29 17:25 74240 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPM1210PP.dll 2013-08-29 15:05 . 2012-11-08 11:00 49152 ----a-w- c:\windows\system32\HPM1210SMs.dll 2013-08-29 15:05 . 2012-09-29 17:26 1366528 ----a-w- c:\windows\system32\HPM1210SM.exe 2013-08-29 15:05 . 2012-09-29 17:25 409088 ----a-w- c:\windows\system32\HPM1210LM.DLL 2013-08-29 15:04 . 2012-11-08 11:00 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll 2013-08-29 15:04 . 2012-11-08 11:00 16896 ----a-w- c:\windows\system32\drivers\HPM1210FAX.sys 2013-08-29 15:03 . 2012-11-08 11:00 89600 ----a-w- c:\windows\system32\m1210wia2.dll 2013-08-29 15:03 . 2012-11-08 11:00 38912 ----a-w- c:\windows\system32\HPImgFlt.dll 2013-08-29 15:00 . 2013-08-29 15:00 -------- d-----w- c:\program files\HP 2013-08-29 14:14 . 2013-08-29 14:14 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2013-08-29 14:04 . 2013-08-29 14:14 -------- d-----w- c:\programdata\HitmanPro 2013-08-22 15:54 . 2013-08-22 15:53 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60B0EBC3-4DAB-4E1C-BB44-8522B13E570F}\gapaengine.dll 2013-08-15 07:12 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll 2013-08-15 07:12 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll 2013-08-14 12:18 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 12:18 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 12:18 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-14 12:18 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-14 12:18 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-14 12:18 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-14 12:18 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-14 12:18 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-14 12:18 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-14 12:18 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-14 12:18 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 12:18 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-31 22:17 . 2012-11-16 12:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-31 22:17 . 2012-11-16 12:28 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-17 02:51 . 2012-10-02 07:14 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-07-09 04:45 . 2013-08-14 12:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-06-05 07:07 . 2013-06-05 07:07 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-06-05 07:07 . 2013-06-05 07:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-06-05 07:07 . 2013-06-05 07:07 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-06-05 07:07 . 2013-06-05 07:07 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-06-05 07:07 . 2013-06-05 07:07 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-06-05 07:07 . 2013-06-05 07:07 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-06-05 07:07 . 2013-06-05 07:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-06-05 07:07 . 2013-06-05 07:07 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-06-05 07:07 . 2013-06-05 07:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-06-05 07:07 . 2013-06-05 07:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-06-05 07:07 . 2013-06-05 07:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-06-05 07:07 . 2013-06-05 07:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-06-05 07:07 . 2013-06-05 07:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-06-05 07:07 . 2013-06-05 07:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-06-05 07:07 . 2013-06-05 07:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-06-05 07:07 . 2013-06-05 07:07 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-06-05 07:07 . 2013-06-05 07:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-06-05 07:07 . 2013-06-05 07:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-06-05 07:07 . 2013-06-05 07:07 216064 ----a-w- c:\windows\system32\msls31.dll 2013-06-05 07:07 . 2013-06-05 07:07 197120 ----a-w- c:\windows\system32\msrating.dll 2013-06-05 07:07 . 2013-06-05 07:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-06-05 07:07 . 2013-06-05 07:07 81408 ----a-w- c:\windows\system32\icardie.dll 2013-06-05 07:07 . 2013-06-05 07:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-06-05 07:07 . 2013-06-05 07:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-06-05 07:07 . 2013-06-05 07:07 441856 ----a-w- c:\windows\system32\html.iec 2013-06-05 07:07 . 2013-06-05 07:07 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-06-05 07:07 . 2013-06-05 07:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-06-05 07:07 . 2013-06-05 07:07 235008 ----a-w- c:\windows\system32\url.dll 2013-06-05 07:07 . 2013-06-05 07:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-06-05 07:07 . 2013-06-05 07:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-06-05 07:07 . 2013-06-05 07:07 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-05 07:07 . 2013-06-05 07:07 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-06-05 07:07 . 2013-06-05 07:07 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-06-05 07:07 . 2013-06-05 07:07 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-06-05 07:07 . 2013-06-05 07:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-06-05 07:07 . 2013-06-05 07:07 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-06-05 07:07 . 2013-06-05 07:07 144896 ----a-w- c:\windows\system32\wextract.exe 2013-06-05 07:07 . 2013-06-05 07:07 102912 ----a-w- c:\windows\system32\inseng.dll 2013-06-05 07:07 . 2013-06-05 07:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-06-05 07:07 . 2013-06-05 07:07 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-06-05 07:07 . 2013-06-05 07:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-06-05 07:07 . 2013-06-05 07:07 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-06-05 07:07 . 2013-06-05 07:07 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-06-05 07:07 . 2013-06-05 07:07 149504 ----a-w- c:\windows\system32\occache.dll 2013-06-05 07:07 . 2013-06-05 07:07 13824 ----a-w- c:\windows\system32\mshta.exe 2013-06-05 07:07 . 2013-06-05 07:07 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-06-05 07:07 . 2013-06-05 07:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-06-05 07:07 . 2013-06-05 07:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-06-05 07:07 . 2013-06-05 07:07 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-06-05 03:34 . 2013-07-10 09:01 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 06:00 . 2013-07-10 08:58 624128 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 04:53 . 2013-07-10 08:58 509440 ----a-w- c:\windows\SysWow64\qedit.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Brian Carroll\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472] "OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1705296] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-03-14 2215768] "Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112] "Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2012-07-31 4407808] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-3-14 5961048] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912] QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE -silent [2012-3-14 1178984] WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2012-8-10 118784] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x] S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x] S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x] S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [x] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x] S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x] S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x] S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x] S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x] S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\Drivers\HPM1210FAX.sys;c:\windows\SYSNATIVE\Drivers\HPM1210FAX.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x] S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [x] S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-30 01:32 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-16 22:17] . 2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 00:35] . 2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 00:35] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-04 2907240] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-09 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-09 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-09 417304] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: ct.gov Trusted Zone: ct.gov\drsbustax Trusted Zone: ct.gov\www TCP: DhcpNameServer = 68.94.156.1 68.94.157.1 FF - ProfilePath - c:\users\Brian Carroll\AppData\Roaming\Mozilla\Firefox\Profiles\gzpb9pao.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) AddRemove-Advanced System Protector_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe c:\program files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Java\Java Update\jusched.exe . ************************************************************************** . Completion time: 2013-08-31 20:56:21 - machine was rebooted ComboFix-quarantined-files.txt 2013-09-01 00:56 . Pre-Run: 238,134,898,688 bytes free Post-Run: 238,714,884,096 bytes free . - - End Of File - - 51F7715ABBC91C1A4B74E2AB83D505A9

I am readybto try this but for two questions: 1. I did not see how to disable the malwarebytes anti-malware program I now have on my desktop. I tried uopening it to have a look to see how but it's not obvious. 2. I do not know how to disable windows firewall - didn't see that in the directions either. please let me know and I'll do that and start the combofix. worth mentioning is that when I became suspicious of the malwarebytes anti-malware that is now on my desktop (from the direct link you provided me, I tried to verify the security certificate and it show that it has expired in June 2013. Please comment as to whether this should be of concern. From the perspective of the guy with the injured pc, that certificate being expired doesn't inspire confidence. Please do comment on this. thanks, TC

Am I getting paranoid or what? I have an errand to run and so I figured I would go to my desktop icon and click open the malwarebytes anti-malware program so I can do a full scan since I'm gonna be out for a little while. When I ckick it, now it has a box coming up that basically asks if I want to allow this program to make changes to my computer. I just wanted the program to open like it did earlier so I could initiate a scan. Is it supposed to now be showing the pop up box I described asking me to allow this program to change my pc? btw, the 'blocking access to a potentially malicious website' warning has popped uptwice as I'm typing this message. please advise - TC

I hasve now run the fixdamage.exe file and still am having a problem with some missing buttons although there has been slight improvement. worth mentioning is that everything I try to open is causing an alert to pop up from malwarebytes anti-malware stating it has successfully blocked access to a potentially malicious website 111.111.111.111 then something about port 49182 pandoraservice.exe then I saw port 50020 pandoraservice.exe then I saw port 50940 pandoraservice.exe - you get the idea, the port # changes each time but the rest is always the same. Please advise on a possible next move. And, seriously, thank you for you help. TC

below are the 1st scan results from from the anti-rootweb folder. no threats found. I assume since no cleanup is needed then no need to perform a 2nd scan, right? I will now go to the anti-rootkit folder and run the fixdamage.exe file as you suggested. will share those results shortly. thank you. TC Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.31.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Brian Carroll :: BRIANCARROLL [administrator] Protection: Disabled 8/31/2013 3:49:26 PM mbam-log-2013-08-31 (15-49-26).txt Scan type: Full scan (C:\|F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 382021 Time elapsed: 39 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

further possible good news is that after I removed the aro2013 via my control panel uninstall feature, I went to reopen my malwarebytes desktop icon to perform another scan and something popped up when I clicked the icon - it was called Mem Turbo 4. It looked like it wanted to do a scan also but I quickly clicked out of it and deleted it, also from the control panel. Also, I thought as long as I'm there, I deleted the malwarebytes program and then reinstalled it right away with the direct link you provided and I ran another scan after download. the result was no malicious items found - see below. I still have the isssues of missing buttons, etc., that I listed in my original post. pls let me know what to do next. thx, TC Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.31.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Brian Carroll :: BRIANCARROLL [administrator] Protection: Disabled 8/31/2013 3:25:08 PM mbam-log-2013-08-31 (15-25-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231295 Time elapsed: 5 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

MrC; okay, it looks like I was able to uninstall aro2013 from my control panel. After which, a window popped up saying ARO2013 successfully removed. Please let me know what to do next. TC

First I have done the malwarebytes scan from the link you just provided - see results below. I will now see if I can figure out the removal of that other scan I loaded when I was redirected to cnet. Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Brian Carroll :: BRIANCARROLL [administrator] Protection: Enabled 8/31/2013 2:10:30 PM MBAM-log-2013-08-31 (14-16-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231000 Time elapsed: 3 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Brian Carroll\AppData\Local\Temp\jar_cache77415517747957438.tmp (Trojan.Ransom) -> No action taken. C:\Users\Brian Carroll\AppData\Local\Temp\KMP_3.6.0.87.exe (PUP.Optional.Softonic) -> No action taken. (end)

I may be using wrong terminology but in your 1st reply to this thread you said I should start "here" with a link attached to the word "here". when I went there the 1st thing recommended was to do the scan which when clicked took me to cnet download for aro2013, which I did. I hope I did what I was supposed to, thought this was your recommendation. please advise. TC

MrC; An fyi; The 1st scan you had me do, the aro2013, this free trial fixed 50 errors, however, there are another 977 errors listed which did not get fixed. Should I get the $24.95 version and proceed to repair those or should I hold off for the moment. thank you. TC

MrC: here is the RK report TC RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Brian Carroll [Admin rights] Mode : Scan -- Date : 08/31/2013 11:06:26 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAKX-753CA1 +++++ --- User --- [MBR] f2db8021e812a332a6b35d23f19acab0 [bSP] d1bb0450be0758aa2927623330157954 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15516 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31858688 | Size: 289688 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD3200AAKX-753CA1 +++++ --- User --- [MBR] b2247d3b81b0d393d60d8f43598708a7 [bSP] 2f6b85d256594f4c3a3709bde9ca8996 : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 610477 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_08312013_110626.txt >>