taskeng.exe, TR/Dropper.MSIL.Gen8, TR/Meredrop.EB.1, TR/Rogue.15112.aic

Started by Sojourner, February 13, 2015, 01:02:14 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Sojourner

February 13, 2015, 01:02:14 PM
I saw a DOS box labeled taskeng.exe popup.  Immediately ran Avira's filewalker.

It found

INBOX  TR/Dropper.MSIL.Gen8,
TRASH  TR/Meredrop.EB.1,
INBOX  TR/Rogue.15112.aic

The only option Avira gives for these is IGNORE.  That doesn't sound like a good idea!

The following error occurred during scan

C:\Windows\SoftwareDistribution\Download\0350e593835125031f36e846ff3b936c09b8d479
  [WARNING]   Insufficient memory. The file was not scanned!

The following warnings were issued

C:\Users\Sojourner\AppData\Roaming\Thunderbird\Profiles\7lb2k3n4.default\Mail\pop3.live-1.com\Inbox
  [WARNING]   This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.
C:\Users\Sojourner\AppData\Roaming\Thunderbird\Profiles\7lb2k3n4.default\Mail\pop3.live-1.com\Trash
  [WARNING]   This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.
C:\Users\Sojourner\AppData\Roaming\Thunderbird\Profiles\7lb2k3n4.default\Mail\pop3.live.com\Inbox
  [WARNING]   This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.

Attached are the requested logfiles

Any help would be greatly appreciated.

Edit Note:  Logs copy/pasted by Corrine.

Results of screen317's Security Check version 0.99.96 
Windows Vista Service Pack 2 x64 (UAC is disabled!) 
Internet Explorer 9 
Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Windows Firewall Disabled! 
Avira Desktop   
Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 7 Update 71 
Java version 32-bit out of Date!
Java 64-bit 8 Update 31[/color] 
Adobe Flash Player    16.0.0.305 
Adobe Reader 10.1.13 Adobe Reader out of Date! 
Mozilla Firefox 31.4.0 Firefox out of Date! 
Mozilla Thunderbird (31.4.0)
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent````````[/u] 
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````[/u]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16599  BrowserJavaVersion: 10.71.2
Run by Sojourner at 4:43:57 on 2015-02-13
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6134.1605 [GMT -8:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Sojourner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Sojourner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Medialink\Common\RaRegistry64.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Utilities\Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Utilities\Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Utilities\Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Dell\SupportAssist\imstrayicon.exe
C:\Program Files (x86)\Utilities\Thunderbird\thunderbird.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.roboform.com
BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d6a4} -
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spotify Web Helper] "C:\Users\Sojourner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\Media\Quicktime\QTTask.exe" -atboottime
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: C:\Users\SOJOUR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sojourner\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B119405C-BA0A-4003-8989-C786E1011AA8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B1AC72A0-692E-4DBD-B6BD-83266810345A} : DHCPNameServer = 192.168.1.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-RunOnce: [PC-Doctor for Windows REBOOT] <no file>
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sojourner\AppData\Roaming\Mozilla\Firefox\Profiles\xzlp7l14.default\
FF - prefs.js: browser.startup.homepage - about:mybookmarks|hxxp://community.kingarthurflour.com/user|http://www.jigidi.com/login.php|http://www.jigzone.com/|https://addons.mozilla.org/en-US/firefox/search/?cat=1%2C0&q=bookmarks&platform=windows&appver=31.0&_pjax=true&page=8
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Media\Quicktime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\Media\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\Media\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\Media\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\Media\Quicktime\Plugins\npqtplugin5.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Utilities\VLC\npvlc.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
FF - ExtSQL: 2015-01-05 08:29; {7443739c-bff6-4af0-aea5-7ed29006966c}; C:\Users\Sojourner\AppData\Roaming\Mozilla\Firefox\Profiles\xzlp7l14.default\extensions\{7443739c-bff6-4af0-aea5-7ed29006966c}
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-4-2 28600]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-11 88576]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-3 235520]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-1-20 431920]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-1-20 431920]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-4-2 119272]
R2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2015-1-19 182520]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2015-1-30 2552528]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2015-1-30 201424]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Medialink\Common\RaRegistry64.exe [2014-7-12 454208]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [2015-2-6 19288]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2011-10-17 90128]
R3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2015-1-30 23760]
R3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2015-1-30 23312]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2014-4-11 1009864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 RaMediaServer;RaMediaServer;C:\Program Files (x86)\Medialink\Common\RaMediaServer.exe [2014-7-12 621632]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-15 90776]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe --> c:\games\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2011-5-11 316544]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2011-5-16 156912]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-1-20 992560]
.
=============== File Associations ===============
.
FileExt: .reg: Regedit.Document=c:\Winnt\Regedit.exe %1
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2015-02-12 01:25:13   116773704   ----a-w-   C:\Windows\System32\mrt.exe
2015-02-04 22:58:09   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-04 22:58:09   701616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-30 22:36:11   23760   ----a-w-   C:\Windows\System32\drivers\DDDriver64Dcsa.sys
2015-01-30 22:36:11   23312   ----a-w-   C:\Windows\System32\drivers\DellProf.sys
2014-12-23 08:41:02   298120   ------w-   C:\Windows\System32\MpSigStub.exe
2014-12-19 00:26:53   139776   ----a-w-   C:\Windows\System32\drivers\mrxdav.sys
2014-12-10 23:21:51   52736   ----a-w-   C:\Windows\System32\TSWbPrxy.exe
2014-12-06 03:14:36   48640   ----a-w-   C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:14:34   93184   ----a-w-   C:\Windows\SysWow64\ncsi.dll
2014-12-06 02:54:35   178688   ----a-w-   C:\Windows\System32\profsvc.dll
2014-12-06 02:54:19   61440   ----a-w-   C:\Windows\System32\nlaapi.dll
2014-12-06 02:54:19   205824   ----a-w-   C:\Windows\System32\nlasvc.dll
2014-12-03 02:06:01   278528   ----a-w-   C:\Windows\SysWow64\schannel.dll
2014-12-03 01:51:29   347136   ----a-w-   C:\Windows\System32\schannel.dll
2014-11-24 22:12:45   17874432   ----a-w-   C:\Windows\System32\mshtml.dll
2014-11-24 21:59:39   448512   ----a-w-   C:\Windows\System32\html.iec
2014-11-24 21:54:00   10921984   ----a-w-   C:\Windows\System32\ieframe.dll
2014-11-24 21:53:14   2339840   ----a-w-   C:\Windows\System32\jscript9.dll
2014-11-24 21:47:43   1388032   ----a-w-   C:\Windows\System32\urlmon.dll
2014-11-24 21:47:12   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2014-11-24 21:45:49   1494016   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-11-24 21:45:37   237056   ----a-w-   C:\Windows\System32\url.dll
2014-11-24 21:45:29   86016   ----a-w-   C:\Windows\System32\jsproxy.dll
2014-11-24 21:44:58   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-11-24 21:44:55   599040   ----a-w-   C:\Windows\System32\vbscript.dll
2014-11-24 21:44:51   2157056   ----a-w-   C:\Windows\System32\iertutil.dll
2014-11-24 21:44:49   816640   ----a-w-   C:\Windows\System32\jscript.dll
2014-11-24 21:44:40   729088   ----a-w-   C:\Windows\System32\msfeeds.dll
2014-11-24 21:44:21   453120   ----a-w-   C:\Windows\System32\dxtmsft.dll
2014-11-24 21:44:11   282112   ----a-w-   C:\Windows\System32\dxtrans.dll
2014-11-24 21:44:08   55296   ----a-w-   C:\Windows\System32\msfeedsbs.dll
2014-11-24 21:44:05   11264   ----a-w-   C:\Windows\System32\msfeedssync.exe
2014-11-24 21:43:51   96768   ----a-w-   C:\Windows\System32\mshtmled.dll
2014-11-24 21:43:44   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-11-24 21:43:33   12800   ----a-w-   C:\Windows\System32\mshta.exe
2014-11-24 21:42:58   248320   ----a-w-   C:\Windows\System32\ieui.dll
2014-11-24 20:44:32   367104   ----a-w-   C:\Windows\SysWow64\html.iec
2014-11-24 20:41:46   12369920   ----a-w-   C:\Windows\SysWow64\mshtml.dll
2014-11-24 20:40:49   1810944   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-11-24 20:37:23   9740800   ----a-w-   C:\Windows\SysWow64\ieframe.dll
2014-11-24 20:35:45   1139712   ----a-w-   C:\Windows\SysWow64\urlmon.dll
2014-11-24 20:35:25   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-11-24 20:34:40   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-11-24 20:34:05   231936   ----a-w-   C:\Windows\SysWow64\url.dll
2014-11-24 20:33:59   65536   ----a-w-   C:\Windows\SysWow64\jsproxy.dll
2014-11-24 20:33:56   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-11-24 20:33:47   421376   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-11-24 20:33:26   717824   ----a-w-   C:\Windows\SysWow64\jscript.dll
2014-11-24 20:33:21   1802752   ----a-w-   C:\Windows\SysWow64\iertutil.dll
2014-11-24 20:33:15   607744   ----a-w-   C:\Windows\SysWow64\msfeeds.dll
2014-11-24 20:33:03   41472   ----a-w-   C:\Windows\SysWow64\msfeedsbs.dll
2014-11-24 20:32:53   353792   ----a-w-   C:\Windows\SysWow64\dxtmsft.dll
2014-11-24 20:32:49   223232   ----a-w-   C:\Windows\SysWow64\dxtrans.dll
2014-11-24 20:32:48   10752   ----a-w-   C:\Windows\SysWow64\msfeedssync.exe
2014-11-24 20:32:47   11776   ----a-w-   C:\Windows\SysWow64\mshta.exe
2014-11-24 20:32:42   73216   ----a-w-   C:\Windows\SysWow64\mshtmled.dll
2014-11-24 20:32:36   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-11-24 20:32:17   176640   ----a-w-   C:\Windows\SysWow64\ieui.dll
.
============= FINISH:  4:44:36.67 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/12/2011 8:18:19 AM
System Uptime: 2/3/2015 9:28:44 PM (223 hours ago)
.
Motherboard: Dell Inc. |  | 0R849J
Processor: Intel(R) Core(TM) i7 CPU         920  @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 2.378 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.633 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) 82567LF-2 Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_10CD&SUBSYS_02C91028&REV_00\3&11583659&0&C8
Manufacturer: Intel
Name: Intel(R) 82567LF-2 Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_10CD&SUBSYS_02C91028&REV_00\3&11583659&0&C8
Service: e1yexpress
.
==== System Restore Points ===================
.
RP948: 1/22/2015 5:24:56 AM - Scheduled Checkpoint
RP949: 1/23/2015 5:54:43 AM - Scheduled Checkpoint
RP950: 1/24/2015 4:13:27 AM - Scheduled Checkpoint
RP951: 1/25/2015 1:34:49 PM - Scheduled Checkpoint
RP952: 1/27/2015 12:22:36 AM - Scheduled Checkpoint
RP953: 1/28/2015 4:18:10 AM - Scheduled Checkpoint
RP954: 2/3/2015 9:14:06 PM - Windows Update
RP955: 2/5/2015 5:06:36 AM - Scheduled Checkpoint
RP956: 2/6/2015 12:31:20 AM - Scheduled Checkpoint
RP957: 2/7/2015 12:00:07 AM - Scheduled Checkpoint
RP958: 2/8/2015 12:15:15 AM - Scheduled Checkpoint
RP959: 2/11/2015 5:23:40 PM - Windows Update
RP960: 2/13/2015 2:52:51 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
AbiWord 2.8.6
ActiveState ActivePython 2.7.2.5 (32-bit)
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader X (10.1.13)
Age of Empires II: HD Edition
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Software Update
Aquaria
Ask Toolbar Updater
ATI Catalyst Control Center
Audacity 2.0.3
Avidemux 2.5
Avira
Avira Free Antivirus
Baldur's Gate(TM) II - Shadows of Amn(TM) Bonus CD
Baldur's Gate(TM) II - Throne of Bhaal (TM)
Banctec Service Agreement
Bejeweled Deluxe
BioWare Premium Module: Neverwinter Nights - Pirates of the Sword Coast
BioWare Premium Module: Neverwinter Nights - Wyvern Crown of Cormyr
BitPim 1.0.7
Blender
calibre
Canon MP Navigator EX 2.1
Canon Utilities Solution Menu
CanoScan LiDE 700F Scanner Driver
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Turkish
CC Magic
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CEP (Color Enable Package) v.9.2 (beta)
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CPUID CPU-Z 1.58
CPUID HWMonitor 1.21
D3DX10
Dell Data Vault
Dell Edoc Viewer
Dell SupportAssist
Dell SupportAssistAgent
Desktop Icon Position Saver (64-bit)
doPDF 7.2 printer
Dragonsphere
Dropbox
Equalify v2.1.2 (admin setup)
gImageReader
GIMP 2.6.11
Gone Home
Google Book Downloader
Google Chrome
Google Update Helper
Guild Wars
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)
Indeo® Software
Intel(R) Network Connections 13.1.33.0
Java 7 Update 71
Java Auto Updater
Java(TM) 7 Update 4 (64-bit)
King's Bounty: Armored Princess
King's Bounty: Crossworlds
King's Bounty: The Legend
LAME v3.99.3 (for Windows)
Last Dream
Logitech Unifying Software 2.10
Lugaru HD
Lure of the Temptress
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400
Medialink MWN-USB300N Card
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft IntelliType Pro 6.3
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio Express 2012 for Windows Desktop
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Mobipocket Creator 4.2
MOG
Mount & Blade: Warband
Mozilla Firefox 31.4.0 ESR (x86 en-US)
Mozilla Thunderbird 31.4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Neverwinter Nights Diamond Edition
Notepad++
NVIDIA PhysX
Oblivion mod manager 1.1.12
OpenAL
Origin
PDF ePub DRM Removal
Pidgin
Planescape Torment
Psychonauts
Python 2.7 pycrypto-2.3
Quest for Glory II: Trial by Fire (2.0)
Quest for Glory Pack
QuickTime 7
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recettear: An Item Shop's Tale
Runes of Magic
s3oc - Sims3 Object Cloner
s3pe - Sims3 Package Editor
Sam & Max 101: Culture Shock
Sam & Max 102: Situation: Comedy
Sam & Max 103: The Mole, the Mob and the Meatball
Sam & Max 104: Abe Lincoln Must Die!
Sam & Max 105: Reality 2.0
Sam & Max 106: Bright Side of the Moon
Sam & Max 201: Ice Station Santa
Sam & Max 202: Moai Better Blues
Sam & Max 203: Night of the Raving Dead
Sam & Max 204: Chariots of the Dogs
Sam & Max 205: What's New Beelzebub?
Sam & Max 301: The Penal Zone
Sam & Max 302: The Tomb of Sammun-Mak
Sam & Max 303: They Stole Max's Brain!
Sam & Max 304: Beyond the Alley of the Dolls
Sam & Max 305: The City that Dares not Sleep
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Segoe UI
Sid Meier's Civilization III: Complete
Sid Meier's Civilization IV
Sid Meier's Civilization V
Sid Meier's Civilization V SDK
SimpleOCR 3.1
Skins
SlimDX Runtime .NET 2.0 (January 2012)
Speccy
SpeedFan (remove only)
Spotify
Steam
StreamTransport version: 1.0.2.2171
Tesseract-OCR 3.01 - open source OCR engine
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Create a Pattern Tool
The Sims™ 3 Create a World Tool - Beta
The Sims™ 3 Generations
The Sims™ 3 World Adventures
The Whispered World
The Witcher 2: Bonus Content
Titan Quest
Titan Quest: Immortal Throne
Torchlight
TQ Defiler.NET
TQVault
TRAUMA
Treasure Adventure Game
TSR RigFix
TSR Workshop
Ultima 4 - Quest of the Avatar
Unofficial Oblivion Patch v3.2.0
Unofficial Official Mods Patch v15
Unofficial Shivering Isles Patch v1.4.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio 2012 (KB2781514)
Update for Microsoft Visual Studio 2012 (KB3002339)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.1.3
Winamp
Winamp Detector Plug-in
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
2/8/2015 11:33:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.3 for the Network Card with network address 14358B100563 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/8/2015 11:33:07 PM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address C4-57-6E-5B-DA-10. Network operations on this system may be disrupted as a result.
2/11/2015 7:38:31 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
2/11/2015 6:02:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.191.4500.0).
.
==== End Of File ===========================

Corrine

#1
February 13, 2015, 03:36:15 PM
Hi, Sojourner.

Note that I edited your post to copy/paste the logs rather than being attached.

In addition to needing to update Firefox and Adobe Reader, plus an outdated version of Java left on your computer, your logs are showing you have both the Windows Firewall and UAC disabled.  A software firewall helps screen out hackers, viruses, and worms that try to reach your computer and UAC can help prevent unauthorized changes to your computer.  Even though Avira blocked the trojan, with outdated programs and limited defenses, you're placing your computer at risk.

Please do the following:

1.  Please download Malwarebytes Anti-Malware FREE Version from here: http://downloads.malwarebytes.org/file/mbam and save it to your Desktop.

Note::  MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click to execute the installation. Accept the terms, and allow MBAM to install to the default location in your Program Files.
  • Please update the database by clicking on the Update Now button as shown below.


  • Following the update, click on the large green Scan Now button to begin the Threat Scan.
    Note: Optionally, you could have simply clicked Fix Now if it is displayed. That will automatically download updates and run a Threat Scan.
     If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.

    • After viewing the results, please click on the Copy to Clipboard button > OK.
    • Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.
2.  Please download Adware Cleaner by Xplode.    Please save it to your desktop!

  • Close all open programs and internet browsers.
  • Double-click AdwCleaner.exe to run the tool. 
    Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin.  Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Report button.  A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Sojourner

#2
February 13, 2015, 09:25:28 PM
Firefox IS updated - that's the ESR release.  I get security updates on it regularly.  Just updated it a couple of weeks ago when dinged to do so.  So Firefox certainly doesn't think its out of date, or it would be constantly giving me popup reminders to update.

Adobe Reader was updated day before yesterday (or at least the update was downloaded) but I've not rebooted since - so that update may be one of the ones that is hanging around in the background waiting for a reboot to finish installing.

I have downloaded the 2 programs you suggested, will post back when they're done running.

Thanks.
Print
Go Up Pages1
User actions