To the best of my recollection, the history and symptoms are:
0. Unable to run Safari browser. I did not worry about it. MSIE acting strangely, I think.
1. Went to pdflite.com and tried to download pdfprinter.
2. No viruses reported prior to execution. Afterwords, antivirus notified me executable changed its file and asked if I wanted to continue running. I chose no. (using drweb)
3. Seems executable ran anyway. It unlinked so-to-speak the Adobe Acrobat installation. I cancelled the pdflite and deleted the executable. Did not notice any other ill-effects.
4. I reinstalled Adobe Acrobat X from the adobe website.
5. A few days later, computer will not run user "charles" with administrator privileges except in safe mode. Windows explorer keeps crashing.
6. Unable to run DDS. My antivirus says it is infected with Trojan.Muldrop3.6866. Seems strange a script would be reported infected.
7. Included Hijackthis reports.
Thank you.
Hijack This Log
- Code: Select all
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:49:01 PM, on 10/17/2011 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18639) Boot mode: Normal Running processes: C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrvProxy.exe C:\Windows\system32\dllhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Spare Backup\SpareBackup.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\DrWeb\spiderml.exe C:\Program Files\DrWeb\frwl_notify.exe C:\Program Files\DrWeb\spideragent.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Acronis\DriveMonitor\adm_tray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\explorer.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\cmd.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\notepad.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://translate.reference.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6919 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost #[IPv6] O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WRShell.BHO - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files\WebResearch\WRShell.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: WRShell.ToolBand - {8F0F47B1-7D4B-4834-A981-91E2A3DCE069} - C:\Program Files\WebResearch\WRShell.dll O3 - Toolbar: WRShell.EditBand - {5338DF6C-3B3B-4E38-8B31-7B99986627B2} - C:\Program Files\WebResearch\WRShell.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Cm102Sound] RunDll32 cm102.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" -autorun O4 - HKLM\..\Run: [Dr.Web Firewall] "C:\Program Files\DrWeb\frwl_notify.exe" O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [adm_tray.exe] C:\Program Files\Acronis\DriveMonitor\adm_tray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O8 - Extra context menu item: WebResearch: Save Link Address As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#110 O8 - Extra context menu item: WebResearch: Save Page Area (Frame) - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#102 O8 - Extra context menu item: WebResearch: Save Page Area (Frame) As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#106 O8 - Extra context menu item: WebResearch: Save Picture - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#101 O8 - Extra context menu item: WebResearch: Save Picture As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#108 O8 - Extra context menu item: WebResearch: Save Selected Targets As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#111 O8 - Extra context menu item: WebResearch: Save Selection - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#104 O8 - Extra context menu item: WebResearch: Save Selection As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#109 O8 - Extra context menu item: WebResearch: Save Target - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#103 O8 - Extra context menu item: WebResearch: Save Target As... - res://C:\PROGRA~1\WEBRES~1\wrshell.dll/#107 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Atomic Alarm Clock Time (AtomicAlarmClock) - Unknown owner - C:\Program Files\Clock Tray Skins\timeserv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrlAPI - Unknown owner - C:\Cygwin\bin\cygrunsrv.exe O23 - Service: Performance Toolkit Disk Defrag Service (DMDefragService) - PC Tools - C:\Program Files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe O23 - Service: Performance Toolkit Disk Repair Service (DMRepairService) - PC Tools - C:\Program Files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe O23 - Service: Dr.Web Firewall Application Filter (DrWebFWSvc) - Doctor Web, Ltd. - C:\Program Files\DrWeb\frwl_svc.exe O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: XWP_Services (XWNTSERV) - Unknown owner - C:\Windows\System32\xwntserv.exe O23 - Service: XwpXSetSrvProNFS service (XwpXSetSrvProNFS) - Unknown owner - C:\Users\Public\Program Files\Lab-NC\ProNFS\xsetsrv.exe -- End of file - 13047 bytes
Uninstall List
- Code: Select all
7-Zip 9.20 Acronis Drive Monitor Acronis True Image WD Edition Adobe AIR Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.1.1) Adobe Shockwave Player 11.5 Agere Systems HDA Modem Allway Sync version 11.1.11 AnyDVD Apple Application Support Apple Mobile Device Support Apple Software Update AutoHotkey 1.1.00.00 Bonjour Brief Browser Address Error Redirector BurnOn CD&DVD, Version 3.1.3 ( Build 2009-2-22, Win32, ) Canon MP Navigator EX 1.0 Canon MX310 series CaptureWizPro 4.50 ClipboardCC 5.4.0.0 Clock Tray Skins 4.2 CloneDVD2 CloneSpy 2.61 Compatibility Pack for the 2007 Office system CompuApps SwissKnife V3 CyberLink PhotoNow CyberLink PhotoNow CyberLink PowerDirector CyberLink PowerDirector Dr.Web anti-virus for Windows Pro 6.0 (x86) ffdshow v1.1.3800 [2011-03-28] FileASSASSIN Flash Drive Tester v1.14 FlipShare Free NaturalReader FreeMind Gateway Connect Gateway Recovery Center Installer GIMP 2.6.11 Google Chrome Google Desktop Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Google Update Helper H&R Block Deluxe + Efile 2010 Help Explorer 3.0 HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP USB Disk Storage Format Tool Infinite Pre-Algebra Infinite Pre-Algebra Trial Intel(R) Graphics Media Accelerator Driver Intel(R) Matrix Storage Manager iTunes Java(TM) 6 Update 26 Java(TM) SE Runtime Environment 6 Update 1 KWorld Editing Device Driver Malwarebytes' Anti-Malware version 1.51.1.1800 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended Microsoft Access database engine 2010 (English) Microsoft MapPoint North America 2011 Microsoft Money Essentials Microsoft Money Shared Libraries Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works Microsoft WSE 2.0 SP3 Runtime Mozilla Firefox (3.6.23) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MuseScore 0.9.6.3 MuseScore score typesetter nfsAxe Notation Composer 2.6.3 (Trial Version) OpenOffice.org 3.2 Opera 11.00 Pegasus Mail Performance Toolkit 1.0 Power2Go 5.0 ProNFS Python 2.7.2 QuickTime Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek USB 2.0 Card Reader Registry Mechanic 10.0 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) SigmaTel Audio SmartSound Quicktracks Plugin Spare Backup SwordSearcher 6.0.1.3 Synaptics Pointing Device Driver Tar-1.13 Binaries (GnuWin32) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) USB Audio Device VirtualCloneDrive WebResearch 3 WinHTTrack Website Copier 3.44-1 WinNc 5 .5.0.0 WinPatrol