Beaumont

Dear Elise, You are AWESOME!!! I'm SO very glad that you found the ioyogi/Bomgar hidden file (via ComboFix) as they are SO dishonest. Good to know, post Bomgar online scan of my computer in Safe Mode with networking, that there are NO more malicious files (or anything relating to ioyogi/Bomgar). As I have had sometime on my hands I ran a ESET online scan, in Safe Mode with networking, came up empty (aside from the 1 file that ESET had quarantined...still there under Manage Quarantine). If you say ALL CLear...Wonderful...Marvelous... Thank You, Thank You, Thank You, you are superb! Bailey

Dear Elise, Well, for starters, SO SORRY for STILL keeping you busy... I did as you had asked regarding ComboFix, yet forgot that I was on a different user account on my computer (same harddrive though) when I ran the ComboFix (I was signed-in under User Mickey C...my boyfriend's old account rather then User DavidKS...which was my boyfriend's Dad's old account on this computer...a hand-me-down that now belongs to me...which was were WE DID ALL THE WORK/LOGS). I'm SO doped up on painkillers (post surgery) & heat and humidity, and lack of sleep, its taking a toll. Right after postings this ComboFix log (wrong user account on same computer/harddrive) do you need for me to turn off the computer...resign-on as User DavidKS (master account) and redo the ComboFix (this time as the same user account with which I've been posting here all this time...originally) or it doesn't matter from which user account the ComboFix was done as its the same computer/harddrive? REALLY SORRY FOR BEING SUCH A TECHNO CLUTZ! ComboFix log (right computer...wrong User account)... ComboFix 11-07-23.04 - Mickey C 07/24/2011 5:42.2.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.1779 [GMT -4:00] Running from: c:\users\Mickey C\Desktop\ComboFix.exe Command switches used :: c:\users\Mickey C\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Tasks\Bomgar Task 2083627.job" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Tasks\Bomgar Task 2083627.job . . ((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 ))))))))))))))))))))))))))))))) . . 2011-07-23 20:25 . 2011-07-23 20:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-21 04:55 . 2011-07-21 04:55 -------- d-----w- c:\program files\ESET 2011-07-16 00:33 . 2011-07-16 01:29 -------- d-----w- c:\program files\Common Files\Symantec Shared 2011-07-16 00:33 . 2011-07-16 00:33 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-07-16 00:33 . 2011-07-16 00:33 -------- d-----w- c:\program files\Symantec 2011-07-16 00:32 . 2011-07-16 00:33 -------- d-----w- c:\windows\system32\drivers\NIS 2011-07-16 00:32 . 2011-07-16 00:32 -------- d-----w- c:\program files\Norton Internet Security 2011-07-16 00:07 . 2011-07-16 01:06 -------- d-----w- c:\program files\NortonInstaller 2011-07-13 19:21 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2011-07-13 14:13 . 2011-07-15 02:07 -------- d-----w- c:\users\DavidKS\AppData\Local\NPE 2011-07-13 14:09 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-07-13 14:09 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-07-13 14:09 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-12 19:45 . 2011-07-12 19:45 -------- d-----w- c:\program files\Common Files\Java 2011-07-12 18:08 . 2011-07-12 18:08 -------- d-----w- c:\users\DavidKS\AppData\Roaming\Tific 2011-07-12 18:08 . 2011-07-12 18:08 -------- d-----w- c:\users\DavidKS\AppData\Local\Symantec 2011-07-12 17:51 . 2011-07-12 17:51 -------- d-----w- c:\users\DavidKS\AppData\Local\PackageAware 2011-07-11 23:11 . 2011-07-19 07:08 -------- d-----w- c:\users\DavidKS\AppData\Local\CrashDumps 2011-07-10 16:42 . 2011-07-11 08:49 -------- d-----w- c:\users\Mickey C\AppData\Local\CrashDumps 2011-07-10 02:35 . 2011-07-16 00:32 -------- d-----w- c:\programdata\Norton 2011-06-29 02:01 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-13 15:44 . 2011-07-13 15:44 447659 ----a-w- c:\windows\smc.zip 2011-07-06 23:52 . 2008-07-19 22:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 23:52 . 2008-07-09 03:16 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 08:52 . 2010-05-26 20:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-02 17:16 . 2011-06-15 05:05 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 13:25 . 2011-06-15 05:06 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 13:25 . 2011-06-15 05:06 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-29 13:24 . 2011-06-15 05:05 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-29 13:24 . 2011-06-15 05:05 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-29 13:24 . 2011-06-15 05:05 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . c:\users\DavidKS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote Table Of Contents.onetoc2 [2011-6-29 3656] . c:\users\Mickey C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-09-02 19:24 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\users\DavidKS\AppData\Roaming\iolo\ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Users^DavidKS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\DavidKS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2009-02-06 21:02 170496 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell PC TuneUp Startup] 2008-04-30 13:59 307568 ----a-w- c:\program files\iolo\Common\Lib\ioloLManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter] 2009-05-21 15:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2009-04-07 13:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 610 Series] 2009-01-26 06:00 199680 ----a-w- c:\windows\System32\spool\drivers\W32X86\3\E_FATIFJA.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM] 2009-06-05 04:00 843776 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTCM Client] 2009-08-05 17:36 1596096 ----a-w- c:\program files\LTCM Client\ltcmClient.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-07-06 23:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-06 23:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMSpeed] 2008-12-09 13:32 55120 ----a-w- c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-05-11 13:26 4452352 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2008-01-21 16:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-07-20 04:54 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager] 2008-07-18 19:04 331776 ----a-w- c:\windows\System32\WDBtnMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WDCBG] 2004-08-02 18:50 118784 ----a-w- c:\windows\wdcbg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe] 2008-05-24 18:34 26448 ----a-w- c:\windows\System32\spool\drivers\W32X86\3\WrtMon.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 WDCFX_AT;USB Storage Adapter FX_AT (WDC);c:\windows\system32\DRIVERS\WDCFX_AT.SYS [2004-08-02 33536] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [2011-05-19 810616] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-09-20 12800] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110722.031\IDSvix86.sys [2011-07-16 367736] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384] S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-04-30 565608] S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-04-30 565608] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-16 105592] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-07-23 c:\windows\Tasks\Malwarebytes' Scheduled Update for DavidKS.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-07-09 23:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.pandasecurity.com/activescan/index/?track=1&Lang=en-US&IdPais=63 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-24 05:55 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . Completion time: 2011-07-24 05:58:29 ComboFix-quarantined-files.txt 2011-07-24 09:58 ComboFix2.txt 2011-07-19 04:55 . Pre-Run: 87,812,435,968 bytes free Post-Run: 87,760,498,688 bytes free . - - End Of File - - F8C01003E4FEA6E05815A4A3890D2DD6

Dear Elise, It is I that is sorry if I gave you the impression that I wanted to keep the Bomgar Task jobs file (I don't trust ioyogi/Bomgar as far as I can throw them). Ioyogi bambozzled me into believing they are the Symantec Corp., when I had a question regarding NIS 2011, and coned me into allowing them to do a remote assistance with online scan of my computer (in Safe Mode with networking)and then lied about the results of said scan. I only brought up Bomgar because it appeared in the ComboFix scan results (and I no longer wish for Bomgar to be active/exist on my computer). When I input c:\windows\Tasks (Start/Search bar) - Computer - OS (C:) Windows - Tasks There are 2 files. One is Malwarebyte's Scheduled update and the other is a text document called SCHEDLGU, yet NO Bomgar Task file (does that mean Bomgar is dead/deleted/blown to smitherines)? The SCHEDLGU contains: "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/12/2011 7:24:29 AM "Task Scheduler Service" Started at 5/12/2011 3:12:15 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Started at 5/12/2011 3:35:05 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/13/2011 7:10:46 AM "Task Scheduler Service" Started at 5/14/2011 1:08:24 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/14/2011 1:23:09 AM "Task Scheduler Service" Started at 5/14/2011 9:16:08 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/16/2011 4:35:26 PM "Task Scheduler Service" Started at 5/16/2011 7:26:09 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/17/2011 9:21:04 AM "Task Scheduler Service" Started at 5/17/2011 9:23:49 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/17/2011 10:52:12 AM "Task Scheduler Service" Started at 5/17/2011 10:53:34 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/17/2011 9:54:56 PM "Task Scheduler Service" Started at 5/17/2011 9:57:14 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/17/2011 11:39:23 PM "Task Scheduler Service" Started at 5/18/2011 8:28:01 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/18/2011 9:00:26 PM "Task Scheduler Service" Started at 5/18/2011 9:01:19 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/18/2011 10:48:51 PM "Task Scheduler Service" Started at 5/18/2011 11:50:51 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/19/2011 12:25:46 AM "Task Scheduler Service" Started at 5/19/2011 10:05:08 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/19/2011 9:02:25 PM "Task Scheduler Service" Started at 5/19/2011 9:03:33 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/20/2011 12:17:01 AM "Task Scheduler Service" Started at 5/20/2011 4:49:49 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/20/2011 4:55:53 AM "Task Scheduler Service" Started at 5/20/2011 4:51:50 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/20/2011 6:44:19 PM "Task Scheduler Service" Started at 5/20/2011 7:16:27 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/20/2011 11:19:09 PM "Task Scheduler Service" Started at 5/20/2011 11:20:33 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Started at 5/21/2011 7:54:25 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Started at 5/21/2011 10:04:17 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/21/2011 4:04:20 PM "Task Scheduler Service" Started at 5/21/2011 4:05:39 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/23/2011 7:45:51 AM "Task Scheduler Service" Started at 5/23/2011 6:39:47 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/24/2011 10:18:16 AM "Task Scheduler Service" Started at 5/24/2011 10:19:48 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/24/2011 8:04:36 PM "Task Scheduler Service" Started at 5/24/2011 8:06:14 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/25/2011 6:57:19 AM "Task Scheduler Service" Started at 5/25/2011 6:19:29 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/27/2011 7:00:53 AM "Task Scheduler Service" Started at 5/27/2011 11:02:51 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/27/2011 8:15:11 PM "Task Scheduler Service" Started at 5/27/2011 9:51:43 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/27/2011 11:34:06 PM "Task Scheduler Service" Started at 5/28/2011 12:30:00 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/28/2011 1:05:06 AM "Task Scheduler Service" Started at 5/28/2011 10:08:04 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/29/2011 8:01:04 AM "Task Scheduler Service" Started at 5/29/2011 1:47:23 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/1/2011 7:19:52 AM "Task Scheduler Service" Started at 6/1/2011 6:48:38 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/2/2011 7:29:10 AM "Task Scheduler Service" Started at 6/2/2011 7:22:29 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/3/2011 11:34:37 PM "Task Scheduler Service" Started at 6/3/2011 11:35:47 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/7/2011 10:36:38 PM "Task Scheduler Service" Started at 6/7/2011 10:37:54 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Started at 6/9/2011 7:53:46 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/10/2011 1:42:37 AM "Task Scheduler Service" Started at 6/10/2011 7:41:12 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/15/2011 3:37:34 AM "Task Scheduler Service" Started at 6/15/2011 3:40:03 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/15/2011 7:47:58 AM "Task Scheduler Service" Started at 6/15/2011 7:50:39 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/15/2011 9:31:36 PM "Task Scheduler Service" Started at 6/16/2011 8:04:58 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/16/2011 8:07:46 PM "Task Scheduler Service" Started at 6/16/2011 8:09:40 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/16/2011 9:17:56 PM "Task Scheduler Service" Started at 6/17/2011 4:12:40 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/17/2011 5:24:15 PM "Task Scheduler Service" Started at 6/17/2011 5:25:18 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/17/2011 11:11:30 PM "Task Scheduler Service" Started at 6/18/2011 7:35:49 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/21/2011 7:57:41 AM "Task Scheduler Service" Started at 6/21/2011 7:42:25 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/23/2011 9:51:59 PM "Task Scheduler Service" Started at 6/24/2011 7:51:51 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 6/29/2011 3:17:13 AM "Task Scheduler Service" Started at 6/29/2011 3:18:51 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/1/2011 11:57:17 AM "Task Scheduler Service" Started at 7/1/2011 11:58:31 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/1/2011 7:04:51 PM "Task Scheduler Service" Started at 7/1/2011 7:06:01 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Started at 7/4/2011 11:25:57 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Started at 7/4/2011 7:13:52 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/5/2011 6:53:43 AM "Task Scheduler Service" Started at 7/5/2011 3:24:20 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/6/2011 5:41:07 PM "Task Scheduler Service" Started at 7/6/2011 5:42:22 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Started at 7/12/2011 4:53:11 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/12/2011 1:25:06 PM "Task Scheduler Service" Started at 7/12/2011 1:26:18 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/12/2011 1:53:15 PM "Task Scheduler Service" Started at 7/12/2011 1:54:03 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/12/2011 2:25:52 PM "Task Scheduler Service" Started at 7/12/2011 2:26:54 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/13/2011 12:34:20 AM "Task Scheduler Service" Started at 7/13/2011 10:01:36 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/13/2011 10:15:24 AM "Task Scheduler Service" Started at 7/13/2011 10:16:42 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/13/2011 11:34:34 AM "Task Scheduler Service" Started at 7/13/2011 11:37:08 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Started at 7/13/2011 12:13:55 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/13/2011 12:51:05 PM "Task Scheduler Service" Started at 7/13/2011 12:53:17 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/13/2011 1:48:33 PM "Task Scheduler Service" Started at 7/13/2011 1:55:18 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Started at 7/13/2011 4:38:37 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/13/2011 5:53:00 PM "Task Scheduler Service" Started at 7/13/2011 5:54:01 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Started at 7/13/2011 9:08:36 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/14/2011 2:01:44 AM "Task Scheduler Service" Started at 7/14/2011 7:12:18 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/14/2011 7:37:50 AM "Task Scheduler Service" Started at 7/14/2011 7:38:38 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/14/2011 10:43:38 AM "Task Scheduler Service" Started at 7/14/2011 10:44:53 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/14/2011 10:45:07 AM "Task Scheduler Service" Started at 7/14/2011 12:57:01 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/14/2011 7:07:58 PM "Task Scheduler Service" Started at 7/14/2011 7:08:51 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/14/2011 10:03:20 PM "Task Scheduler Service" Started at 7/14/2011 10:12:52 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/14/2011 10:20:44 PM "Task Scheduler Service" Started at 7/14/2011 10:21:32 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/15/2011 1:10:57 AM "Task Scheduler Service" Started at 7/15/2011 10:09:21 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/15/2011 1:41:13 PM "Task Scheduler Service" Started at 7/15/2011 7:22:24 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/15/2011 7:59:15 PM "Task Scheduler Service" Started at 7/15/2011 8:00:00 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/15/2011 8:03:32 PM "Task Scheduler Service" Started at 7/15/2011 8:04:16 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/15/2011 9:05:08 PM "Task Scheduler Service" Started at 7/15/2011 9:06:14 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/15/2011 11:28:27 PM "Task Scheduler Service" Started at 7/15/2011 11:30:00 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/16/2011 12:22:30 AM "Task Scheduler Service" Started at 7/16/2011 3:35:24 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/17/2011 2:17:01 AM "Task Scheduler Service" Started at 7/17/2011 10:10:42 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/17/2011 7:55:46 PM "Task Scheduler Service" Started at 7/19/2011 12:25:28 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Started at 7/19/2011 12:38:20 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/19/2011 4:55:15 AM "Task Scheduler Service" Started at 7/19/2011 8:29:01 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/20/2011 4:33:30 AM "Task Scheduler Service" Started at 7/20/2011 3:48:00 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/20/2011 5:23:35 PM "Task Scheduler Service" Started at 7/20/2011 8:07:57 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/21/2011 9:05:58 AM "Task Scheduler Service" Started at 7/22/2011 4:07:23 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Started at 7/22/2011 11:33:53 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/23/2011 7:09:31 AM "Task Scheduler Service" Started at 7/23/2011 10:22:24 AM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 7/23/2011 4:23:15 PM "Task Scheduler Service" Started at 7/23/2011 4:24:11 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) [ ***** Most recent entry is above this line ***** ] "Task Scheduler Service" Started at 5/11/2011 3:48:23 PM "Task Scheduler Service" 6.0.6001.18000 (longhorn_rtm.080118-1840) "Task Scheduler Service" Exited at 5/11/2011 8:48:07 PM "Task Scheduler Service" Started at 5/11/2011 8:49:47 PM If you give the "thumbs up" (system secure/all clean) then THANK YOU. This is a great forum with wonderful people (such as yourself) on it. Bailey

Dear Elise, I re-ran the ESET (free) online scan (no new infections), yet the quarantine still listed: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\C00.php a variant of Java/TrojanDownloader.OpenStream.NAZ trojan deleted - quarantined Anyway to permanently delete (rather then JUST quarantine) said downloader trojan? In case I uninstall the ESET files (and that THEN releases the virus)? Or just NOT an issue as it was a remnant (echo/ghost?) of the downloader trojan (which would then beg to ask the question "What happened to the rest of TrojanDownloader.OpenStream.NAZ?")? The ComboFix .txt scan results had said... Contents of the 'Scheduled Tasks' folder . 2011-07-13 c:\windows\Tasks\Bomgar Task 2083627.job - c:\program files\Internet Explorer\iexplore.exe [2011-07-16 03:27] . This is NOT active? Harmful (any more)? Sorry for my naive questions when you have been SO kind & patiant with me. From HUMID Maryland, Bailey Post Scriptum: Un-installed ALL tools (no problem)

Good Morning Elise (once again), Sorry for having forgotten to ask this earlier... The ESET scan gave me the pathway to the trojan, yet is there ANY way of telling for how long said trojan has been on my computer? Bailey

Good Morning Elise, So, for starters, I wanted to, once again, thank you for troubleshooting ("clean comp/infected comp?"). As said... I am, for the most part, bedridden (post surgery), hence NO surfing of the Web (I did check if multi-media files work...and they do). Great advice on the ESET Scan as it DID catch an infection... C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\C00.php a variant of Java/TrojanDownloader.OpenStream.NAZ trojan deleted - quarantined So, I am familiar with download trojans (click on a Google search hyperlink/downloader trojan mystery present/Webroot SpySweeper with Anti-Virus catches it/manual deletion of trojan in quarantine), yet the download trojans I'm familiar with are the fakeAlert variety (that try and convince you your computer is infected via pop-up alerts). What about the TrojanDownloader.OpenStream.NAZ trojan? Any idea what (harm) that does/is meant to do? Also... ESET Scan results said deleted - quarantined? Do you happen to know which it is (of the two) just quarantined or actually deleted? Today (in a few hours) I have a Outpatient follow up exam/biopsy, hence that could take all day by the time everything is said & done (ergo I might be TOO tired/wornout to post again untill Friday evening). I hope this response finds you doing well (healthwise & other) & of good cheer! From VERY humid Maryland, Bailey

Good Evening Elise, "How are things running at this point?" Well, I ONLY use the Computer (currently) to post logs on this thread, rather then surfing on the Net (once I have the "all clear" that would change), yet my comp allows: Win StartUp, IE opening, Logging-on to malwarebytes.org without interuptions. Now I don't know if I did any (temp) damage to my a/v (NIS 2011 & MBAM) because I triggered the ComboFix when I transfered it from My Documents/Download to Desktop (prior to my disabling NIS 2011 & MBAM), yet I have the install disk to both programs in case the ComboFix scan corrupted NIS 2011/MBAM files and should I need to un-install/re-install (no problemo). I only noticed, post ComboFix scan, that the MBAM Protection Module was disabled, yet after the scan I re-enabled the feature. From HUMID Maryland, Bailey

Good Evening Elise (again), I was reading the ComboFix .txt scan file results and noticed something interesting... 2011-07-13 c:\windows\Tasks\Bomgar Task 2083627.job - c:\program files\Internet Explorer\iexplore.exe [2011-07-16 03:27] I believe BOMGAR is IOYOGI's online system scan (i.e., the scan they did on my computer in Safe Mode with networking). I don't know if this info helps you. From a very tired & sore (post surgery), Bailey

Good Evening Elise, So, things didn't go entirely as I had hoped for pertaining to ComboFix download/install/run. Once again I didn't get the "download to desktop" option, but rather download file folder. I extracted ComboFix from there to desktop, yet in the process also triggered the ComboFix scan Before I cound disable ALL of my a/v & disable modem (Internet connection). Here is the ComboFix log... ComboFix 11-07-18.05 - DavidKS 07/19/2011 0:45.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.2116 [GMT -4:00] Running from: c:\users\DavidKS\Desktop\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFR9434.tmp c:\users\DavidKS\GoToAssistDownloadHelper.exe c:\users\Mickey C\GoToAssistDownloadHelper.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 ))))))))))))))))))))))))))))))) . . 2011-07-19 04:53 . 2011-07-19 04:53 -------- d-----w- c:\users\DavidKS\AppData\Local\temp 2011-07-19 04:53 . 2011-07-19 04:53 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-07-19 04:53 . 2011-07-19 04:53 -------- d-----w- c:\users\Mickey C\AppData\Local\temp 2011-07-19 04:53 . 2011-07-19 04:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-16 00:33 . 2011-07-16 01:29 -------- d-----w- c:\program files\Common Files\Symantec Shared 2011-07-16 00:33 . 2011-07-16 00:33 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-07-16 00:33 . 2011-07-16 00:33 -------- d-----w- c:\program files\Symantec 2011-07-16 00:32 . 2011-07-16 00:33 -------- d-----w- c:\windows\system32\drivers\NIS 2011-07-16 00:32 . 2011-07-16 00:32 -------- d-----w- c:\program files\Norton Internet Security 2011-07-16 00:07 . 2011-07-16 01:06 -------- d-----w- c:\program files\NortonInstaller 2011-07-13 19:21 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2011-07-13 14:13 . 2011-07-15 02:07 -------- d-----w- c:\users\DavidKS\AppData\Local\NPE 2011-07-13 14:09 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-07-13 14:09 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-07-13 14:09 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-12 19:45 . 2011-07-12 19:45 -------- d-----w- c:\program files\Common Files\Java 2011-07-12 18:08 . 2011-07-12 18:08 -------- d-----w- c:\users\DavidKS\AppData\Roaming\Tific 2011-07-12 18:08 . 2011-07-12 18:08 -------- d-----w- c:\users\DavidKS\AppData\Local\Symantec 2011-07-12 17:51 . 2011-07-12 17:51 -------- d-----w- c:\users\DavidKS\AppData\Local\PackageAware 2011-07-11 23:11 . 2011-07-12 08:29 -------- d-----w- c:\users\DavidKS\AppData\Local\CrashDumps 2011-07-10 16:42 . 2011-07-11 08:49 -------- d-----w- c:\users\Mickey C\AppData\Local\CrashDumps 2011-07-10 02:35 . 2011-07-16 00:32 -------- d-----w- c:\programdata\Norton 2011-06-29 02:01 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-13 15:44 . 2011-07-13 15:44 447659 ----a-w- c:\windows\smc.zip 2011-07-06 23:52 . 2008-07-19 22:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 23:52 . 2008-07-09 03:16 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 08:52 . 2010-05-26 20:13 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-02 17:16 . 2011-06-15 05:05 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 13:25 . 2011-06-15 05:06 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 13:25 . 2011-06-15 05:06 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-29 13:24 . 2011-06-15 05:05 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-29 13:24 . 2011-06-15 05:05 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-29 13:24 . 2011-06-15 05:05 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-21 13:58 . 2011-06-15 05:06 273408 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . c:\users\Mickey C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\DavidKS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote Table Of Contents.onetoc2 [2011-6-29 3656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-09-02 19:24 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\users\DavidKS\AppData\Roaming\iolo\ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Users^DavidKS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\DavidKS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2009-02-06 21:02 170496 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell PC TuneUp Startup] 2008-04-30 13:59 307568 ----a-w- c:\program files\iolo\Common\Lib\ioloLManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter] 2009-05-21 15:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2009-04-07 13:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 610 Series] 2009-01-26 06:00 199680 ----a-w- c:\windows\System32\spool\drivers\W32X86\3\E_FATIFJA.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM] 2009-06-05 04:00 843776 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTCM Client] 2009-08-05 17:36 1596096 ----a-w- c:\program files\LTCM Client\ltcmClient.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-07-06 23:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-06 23:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMSpeed] 2008-12-09 13:32 55120 ----a-w- c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-05-11 13:26 4452352 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2008-01-21 16:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-07-20 04:54 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager] 2008-07-18 19:04 331776 ----a-w- c:\windows\System32\WDBtnMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WDCBG] 2004-08-02 18:50 118784 ----a-w- c:\windows\wdcbg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe] 2008-05-24 18:34 26448 ----a-w- c:\windows\System32\spool\drivers\W32X86\3\WrtMon.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 WDCFX_AT;USB Storage Adapter FX_AT (WDC);c:\windows\system32\DRIVERS\WDCFX_AT.SYS [2004-08-02 33536] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [2011-05-19 810616] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-09-20 12800] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110716.031\IDSvix86.sys [2011-07-16 367736] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384] S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-04-30 565608] S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-04-30 565608] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-16 105592] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-07-13 c:\windows\Tasks\Bomgar Task 2083627.job - c:\program files\Internet Explorer\iexplore.exe [2011-07-16 03:27] . 2011-07-17 c:\windows\Tasks\Malwarebytes' Scheduled Update for DavidKS.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-07-09 23:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.pandasecurity.com/activescan/index/ uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100 uInternet Settings,ProxyOverride = cdn Trusted Zone: mlb.com\mlb TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe AddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-19 00:53 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . Completion time: 2011-07-19 00:55:50 ComboFix-quarantined-files.txt 2011-07-19 04:55 ComboFix2.txt 2010-05-18 14:53 . Pre-Run: 93,158,174,720 bytes free Post-Run: 93,118,676,992 bytes free . - - End Of File - - 9A45E4A71B36E77F573FFE7E389C2BEB I hope this is helps & thank you for doing this! Bailey

Good Afternoon Elise, So, as per instructions, I tried to download the TDSSKiller .zip directly to my desktop. It should have been simple, yet there are NEW features on my computer I'm not yet familiar with (i.s., Win IE 9, NIS 2011), hence (once clicking on the blue TDSSKiller .zip link I did not get the "download to" option). I looked as to where the .zip file had gone to though on my computer and was able to extract TDSSKiller .exe to desktop. Right-click TDSSKiller .exe & run as administrator. TDSSKiller 2.5.11.0 TDSS rootkit removing tool Ojects to scan Services and drivers Boot sectors ...ran scan... System scan completed Duration: 00:00:13 Processed: 240 objects, Infection: not found I hope this helps. Bailey

Hello Again elise025, Thank you for your kind regards & well wishes. This has, alas, been a really rotten week for me, yet your response is wonderful! So, the painkillers they gave me (post surgery) are not working as well as they should, and this heatwave (plus Maryland's notorious Summertime humidty), isn't exactly helping me get the bedrest my doctor ordered (i.e., everything here is WAY TO HUMID). Since I can't sleep I've dowloaded/installed/ran DDS. Here are the 2 notepad pop-ups... DDS (Ver_2011-07-14.01) - NTFS_x86 Internet Explorer: 9.0.8112.16421 Run by DavidKS at 18:37:30 on 2011-07-16 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.1866 [GMT -4:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Ati2evxx.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DllHost.exe C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Dell Support Center\gs_agent\dsc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.pandasecurity.com/activescan/index/ uWindow Title = Internet Explorer provided by Dell uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080703 uProxyServer = actsvr.comcastonline.com:8100 uProxyOverride = cdn BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\18.6.0.29\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\18.6.0.29\ips\ipsbho.dll BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - <orphaned> BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.6.0.29\coieplg.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.6.0.29\coieplg.dll mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\davidks\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: NameServer = 68.87.73.246 68.87.71.230 TCP: Interfaces\{C629A87C-0BC3-4355-932D-C4DB37BD09A5} : DHCPNameServer = 68.87.73.246 68.87.71.230 Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE . ============= SERVICES / DRIVERS =============== . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-7-13 28552] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-7-15 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-7-15 744568] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110701.001\BHDrvx86.sys [2011-5-19 810616] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-7-2 12800] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110715.032\IDSvix86.sys [2011-7-15 367736] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-7-15 136312] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys [2011-7-15 331384] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-7-2 565608] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-7-2 565608] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-7-8 366640] R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-7-15 130008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-15 105592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-7-8 22712] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 WDCFX_AT;USB Storage Adapter FX_AT (WDC);c:\windows\system32\drivers\wdcfx_at.sys [2008-7-18 33536] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . FileExt: .wsf: WSFFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2011-07-16 00:33:24 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-07-16 00:33:24 -------- d-----w- c:\program files\Symantec 2011-07-16 00:33:24 -------- d-----w- c:\program files\common files\Symantec Shared 2011-07-16 00:33:16 744568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symefa.sys 2011-07-16 00:33:16 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys 2011-07-16 00:33:16 340088 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symds.sys 2011-07-16 00:33:16 331384 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys 2011-07-16 00:33:16 296568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys 2011-07-16 00:33:15 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys 2011-07-16 00:33:15 136312 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys 2011-07-16 00:32:14 -------- d-----w- c:\windows\system32\drivers\nis\1206000.01D 2011-07-16 00:32:02 -------- d-----w- c:\windows\system32\drivers\NIS 2011-07-16 00:32:00 -------- d-----w- c:\program files\Norton Internet Security 2011-07-16 00:07:16 -------- d-----w- c:\program files\NortonInstaller 2011-07-13 19:21:33 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2011-07-13 14:13:52 -------- d-----w- c:\users\davidks\appdata\local\NPE 2011-07-13 14:09:19 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-07-13 14:09:15 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-13 14:09:15 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-07-12 18:08:19 -------- d-----w- c:\users\davidks\appdata\roaming\Tific 2011-07-12 18:08:18 -------- d-----w- c:\users\davidks\appdata\local\Symantec 2011-07-12 17:51:10 -------- d-----w- c:\users\davidks\appdata\local\PackageAware 2011-07-12 17:20:57 -------- d-----w- c:\windows\pss 2011-07-12 05:48:42 0 ----a-w- C:\DFR9434.tmp 2011-07-11 23:11:17 -------- d-----w- c:\users\davidks\appdata\local\CrashDumps 2011-07-10 02:35:29 -------- d-----w- c:\programdata\Norton 2011-07-10 02:33:37 -------- d-----w- c:\programdata\NortonInstaller 2011-06-29 02:01:28 276992 ----a-w- c:\windows\system32\schannel.dll . ==================== Find3M ==================== . 2011-07-16 03:27:01 161792 ----a-w- c:\windows\system32\msls31.dll 2011-07-16 03:27:01 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-07-16 03:27:00 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-07-16 03:27:00 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-07-16 03:27:00 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-21 13:58:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys . ============= FINISH: 18:38:01.44 =============== and... UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-07-14.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume3 Install Date: 7/2/2008 2:30:07 PM System Uptime: 7/16/2011 3:37:36 AM (15 hours ago) . Motherboard: Dell Inc. | | 0RY007 Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz | Socket 775 | 1200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 84.918 GiB free. D: is FIXED (NTFS) - 10 GiB total, 2.36 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: USB HS-CF Card Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-CF_CARD&REV_4.08#000006061E96&0# Manufacturer: TEAC Name: USB HS-CF Card PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-CF_CARD&REV_4.08#000006061E96&0# Service: WUDFRd . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: USB HS-MS Card Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-MS_CARD&REV_4.08#000006061E96&2# Manufacturer: TEAC Name: USB HS-MS Card PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-MS_CARD&REV_4.08#000006061E96&2# Service: WUDFRd . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: USB HS-SD Card Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-SD_CARD&REV_4.08#000006061E96&3# Manufacturer: TEAC Name: USB HS-SD Card PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-SD_CARD&REV_4.08#000006061E96&3# Service: WUDFRd . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: USB HS-xD/SM Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-XD#SM&REV_4.08#000006061E96&1# Manufacturer: TEAC Name: USB HS-xD/SM PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_USB___HS-XD#SM&REV_4.08#000006061E96&1# Service: WUDFRd . ==== System Restore Points =================== . RP1135: 7/4/2011 1:49:28 AM - Scheduled Checkpoint RP1136: 7/5/2011 1:28:57 AM - Scheduled Checkpoint RP1137: 7/5/2011 4:20:57 PM - Scheduled Checkpoint RP1138: 7/7/2011 12:20:09 AM - Scheduled Checkpoint RP1139: 7/8/2011 12:00:08 AM - Scheduled Checkpoint RP1140: 7/8/2011 6:03:52 PM - Windows Update RP1141: 7/8/2011 6:06:31 PM - Windows Update RP1142: 7/8/2011 11:14:41 PM - Windows Backup RP1143: 7/12/2011 4:39:00 AM - Restore Operation RP1144: 7/12/2011 3:43:38 PM - Installed Java 6 Update 26 RP1145: 7/12/2011 8:00:52 PM - Installed HiJackThis RP1146: 7/13/2011 12:44:21 PM - Windows Update RP1147: 7/14/2011 9:05:31 AM - Scheduled Checkpoint RP1148: 7/14/2011 9:31:02 AM - Removed HiJackThis RP1149: 7/14/2011 9:31:35 AM - Removed HiJackThis RP1150: 7/14/2011 9:35:32 AM - Installed HiJackThis RP1151: 7/14/2011 9:37:44 AM - Removed HiJackThis RP1152: 7/15/2011 11:58:15 AM - Scheduled Checkpoint RP1153: 7/15/2011 11:22:37 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader X (10.0.1) Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Print Creations ArcSoft Print Creations - Brochures & Flyers ArcSoft Print Creations - Photo Calendar ATI Catalyst Install Manager AutoUpdate Bonjour Browser Address Error Redirector Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista ccc-core-static ccc-utility CCC Help English CCleaner (remove only) Comcast High-Speed Internet Install Wizard Dell DataSafe Online Dell Getting Started Guide Dell Support Center (Support Software) DivX Codec DivX Converter DivX Player DivX Web Player EDocs Epson Event Manager Epson FAX Utility Epson PC-FAX Driver EPSON Scan EPSON WorkForce 610 Series Printer Uninstall ffdshow GoToAssist Corporate Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® PRO Network Connections 12.1.11.0 iTunes Java Auto Updater Java 6 Update 26 LTCM Client Malwarebytes' Anti-Malware version 1.51.1.1800 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable MobileMe Control Panel Move Networks Media Player for Internet Explorer MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 Music, Photos & Videos Launcher Norton Internet Security OGA Notifier 2.0.0048.0 Panda ActiveScan 2.0 PowerDVD Presto! PageManager 8.15.01 SE Product Documentation Launcher QualXServ Service Agreement QuickTime RealPlayer Realtek High Definition Audio Driver Retrospect 6.5 Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Safari Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2509488) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft Office 2007 System (KB2541012) Security Update for Microsoft Office Excel 2007 (KB2541007) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Skins Spelling Dictionaries Support For Adobe Reader 9 SpywareBlaster 4.2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) USB Storage Adapter FX/AT (WDC) Western Digital USB Mass Storage Driver Installation WinRAR archiver . ==== End Of File =========================== I hope this is helps. Additionally, I tried to run MBAM in Safe Mode with networking (noticed Protection Module was disabled), yet scan came up clean (No infections). I als ran NIS 2011 in Safe Mode withe networking the results were several tracking cookies (NIS 2011 took care of them). Aside from that "all quiet on the Eastern Front!" Bailey

Hello elise025, Thank you ever SO MUCH for having taken the time to read, and respond to, my post. Alas since I've started this thread I had to undergo minor surgery (malignant skin tumor), hence I might not be able to do the scan just right now (and post the results here on this thread) instead it might take till maybe Tuesday. Right now I'm in bad shape & shall have to follow doctor's orders (namely bedrest). I did, however, wish to thank you & issue an apology that my response is slower then I would like for it to be. I hope this response finds you doing well (I shall disconnect my modem & go to bed). Thank you & I'll post back ASAP Bailey

Good Morning, Well, for starters, thank you ever so much for looking at my post (and hopefully also for responding as well). I have a Dell desktop Inspiron 530 (Vista Home Basic 32-bit/Service Pack 2) that came pre-installed with McAfee Security Center. Added to harddrive were: Webroot SpySweeper with Anti-Virus & MBAM (full version). So, for 3 years all works rather well untill MSC expired last week. MSC was replaced with Norton Internet Security 2011. I had a Windows update (to latest version of Windows Internet Explorer), un-installed MSC (via Add/Remove programs in Control Panel), and installed NIS 2011. Installing NIS 2011 was not a problem, yet updating definitions was however. NIS 2011 would not update, nor Java, MBAM froze, and the computer came to a grinding halt. My ISP said either I have a software conflict of interest (internet security software) and/or plus a virus/malware. I chose to do a System Restore to go back to the previous week (which un-installed NIS 2011) and then un-installed Webroot... The Computer operates better, yet because the problem persisted for days and I had no anti-virus defense (software conflict?) I am HIGHLY concerned that my harddrive might be infected! To make matters worse... I tried to contact Norton (Symantec) regarding Norton Internet Security 2011, yet there is NO 1-800 number on the side of the box, that I bought from Best Buy, nor inside with the paperwork either. So, I Googled Symantec/Norton phone number & ended up calling a 1-800 number from a ficticious website (at the time I did not realize that the website was fake/imposter Symantec). Whoever I spoke to (from non-Symantec/Norton, yet led me to believe that it was Symantec/Norton) listened to what I had to say (possibility of virus/malware NIS 2011 was not catching/Firewall conflict) and then offered to do remote assistance (while on the phone with me) AND a Online System Scan of my computer in Safe Mode with networking. Afterwards I was told the worst POSSIBLE scare scenarios. No Firewall present on my Computer (big fat lie), No Windows Update(no big deal...easy as pie to fix by myself), 2,860 alerts/warnings in registry. The Registry alone would take 40 minutes to fix & had to be addressed first I was told (before the firewall issue). Since this was a seperate (non-NIS 2011, but rather Microsoft Windows) issue I would have to pay extra & should get out my credit card. Hmmm, something smelled fishy to me (particularily how the technician kept laying on the dangers of not acting immediately...once I had paid that is). At that point, at the latest, I suspected that something was WAY wrong (and I regretted allowing the online scan in Safe Mode with networking). I said, I sadly dont have a valid credit card and hung up. I called my ISP & explained what had happened by calling Symantec/Norton tech support in India regarding NIS 2011 & my firewall. My ISP said I spoke with the wrong people (we compared 1-800 nubers,for Symantec, over the phone) AND ioyogi or Bangor System Scan isn't Symantec, but rather a different outfit entirely (maybe ioyogi listed their 1-800 number on a website that came up in Google search rather then Symantec on purpose/listed wrong 1-800 number). Now I am both angry at being the victim of a con (even if they did not get any money out of me...they nonetheless were able to scan my computer remotely in safe mode with networking) as well as worried as to whether-or-not THEY stole personal information of mine in the process/left malicious virus, malware, spyware behind...or made changes to the registry). Cound he have done something to my computer, while scanning it in Safe Mode with networking, that later wont appear in scans in regular mode (when I run NIS 2011/MBAM)? In other words made changes that I cannot detect (that are NOT in my best interest). I would be ever SO grateful for input & good advice! ) My latest MBAM scan (and NIS 2011) came up clean, yet STILL worried (about malicious registry changes or spyware/virus)... Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7119 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19088 7/13/2011 11:45:07 PM mbam-log-2011-07-13 (23-45-05).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 296878 Time elapsed: 1 hour(s), 4 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Could a kind soul on this forum PLEASE tell me if YOU THINK there could be any infections not coming up in scans in regular Windows Mode? The reason why I ask is because I am a techno clutz with no idea as to what this person in India did to my Computer while he did a Online Scan in Safe Mode with networking! ( I REALLY need a second opinion as to whether-or-not my desktop is clean/secure!