PDA

View Full Version : Please help with browser redirect virus


Adamtwo
2013-01-29, 00:28
Hi all,

Started with Google selections redirected to other locations, then other search engines started doing it too. Lately browser itself seemed unstable (one time rapidly opening new windows almost as fast as I could close them).
Tried Kaspersky online scanner and Malawarebytes, then installed Norton 360. Infection still there. Thank you in advance, however this goes! Logs to follow:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Parents at 17:45:39 on 2013-01-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1917 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\IB Updater\ExtensionUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\System32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
BHO: Deal Vault: {11111111-1111-1111-1111-110111981166} - c:\program files\deal vault\Deal Vault.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.2.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.2.1.22\ips\ipsbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.2.1.22\coieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [Hewlett-Packard] rundll32 "c:\users\parents\appdata\local\hp\hewlett-packard\ticle.dll",NVCoInstallerW
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
StartupFolder: c:\users\parents\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\parents\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{927B7D6A-1939-4D25-93D7-E2F8D36D8DDB} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402010.016\symds.sys [2013-1-25 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402010.016\symefa.sys [2013-1-25 927904]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130116.013\BHDrvx86.sys [2013-1-16 997464]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1402010.016\ccsetx86.sys [2013-1-25 134304]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130124.001\IDSvix86.sys [2013-1-24 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402010.016\ironx86.sys [2013-1-25 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1402010.016\symtdiv.sys [2013-1-25 350368]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-11-10 21504]
R2 IB Updater;IB Updater;c:\program files\ib updater\ExtensionUpdaterService.exe [2013-1-24 188760]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-24 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-24 682344]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.2.1.22\ccsvchst.exe [2013-1-25 143928]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-11-11 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-1-24 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-24 21104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-01-25 05:25:47 350368 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symtdiv.sys
2013-01-25 05:25:47 338592 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symnets.sys
2013-01-25 05:25:47 21400 ----a-r- c:\windows\system32\drivers\n360\1402010.016\symelam.sys
2013-01-25 05:25:46 927904 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symefa.sys
2013-01-25 05:25:46 586400 ----a-w- c:\windows\system32\drivers\n360\1402010.016\srtsp.sys
2013-01-25 05:25:46 368288 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symds.sys
2013-01-25 05:25:46 32888 ----a-r- c:\windows\system32\drivers\n360\1402010.016\srtspx.sys
2013-01-25 05:25:46 175264 ----a-w- c:\windows\system32\drivers\n360\1402010.016\ironx86.sys
2013-01-25 05:25:45 134304 ----a-w- c:\windows\system32\drivers\n360\1402010.016\ccsetx86.sys
2013-01-25 05:24:58 9103 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symvtcer.dat
2013-01-25 05:24:58 -------- d-----w- c:\windows\system32\drivers\n360\1402010.016
2013-01-25 02:20:25 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-01-25 02:20:25 -------- d-----w- c:\program files\Symantec
2013-01-25 02:18:42 -------- d-----w- c:\windows\system32\drivers\N360
2013-01-25 02:18:28 -------- d-----w- c:\program files\Norton 360
2013-01-25 02:18:27 -------- d-----w- c:\programdata\Norton
2013-01-25 02:14:04 -------- d-----w- c:\programdata\NortonInstaller
2013-01-25 02:14:04 -------- d-----w- c:\program files\NortonInstaller
2013-01-24 23:46:22 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-24 23:46:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-24 23:46:02 -------- d-----w- c:\users\parents\appdata\local\Threat Expert
2013-01-24 23:45:46 -------- d-----w- c:\users\parents\appdata\local\Deal Vault
2013-01-24 23:45:34 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-01-24 23:45:34 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-01-24 23:45:34 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-01-24 23:45:34 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-01-24 23:45:34 -------- d-----w- c:\windows\system32\ARFC
2013-01-24 23:45:33 -------- d-----w- c:\windows\system32\WNLT
2013-01-24 23:45:33 -------- d-----w- c:\users\parents\appdata\local\Updater19866
2013-01-24 23:45:29 -------- d-----w- c:\program files\IB Updater
2013-01-24 23:45:18 -------- d-----w- c:\program files\Deal Vault
2013-01-24 23:03:56 -------- d-----w- c:\program files\PC Tools
2013-01-24 22:59:24 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2013-01-24 22:59:24 -------- d-----w- c:\program files\common files\PC Tools
2013-01-24 22:58:59 -------- d-----w- c:\users\parents\appdata\roaming\TestApp
2013-01-24 22:58:59 -------- d-----w- c:\programdata\PC Tools
2013-01-24 01:09:35 -------- d-----w- c:\program files\Citrix
2013-01-24 01:09:19 60864 ----a-w- c:\users\parents\g2mdlhlpx.exe
2013-01-22 13:21:15 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0725835c-8f22-40e4-bb69-b835b8a30434}\mpengine.dll
2013-01-09 02:26:17 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 02:25:59 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 02:25:58 1400832 ----a-w- c:\windows\system32\msxml6.dll
.
==================== Find3M ====================
.
2013-01-09 00:02:16 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 00:02:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-11 13:36:58 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-11 13:36:58 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-10 23:57:41 98816 ----a-w- c:\windows\system32\mfps.dll
2012-11-10 14:11:57 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2012-11-10 14:11:57 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2012-11-10 12:46:50 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-11-10 12:46:48 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-11-10 08:34:15 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-11-10 08:34:15 272896 ----a-w- c:\windows\system32\polstore.dll
2012-11-10 08:32:25 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-11-10 08:32:25 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-11-10 08:32:25 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-11-10 08:32:25 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-11-10 08:32:25 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-11-10 08:32:25 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-11-10 08:32:25 105984 ----a-w- c:\windows\system32\netiohlp.dll
2012-11-10 08:32:25 10240 ----a-w- c:\windows\system32\finger.exe
2012-11-10 08:30:56 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2012-11-10 08:30:55 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2012-11-10 08:30:55 65024 ----a-w- c:\windows\system32\wlanapi.dll
2012-11-10 08:30:55 513536 ----a-w- c:\windows\system32\wlansvc.dll
2012-11-10 08:30:55 302592 ----a-w- c:\windows\system32\wlansec.dll
2012-11-10 08:30:55 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2012-11-10 08:30:54 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2012-11-10 08:30:16 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-11-10 08:30:15 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-11-10 08:29:34 218624 ----a-w- c:\windows\system32\msv1_0.dll
2012-11-10 08:28:14 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2012-11-10 08:28:14 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-11-10 08:28:14 2048 ----a-w- c:\windows\system32\mferror.dll
2012-11-10 08:24:32 71680 ----a-w- c:\windows\system32\atl.dll
2012-11-10 08:21:37 160256 ----a-w- c:\windows\system32\wkssvc.dll
2012-11-10 08:20:57 53248 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-10 08:20:57 136192 ----a-w- c:\windows\system32\aaclient.dll
2012-11-10 08:14:09 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-11-10 08:14:09 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-11-10 08:12:36 6656 ----a-w- c:\windows\system32\kbd106n.dll
2012-11-10 08:11:29 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-11-10 08:11:29 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-11-10 08:10:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-10 08:10:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-11-10 08:10:54 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-10 08:10:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2012-11-10 08:09:54 98304 ----a-w- c:\windows\system32\cabview.dll
2012-11-10 08:09:39 37888 ----a-w- c:\windows\system32\printcom.dll
2012-11-10 08:09:11 14848 ----a-w- c:\windows\system32\wshrm.dll
2012-11-10 08:08:53 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-11-10 08:08:53 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-11-10 08:08:53 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-11-10 08:08:52 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-11-10 08:08:52 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-11-10 08:08:52 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-11-10 08:07:17 84480 ----a-w- c:\windows\system32\INETRES.dll
2012-11-10 08:06:56 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-11-10 08:06:28 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-11-10 08:06:28 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-11-10 08:06:28 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-11-10 08:05:10 243712 ----a-w- c:\windows\system32\rastls.dll
2012-11-10 08:04:56 355328 ----a-w- c:\windows\system32\WSDApi.dll
2012-11-10 08:04:11 91136 ----a-w- c:\windows\system32\avifil32.dll
2012-11-10 08:04:11 82944 ----a-w- c:\windows\system32\mciavi32.dll
2012-11-10 08:04:11 65024 ----a-w- c:\windows\system32\avicap32.dll
2012-11-10 08:04:11 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2012-11-10 08:04:11 31744 ----a-w- c:\windows\system32\msvidc32.dll
2012-11-10 08:04:11 22528 ----a-w- c:\windows\system32\msyuv.dll
2012-11-10 08:04:11 13312 ----a-w- c:\windows\system32\msrle32.dll
2012-11-10 08:04:11 123904 ----a-w- c:\windows\system32\msvfw32.dll
2012-11-10 08:04:11 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
.
============= FINISH: 17:46:33.87 ===============


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-28 18:04:03
-----------------------------
18:04:03.933 OS Version: Windows 6.0.6002 Service Pack 2
18:04:03.933 Number of processors: 2 586 0xF02
18:04:03.933 ComputerName: HPVISTA-PC UserName: Parents
18:04:08.254 Initialize success
18:06:00.495 AVAST engine defs: 13012800
18:06:04.317 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-0
18:06:04.317 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA50E Size: 476940MB BusType: 3
18:06:04.333 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
18:06:04.333 Disk 1 Vendor: Hitachi_HDT725032VLA360 V54OA52A Size: 305245MB BusType: 3
18:06:04.349 Disk 0 MBR read successfully
18:06:04.349 Disk 0 MBR scan
18:06:04.364 Disk 0 unknown MBR code
18:06:04.364 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 459640 MB offset 63
18:06:04.411 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 17296 MB offset 941344740
18:06:04.442 Disk 0 scanning sectors +976768065
18:06:04.583 Disk 0 scanning C:\Windows\system32\drivers
18:06:18.108 Service scanning
18:06:44.269 Modules scanning
18:06:53.067 Disk 0 trace - called modules:
18:06:53.083 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
18:06:53.099 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86013ac8]
18:06:53.114 3 CLASSPNP.SYS[8b1a38b3] -> nt!IofCallDriver -> [0x856d2918]
18:06:53.114 5 acpi.sys[822a26bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-0[0x856d5030]
18:06:54.487 AVAST engine scan C:\Windows
18:06:57.389 AVAST engine scan C:\Windows\system32
18:09:52.903 AVAST engine scan C:\Windows\system32\drivers
18:10:07.302 AVAST engine scan C:\Users\Parents
18:10:10.999 File: C:\Users\Parents\AppData\Local\HP\Hewlett-Packard\ticle.dll **INFECTED** Win32:BHO-AJG [Trj]
18:11:23.305 Disk 0 MBR has been saved successfully to "C:\Users\Parents\Desktop\MBR.dat"
18:11:23.320 The log file has been saved successfully to "C:\Users\Parents\Desktop\aswMBRlog.txt"
Blade81
2013-02-05, 21:13
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Adamtwo
2013-02-07, 00:15
Hi Blade81, thanks for taking my case...

ComboFix log:

ComboFix 13-02-06.01 - Parents 02/06/2013 17:52:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2068 [GMT -5:00]
Running from: c:\users\Parents\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Parents\AppData\Local\HP\Hewlett-Packard\ticle.dll
c:\users\Parents\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 )))))))))))))))))))))))))))))))
.
.
2013-01-28 22:31 . 2013-01-28 22:32 -------- d-----w- c:\program files\ERUNT
2013-01-25 02:20 . 2013-01-25 02:20 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-01-25 02:20 . 2013-01-25 02:20 -------- d-----w- c:\program files\Symantec
2013-01-25 02:18 . 2013-01-25 13:40 -------- d-----w- c:\windows\system32\drivers\N360
2013-01-25 02:18 . 2013-01-25 02:18 -------- d-----w- c:\program files\Norton 360
2013-01-25 02:18 . 2013-01-25 02:20 -------- d-----w- c:\programdata\Norton
2013-01-25 02:14 . 2013-01-25 02:14 -------- d-----w- c:\program files\NortonInstaller
2013-01-24 23:46 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-24 23:46 . 2013-01-24 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-24 23:46 . 2013-01-24 23:46 -------- d-----w- c:\users\Parents\AppData\Local\Threat Expert
2013-01-24 23:45 . 2013-01-24 23:45 -------- d-----w- c:\users\Parents\AppData\Local\Deal Vault
2013-01-24 23:45 . 2013-01-24 23:45 450 ----a-w- C:\user.js
2013-01-24 23:45 . 2013-01-24 23:45 -------- d-----w- c:\windows\system32\ARFC
2013-01-24 23:45 . 2012-10-02 15:18 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-01-24 23:45 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-01-24 23:45 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-01-24 23:45 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-01-24 23:45 . 2013-01-25 02:02 -------- d-----w- c:\windows\system32\WNLT
2013-01-24 23:45 . 2013-01-24 23:45 -------- d-----w- c:\users\Parents\AppData\Local\Updater19866
2013-01-24 23:45 . 2013-01-24 23:45 -------- d-----w- c:\program files\IB Updater
2013-01-24 23:45 . 2013-01-24 23:45 -------- d-----w- c:\program files\Deal Vault
2013-01-24 23:03 . 2013-01-24 23:03 -------- d-----w- c:\program files\PC Tools
2013-01-24 22:59 . 2013-01-25 02:16 -------- d-----w- c:\program files\Common Files\PC Tools
2013-01-24 22:59 . 2012-11-01 20:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2013-01-24 22:58 . 2013-01-25 02:14 -------- d-----w- c:\programdata\PC Tools
2013-01-24 22:58 . 2013-01-24 22:58 -------- d-----w- c:\users\Parents\AppData\Roaming\TestApp
2013-01-24 01:09 . 2013-01-24 01:09 -------- d-----w- c:\program files\Citrix
2013-01-22 13:21 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0725835C-8F22-40E4-BB69-B835B8A30434}\mpengine.dll
2013-01-09 02:26 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 02:25 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 02:25 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 00:02 . 2012-11-11 13:37 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 00:02 . 2012-11-11 13:37 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 13:12 . 2012-12-22 06:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 06:05 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-14 02:09 . 2012-12-13 08:23 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 08:23 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 08:23 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 08:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 08:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 08:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-12 10:34 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-11 13:36 . 2012-11-11 13:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-11 13:36 . 2012-11-11 13:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-10 23:58 . 2012-11-10 23:58 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-10 23:58 . 2012-11-10 23:58 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-11-10 23:58 . 2012-11-10 23:58 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-11-10 23:58 . 2012-11-10 23:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-11-10 23:58 . 2012-11-10 23:58 161792 ----a-w- c:\windows\system32\msls31.dll
2012-11-10 23:58 . 2012-11-10 23:58 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-11-10 23:58 . 2012-11-10 23:58 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-11-10 23:58 . 2012-11-10 23:58 367104 ----a-w- c:\windows\system32\html.iec
2012-11-10 23:58 . 2012-11-10 23:58 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-10 23:58 . 2012-11-10 23:58 152064 ----a-w- c:\windows\system32\wextract.exe
2012-11-10 23:58 . 2012-11-10 23:58 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-11-10 23:58 . 2012-11-10 23:58 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-11-10 23:58 . 2012-11-10 23:58 11776 ----a-w- c:\windows\system32\mshta.exe
2012-11-10 23:58 . 2012-11-10 23:58 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-11-10 23:58 . 2012-11-10 23:58 101888 ----a-w- c:\windows\system32\admparse.dll
2012-11-10 23:57 . 2012-11-10 23:57 98816 ----a-w- c:\windows\system32\mfps.dll
2012-11-10 23:57 . 2012-11-10 23:57 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-11-10 23:57 . 2012-11-10 23:57 586240 ----a-w- c:\windows\system32\stobject.dll
2012-11-10 23:57 . 2012-11-10 23:57 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-11-10 23:57 . 2012-11-10 23:57 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-11-10 23:57 . 2012-11-10 23:57 2873344 ----a-w- c:\windows\system32\mf.dll
2012-11-10 23:57 . 2012-11-10 23:57 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-11-10 23:57 . 2012-11-10 23:57 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-11-10 23:57 . 2012-11-10 23:57 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-11-10 23:57 . 2012-11-10 23:57 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-11-10 23:57 . 2012-11-10 23:57 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-11-10 23:57 . 2012-11-10 23:57 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-11-10 23:57 . 2012-11-10 23:57 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-11-10 23:57 . 2012-11-10 23:57 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-11-10 23:57 . 2012-11-10 23:57 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-11-10 23:57 . 2012-11-10 23:57 37376 ----a-w- c:\windows\system32\cdd.dll
2012-11-10 23:57 . 2012-11-10 23:57 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-11-10 23:57 . 2012-11-10 23:57 258048 ----a-w- c:\windows\system32\winspool.drv
2012-11-10 23:57 . 2012-11-10 23:57 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-11-10 23:57 . 2012-11-10 23:57 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-11-10 23:57 . 2012-11-10 23:57 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-11-10 23:57 . 2012-11-10 23:57 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-11-10 23:57 . 2012-11-10 23:57 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-11-10 23:57 . 2012-11-10 23:57 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-11-10 23:57 . 2012-11-10 23:57 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-11-10 23:57 . 2012-11-10 23:57 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-11-10 23:57 . 2012-11-10 23:57 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-11-10 23:57 . 2012-11-10 23:57 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-11-10 14:11 . 2007-06-16 03:49 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2012-11-10 14:11 . 2007-06-16 03:49 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2012-11-10 12:46 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-11-10 12:46 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-11-10 08:34 . 2012-11-10 08:34 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-11-10 08:34 . 2012-11-10 08:34 272896 ----a-w- c:\windows\system32\polstore.dll
2012-11-10 08:32 . 2012-11-10 08:32 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-11-10 08:32 . 2012-11-10 08:32 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-11-10 08:32 . 2012-11-10 08:32 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-11-10 08:32 . 2012-11-10 08:32 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-11-10 08:32 . 2012-11-10 08:32 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-11-10 08:32 . 2012-11-10 08:32 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-11-10 08:32 . 2012-11-10 08:32 105984 ----a-w- c:\windows\system32\netiohlp.dll
2012-11-10 08:32 . 2012-11-10 08:32 10240 ----a-w- c:\windows\system32\finger.exe
2012-11-10 08:30 . 2012-11-10 08:30 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2012-11-10 08:30 . 2012-11-10 08:30 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2012-11-10 08:30 . 2012-11-10 08:30 65024 ----a-w- c:\windows\system32\wlanapi.dll
2012-11-10 08:30 . 2012-11-10 08:30 513536 ----a-w- c:\windows\system32\wlansvc.dll
2012-11-10 08:30 . 2012-11-10 08:30 302592 ----a-w- c:\windows\system32\wlansec.dll
2012-11-10 08:30 . 2012-11-10 08:30 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2012-11-10 08:30 . 2012-11-10 08:30 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2012-11-10 08:30 . 2012-11-10 08:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-11-10 08:30 . 2012-11-10 08:30 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-11-10 08:29 . 2012-11-10 08:29 218624 ----a-w- c:\windows\system32\msv1_0.dll
2012-11-10 08:28 . 2012-11-10 08:28 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2012-11-10 08:28 . 2012-11-10 08:28 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-11-10 08:28 . 2012-11-10 08:28 2048 ----a-w- c:\windows\system32\mferror.dll
2012-11-10 08:24 . 2012-11-10 08:24 71680 ----a-w- c:\windows\system32\atl.dll
2012-11-10 08:21 . 2012-11-10 08:21 160256 ----a-w- c:\windows\system32\wkssvc.dll
2012-11-10 08:20 . 2012-11-10 08:20 53248 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-10 08:20 . 2012-11-10 08:20 136192 ----a-w- c:\windows\system32\aaclient.dll
2012-11-10 08:14 . 2012-11-10 08:14 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-11-10 08:14 . 2012-11-10 08:14 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-11-10 08:12 . 2012-11-10 08:12 6656 ----a-w- c:\windows\system32\kbd106n.dll
2012-11-10 08:11 . 2012-11-10 08:11 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-11-10 08:11 . 2012-11-10 08:11 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-11-10 08:10 . 2012-11-10 08:10 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-10 08:10 . 2012-11-10 08:10 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-11-10 08:10 . 2012-11-10 08:10 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-10 08:10 . 2012-11-10 08:10 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2012-11-10 08:09 . 2012-11-10 08:09 98304 ----a-w- c:\windows\system32\cabview.dll
2012-11-10 08:09 . 2012-11-10 08:09 37888 ----a-w- c:\windows\system32\printcom.dll
2012-11-10 08:09 . 2012-11-10 08:09 14848 ----a-w- c:\windows\system32\wshrm.dll
2012-11-10 08:08 . 2012-11-10 08:08 43520 ----a-w- c:\windows\system32\msdxm.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-07 180224]
"CTXFIREG"="CTxfiReg.exe" [2006-12-12 44032]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-02 44168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-12-12 28672]
.
c:\users\Parents\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Monitor Ink Alerts - HP Officejet 6100.lnk - c:\windows\system32\RunDll32.exe [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2007-6-15 34520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-11 00:02]
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-10 03:00]
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-10 03:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drudgereport.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKCU-Run-Hewlett-Packard - c:\users\Parents\AppData\Local\HP\Hewlett-Packard\ticle.dll
SafeBoot-15175459.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-06 18:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-02-06 18:04:33
ComboFix-quarantined-files.txt 2013-02-06 23:04
.
Pre-Run: 380,109,492,224 bytes free
Post-Run: 380,027,260,928 bytes free
.
- - End Of File - - A54AEBD6E7AE24CBD9983A557FAAB819


New DDS log:


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Parents at 18:10:54 on 2013-02-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2016 [GMT -5:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.2.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.2.1.22\ips\ipsbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.2.1.22\coieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
StartupFolder: c:\users\parents\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\parents\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{927B7D6A-1939-4D25-93D7-E2F8D36D8DDB} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402010.016\symds.sys [2013-1-25 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402010.016\symefa.sys [2013-1-25 927904]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130116.013\BHDrvx86.sys [2013-1-16 997464]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1402010.016\ccsetx86.sys [2013-1-25 134304]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130205.001\IDSvix86.sys [2013-2-5 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402010.016\ironx86.sys [2013-1-25 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1402010.016\symtdiv.sys [2013-1-25 350368]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-11-10 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-24 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-24 682344]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.2.1.22\ccsvchst.exe [2013-1-25 143928]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-11-11 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-1-24 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-24 21104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IB Updater;IB Updater;c:\program files\ib updater\ExtensionUpdaterService.exe [2013-1-24 188760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .com: Applications\iexplore.exe="c:\program files\internet explorer\iexplore.exe" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-06 23:04:42 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-06 23:04:36 -------- d-----w- c:\users\parents\appdata\local\temp
2013-02-06 22:50:47 98816 ----a-w- c:\windows\sed.exe
2013-02-06 22:50:47 256000 ----a-w- c:\windows\PEV.exe
2013-02-06 22:50:47 208896 ----a-w- c:\windows\MBR.exe
2013-01-25 05:25:47 350368 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symtdiv.sys
2013-01-25 05:25:47 338592 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symnets.sys
2013-01-25 05:25:47 21400 ----a-r- c:\windows\system32\drivers\n360\1402010.016\symelam.sys
2013-01-25 05:25:46 927904 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symefa.sys
2013-01-25 05:25:46 586400 ----a-w- c:\windows\system32\drivers\n360\1402010.016\srtsp.sys
2013-01-25 05:25:46 368288 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symds.sys
2013-01-25 05:25:46 32888 ----a-r- c:\windows\system32\drivers\n360\1402010.016\srtspx.sys
2013-01-25 05:25:46 175264 ----a-w- c:\windows\system32\drivers\n360\1402010.016\ironx86.sys
2013-01-25 05:25:45 134304 ----a-w- c:\windows\system32\drivers\n360\1402010.016\ccsetx86.sys
2013-01-25 05:24:58 9103 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symvtcer.dat
2013-01-25 05:24:58 -------- d-----w- c:\windows\system32\drivers\n360\1402010.016
2013-01-25 02:20:25 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-01-25 02:20:25 -------- d-----w- c:\program files\Symantec
2013-01-25 02:18:42 -------- d-----w- c:\windows\system32\drivers\N360
2013-01-25 02:18:28 -------- d-----w- c:\program files\Norton 360
2013-01-25 02:18:27 -------- d-----w- c:\programdata\Norton
2013-01-25 02:14:04 -------- d-----w- c:\programdata\NortonInstaller
2013-01-25 02:14:04 -------- d-----w- c:\program files\NortonInstaller
2013-01-24 23:46:22 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-24 23:46:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-24 23:46:02 -------- d-----w- c:\users\parents\appdata\local\Threat Expert
2013-01-24 23:45:46 -------- d-----w- c:\users\parents\appdata\local\Deal Vault
2013-01-24 23:45:34 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-01-24 23:45:34 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-01-24 23:45:34 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-01-24 23:45:34 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-01-24 23:45:34 -------- d-----w- c:\windows\system32\ARFC
2013-01-24 23:45:33 -------- d-----w- c:\windows\system32\WNLT
2013-01-24 23:45:33 -------- d-----w- c:\users\parents\appdata\local\Updater19866
2013-01-24 23:45:29 -------- d-----w- c:\program files\IB Updater
2013-01-24 23:45:18 -------- d-----w- c:\program files\Deal Vault
2013-01-24 23:03:56 -------- d-----w- c:\program files\PC Tools
2013-01-24 22:59:24 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2013-01-24 22:59:24 -------- d-----w- c:\program files\common files\PC Tools
2013-01-24 22:58:59 -------- d-----w- c:\users\parents\appdata\roaming\TestApp
2013-01-24 22:58:59 -------- d-----w- c:\programdata\PC Tools
2013-01-24 01:09:35 -------- d-----w- c:\program files\Citrix
2013-01-22 13:21:15 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0725835c-8f22-40e4-bb69-b835b8a30434}\mpengine.dll
2013-01-09 02:26:17 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 02:25:59 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 02:25:58 1400832 ----a-w- c:\windows\system32\msxml6.dll
.
==================== Find3M ====================
.
2013-01-09 00:02:16 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 00:02:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-11 13:36:58 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-11 13:36:58 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-10 23:57:41 98816 ----a-w- c:\windows\system32\mfps.dll
2012-11-10 14:11:57 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2012-11-10 14:11:57 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2012-11-10 12:46:50 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-11-10 12:46:48 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-11-10 08:34:15 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-11-10 08:34:15 272896 ----a-w- c:\windows\system32\polstore.dll
2012-11-10 08:32:25 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-11-10 08:32:25 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-11-10 08:32:25 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-11-10 08:32:25 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-11-10 08:32:25 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-11-10 08:32:25 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-11-10 08:32:25 105984 ----a-w- c:\windows\system32\netiohlp.dll
2012-11-10 08:32:25 10240 ----a-w- c:\windows\system32\finger.exe
2012-11-10 08:30:56 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2012-11-10 08:30:55 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2012-11-10 08:30:55 65024 ----a-w- c:\windows\system32\wlanapi.dll
2012-11-10 08:30:55 513536 ----a-w- c:\windows\system32\wlansvc.dll
2012-11-10 08:30:55 302592 ----a-w- c:\windows\system32\wlansec.dll
2012-11-10 08:30:55 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2012-11-10 08:30:54 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2012-11-10 08:30:16 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-11-10 08:30:15 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-11-10 08:29:34 218624 ----a-w- c:\windows\system32\msv1_0.dll
2012-11-10 08:28:14 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2012-11-10 08:28:14 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-11-10 08:28:14 2048 ----a-w- c:\windows\system32\mferror.dll
2012-11-10 08:24:32 71680 ----a-w- c:\windows\system32\atl.dll
2012-11-10 08:21:37 160256 ----a-w- c:\windows\system32\wkssvc.dll
2012-11-10 08:20:57 53248 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-10 08:20:57 136192 ----a-w- c:\windows\system32\aaclient.dll
2012-11-10 08:14:09 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-11-10 08:14:09 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-11-10 08:12:36 6656 ----a-w- c:\windows\system32\kbd106n.dll
2012-11-10 08:11:29 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-11-10 08:11:29 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-11-10 08:10:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-10 08:10:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-11-10 08:10:54 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-10 08:10:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2012-11-10 08:09:54 98304 ----a-w- c:\windows\system32\cabview.dll
2012-11-10 08:09:39 37888 ----a-w- c:\windows\system32\printcom.dll
2012-11-10 08:09:11 14848 ----a-w- c:\windows\system32\wshrm.dll
2012-11-10 08:08:53 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-11-10 08:08:53 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-11-10 08:08:53 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-11-10 08:08:52 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-11-10 08:08:52 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-11-10 08:08:52 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-11-10 08:07:17 84480 ----a-w- c:\windows\system32\INETRES.dll
2012-11-10 08:06:56 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-11-10 08:06:28 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-11-10 08:06:28 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-11-10 08:06:28 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-11-10 08:05:10 243712 ----a-w- c:\windows\system32\rastls.dll
2012-11-10 08:04:56 355328 ----a-w- c:\windows\system32\WSDApi.dll
2012-11-10 08:04:11 91136 ----a-w- c:\windows\system32\avifil32.dll
2012-11-10 08:04:11 82944 ----a-w- c:\windows\system32\mciavi32.dll
2012-11-10 08:04:11 65024 ----a-w- c:\windows\system32\avicap32.dll
2012-11-10 08:04:11 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2012-11-10 08:04:11 31744 ----a-w- c:\windows\system32\msvidc32.dll
2012-11-10 08:04:11 22528 ----a-w- c:\windows\system32\msyuv.dll
2012-11-10 08:04:11 13312 ----a-w- c:\windows\system32\msrle32.dll
2012-11-10 08:04:11 123904 ----a-w- c:\windows\system32\msvfw32.dll
2012-11-10 08:04:11 12288 ----a-w- c:\windows\system32\tsbyuv.dll
.
============= FINISH: 18:11:10.06 ===============
Blade81
2013-02-08, 06:59
Hi again,

Uninstall old Adobe Reader versions and get Adobe Reader 11.0 here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) and update 11.0.01 for it or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.


Post back its report & a fresh dds.txt log. Any symptoms remaining?
Adamtwo
2013-02-09, 19:23
Hi Blade,

Updated Adobe Reader, ESET log and new DDS log follow...I tried out Google-searching a few minutes ago, it appeared to work, as did yahoo search. The eset scan was pretty horrifying, though, showing 19 issues (trojans and such). Looked up the tracur one and the description said it reset itself each bootup. Past week or so I've been keeping this PC off except to follow your helpful guidance or print things (been using laptop otherwise), so it has been OFF and ON a few times...

Again, I appreciate your time in helping me...here are the logs:

C:\Program Files\Deal Vault\Deal Vault.dll a variant of Win32/Toolbar.CrossRider.A application
C:\Program Files\Deal Vault\Uninstall.exe multiple threats
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar32.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar6.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Users\Parents\AppData\Local\HP\Hewlett-Packard\ticle.dll.vir Win32/TrojanDownloader.Tracur.V trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar32.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar6.zip Win32/Bagle.gen.zip worm
C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdddedbdhdfggdcdegfdideggdcge\background.js Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Parents\AppData\Local\Updater19866\Updater19866.exe a variant of Win32/Toolbar.CrossRider.C application
C:\WINDOWS\Installer\{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe Win32/Toolbar.Widgi application
C:\WINDOWS\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\ARPPRODUCTICON.exe Win32/Toolbar.Widgi application
C:\WINDOWS\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe Win32/Toolbar.Widgi application
C:\WINDOWS\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe Win32/Toolbar.Widgi application
C:\WINDOWS\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe Win32/Toolbar.Widgi application
C:\WINDOWS\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe Win32/Toolbar.Widgi application
C:\WINDOWS\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe Win32/Toolbar.Widgi application
C:\WINDOWS\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe Win32/Toolbar.Widgi application
C:\WINDOWS\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\_7EA1FFEF_B7AE_43A5_8841_DBB045C2D037 Win32/Toolbar.Widgi application
C:\WINDOWS\Installer\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}\_A86D6FCA_B61A_4DF3_A911_587A28753A8E Win32/Toolbar.Widgi application


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Parents at 13:03:36 on 2013-02-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1752 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\IB Updater\ExtensionUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\WUDFHost.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\System32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.2.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.2.1.22\ips\ipsbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.2.1.22\coieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
StartupFolder: c:\users\parents\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\parents\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{927B7D6A-1939-4D25-93D7-E2F8D36D8DDB} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402010.016\symds.sys [2013-1-25 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402010.016\symefa.sys [2013-1-25 927904]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130116.013\BHDrvx86.sys [2013-1-16 997464]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1402010.016\ccsetx86.sys [2013-1-25 134304]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130208.001\IDSvix86.sys [2013-2-9 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402010.016\ironx86.sys [2013-1-25 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1402010.016\symtdiv.sys [2013-1-25 350368]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-11-10 21504]
R2 IB Updater;IB Updater;c:\program files\ib updater\ExtensionUpdaterService.exe [2013-1-24 188760]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-24 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-24 682344]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.2.1.22\ccsvchst.exe [2013-1-25 143928]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-11-11 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-1-24 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-24 21104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .com: Applications\iexplore.exe="c:\program files\internet explorer\iexplore.exe" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-09 16:09:31 -------- d-----w- c:\program files\ESET
2013-02-06 23:04:42 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-06 23:04:36 -------- d-----w- c:\users\parents\appdata\local\temp
2013-02-06 22:50:47 98816 ----a-w- c:\windows\sed.exe
2013-02-06 22:50:47 256000 ----a-w- c:\windows\PEV.exe
2013-02-06 22:50:47 208896 ----a-w- c:\windows\MBR.exe
2013-01-25 05:25:47 350368 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symtdiv.sys
2013-01-25 05:25:47 338592 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symnets.sys
2013-01-25 05:25:47 21400 ----a-r- c:\windows\system32\drivers\n360\1402010.016\symelam.sys
2013-01-25 05:25:46 927904 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symefa.sys
2013-01-25 05:25:46 586400 ----a-w- c:\windows\system32\drivers\n360\1402010.016\srtsp.sys
2013-01-25 05:25:46 368288 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symds.sys
2013-01-25 05:25:46 32888 ----a-r- c:\windows\system32\drivers\n360\1402010.016\srtspx.sys
2013-01-25 05:25:46 175264 ----a-w- c:\windows\system32\drivers\n360\1402010.016\ironx86.sys
2013-01-25 05:25:45 134304 ----a-w- c:\windows\system32\drivers\n360\1402010.016\ccsetx86.sys
2013-01-25 05:24:58 9103 ----a-w- c:\windows\system32\drivers\n360\1402010.016\symvtcer.dat
2013-01-25 05:24:58 -------- d-----w- c:\windows\system32\drivers\n360\1402010.016
2013-01-25 02:20:25 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-01-25 02:20:25 -------- d-----w- c:\program files\Symantec
2013-01-25 02:18:42 -------- d-----w- c:\windows\system32\drivers\N360
2013-01-25 02:18:28 -------- d-----w- c:\program files\Norton 360
2013-01-25 02:18:27 -------- d-----w- c:\programdata\Norton
2013-01-25 02:14:04 -------- d-----w- c:\programdata\NortonInstaller
2013-01-25 02:14:04 -------- d-----w- c:\program files\NortonInstaller
2013-01-24 23:46:22 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-24 23:46:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-24 23:46:02 -------- d-----w- c:\users\parents\appdata\local\Threat Expert
2013-01-24 23:45:46 -------- d-----w- c:\users\parents\appdata\local\Deal Vault
2013-01-24 23:45:34 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-01-24 23:45:34 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-01-24 23:45:34 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-01-24 23:45:34 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-01-24 23:45:34 -------- d-----w- c:\windows\system32\ARFC
2013-01-24 23:45:33 -------- d-----w- c:\windows\system32\WNLT
2013-01-24 23:45:33 -------- d-----w- c:\users\parents\appdata\local\Updater19866
2013-01-24 23:45:29 -------- d-----w- c:\program files\IB Updater
2013-01-24 23:45:18 -------- d-----w- c:\program files\Deal Vault
2013-01-24 23:03:56 -------- d-----w- c:\program files\PC Tools
2013-01-24 22:59:24 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2013-01-24 22:59:24 -------- d-----w- c:\program files\common files\PC Tools
2013-01-24 22:58:59 -------- d-----w- c:\users\parents\appdata\roaming\TestApp
2013-01-24 22:58:59 -------- d-----w- c:\programdata\PC Tools
2013-01-24 01:09:35 -------- d-----w- c:\program files\Citrix
2013-01-22 13:21:15 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0725835c-8f22-40e4-bb69-b835b8a30434}\mpengine.dll
.
==================== Find3M ====================
.
2013-02-09 16:02:28 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-09 16:02:28 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-23 01:35:53 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:22:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 13:04:46.62 ===============
Blade81
2013-02-10, 13:01
Hi,

If you don't need Deal Vault you may uninstall it via Control Panel.


Open notepad and copy/paste the text in the quotebox below into it:



File::
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar32.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar6.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar32.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar6.zip
Folder::
C:\Users\Parents\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdddedbdhdfggdcdegfdideggdcge



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Adamtwo
2013-02-14, 03:35
Hi Blade,

Deal Vault uninstalled from Control Panel...ComboFix Log to follow:

ComboFix 13-02-13.02 - Parents 02/13/2013 20:39:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2001 [GMT -5:00]
Running from: c:\users\Parents\Desktop\ComboFix.exe
Command switches used :: c:\users\Parents\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\Spybot - Search & Destroy\Recovery\IncrediBar32.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\IncrediBar6.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar32.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar6.zip"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Parents\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdddedbdhdfggdcdegfdideggdcge
c:\users\Parents\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdddedbdhdfggdcdegfdideggdcge\background.js
c:\users\Parents\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdddedbdhdfggdcdegfdideggdcge\manifest.json
.
.
((((((((((((((((((((((((( Files Created from 2013-01-14 to 2013-02-14 )))))))))))))))))))))))))))))))
.
.
2013-02-14 01:49 . 2013-02-14 01:49 -------- d-----w- c:\users\Parents\AppData\Local\temp
2013-02-14 01:49 . 2013-02-14 01:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-14 01:49 . 2013-02-14 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-09 15:59 . 2013-02-09 15:59 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-28 22:31 . 2013-01-28 22:32 -------- d-----w- c:\program files\ERUNT
2013-01-25 02:20 . 2013-01-25 02:20 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-01-25 02:20 . 2013-01-25 02:20 -------- d-----w- c:\program files\Symantec
2013-01-25 02:18 . 2013-01-25 13:40 -------- d-----w- c:\windows\system32\drivers\N360
2013-01-25 02:18 . 2013-01-25 02:18 -------- d-----w- c:\program files\Norton 360
2013-01-25 02:18 . 2013-01-25 02:20 -------- d-----w- c:\programdata\Norton
2013-01-25 02:14 . 2013-01-25 02:14 -------- d-----w- c:\program files\NortonInstaller
2013-01-24 23:46 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-24 23:46 . 2013-01-24 23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-24 23:46 . 2013-01-24 23:46 -------- d-----w- c:\users\Parents\AppData\Local\Threat Expert
2013-01-24 23:45 . 2013-02-14 01:27 -------- d-----w- c:\users\Parents\AppData\Local\Deal Vault
2013-01-24 23:45 . 2013-01-24 23:45 450 ----a-w- C:\user.js
2013-01-24 23:45 . 2013-01-24 23:45 -------- d-----w- c:\windows\system32\ARFC
2013-01-24 23:45 . 2012-10-02 15:18 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-01-24 23:45 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-01-24 23:45 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-01-24 23:45 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-01-24 23:45 . 2013-01-25 02:02 -------- d-----w- c:\windows\system32\WNLT
2013-01-24 23:45 . 2013-01-24 23:45 -------- d-----w- c:\program files\IB Updater
2013-01-24 23:03 . 2013-01-24 23:03 -------- d-----w- c:\program files\PC Tools
2013-01-24 22:59 . 2013-01-25 02:16 -------- d-----w- c:\program files\Common Files\PC Tools
2013-01-24 22:59 . 2012-11-01 20:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2013-01-24 22:58 . 2013-01-25 02:14 -------- d-----w- c:\programdata\PC Tools
2013-01-24 22:58 . 2013-01-24 22:58 -------- d-----w- c:\users\Parents\AppData\Roaming\TestApp
2013-01-24 01:09 . 2013-01-24 01:09 -------- d-----w- c:\program files\Citrix
2013-01-22 13:21 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0725835C-8F22-40E4-BB69-B835B8A30434}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 16:02 . 2012-11-11 13:37 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-09 16:02 . 2012-11-11 13:37 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 13:12 . 2012-12-22 06:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 06:05 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-23 01:35 . 2013-01-09 02:26 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:22 . 2013-01-09 02:25 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-07 180224]
"CTXFIREG"="CTxfiReg.exe" [2006-12-12 44032]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-02 44168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-12-12 28672]
.
c:\users\Parents\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Monitor Ink Alerts - HP Officejet 6100.lnk - c:\windows\system32\RunDll32.exe [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2007-6-15 34520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-11 16:02]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-10 03:00]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-10 03:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drudgereport.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-13 20:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-02-13 20:54:56
ComboFix-quarantined-files.txt 2013-02-14 01:54
ComboFix2.txt 2013-02-06 23:04
.
Pre-Run: 378,784,632,832 bytes free
Post-Run: 379,036,045,312 bytes free
.
- - End Of File - - E5E027C90FB9BB0ADF9111C1B2FF4D80
Blade81
2013-02-14, 06:39
Good :) Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.



Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK





Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
Adamtwo
2013-02-15, 22:27
Blade,

System restore stuff...check.
Uninstall ComboFix...check.
Secunia...check.
Update everthing...check.

No symptoms of anything else bad showing...check.

My family and I appreciate your time and assistance, you (and your associates) truly provide a great and generous service.

Take care!
Blade81
2013-02-16, 10:17
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.