TechSpot

I keep getting redirected

Solved
By newbieRay
Mar 25, 2013
  1. It's doesn't matter which search engine I use, any link I click redirects me. I have norton AV and it has stop websites I have been redirected too from "attacking" as it will say but I can't open my norton to run a complete system check either.
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 4-Step instructions and post the logs back here for my review.

    Also, include this scan:

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
     
  3. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    Thank you for your reply back. The TDSSKiller Scan downloaded but when I try to open it, it is asking me what progarm to open it with.
    Here are the other logs.

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.03.25.13
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jonathan :: CANDY-HP [administrator]
    3/25/2013 2:46:50 PM
    mbam-log-2013-03-25 (14-46-50).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 237198
    Time elapsed: 3 minute(s), 11 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 1
    C:\Users\Jonathan\AppData\Local\Conduit\bwgrktks.dll (Trojan.Tracur) -> Delete on reboot.
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Users\Jonathan\AppData\Local\Conduit\bwgrktks.dll (Trojan.Tracur) -> Delete on reboot.
    (end)
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/13/2011 4:09:57 PM
    System Uptime: 3/25/2013 3:07:18 PM (0 hours ago)
    .
    Motherboard: FOXCONN | | 2AB1
    Processor: AMD Athlon(tm) II X4 630 Processor | CPU 1 | 784/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 686 GiB total, 577.182 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.174 GiB free.
    E: is CDROM (UDF)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: 5000 Series
    Device ID: USB\VID_043D&PID_0116&MI_00\6&B0A67F5&1&0000
    Manufacturer:
    Name: 5000 Series
    PNP Device ID: USB\VID_043D&PID_0116&MI_00\6&B0A67F5&1&0000
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: AntiLog32
    Device ID: ROOT\LEGACY_ANTILOG32\0000
    Manufacturer:
    Name: AntiLog32
    PNP Device ID: ROOT\LEGACY_ANTILOG32\0000
    Service: AntiLog32
    .
    ==== System Restore Points ===================
    .
    RP1: 2/14/2013 4:25:07 PM - Removed H&R Block Premium + Efile + State 2012.
    RP2: 2/23/2013 12:24:09 PM - Scheduled Checkpoint
    RP3: 2/27/2013 8:19:33 PM - Windows Update
    RP4: 3/6/2013 7:39:59 PM - Installed The Sims 3
    RP5: 3/6/2013 7:55:31 PM - Installed TheSims3EP8
    RP6: 3/6/2013 8:13:19 PM - Installed The Sims 3
    RP7: 3/7/2013 10:46:31 PM - Installed WinZip 15.0
    RP8: 3/13/2013 2:58:30 PM - Installed TheSims3EP9
    RP9: 3/14/2013 3:00:34 AM - Windows Update
    RP10: 3/21/2013 12:21:40 PM - Scheduled Checkpoint
    RP11: 3/25/2013 1:58:01 PM - Installed Java 7 Update 17
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Content Viewer
    Adobe Creative Suite 5.5 Design Standard
    Adobe Download Assistant
    Adobe Flash Player 10 ActiveX
    Adobe Reader XI (11.0.02)
    AMD Fuel
    ATI Catalyst Install Manager
    ATI Problem Report Wizard
    ATI Stream SDK v2 Developer
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Build-a-lot 2
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    CinemaNow Media Manager
    Constant Guard Protection Suite
    Coupon Printer for Windows
    Crystal Reports 2008 Runtime SP1
    CyberLink DVD Suite Deluxe
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    DVD Menu Pack for HP MediaSmart Video
    Escape Rosecliff Island
    FATE
    Final Drive Nitro
    Garmin Communicator Plugin x64
    Garmin Lifetime Updater
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.2.1.1
    HP Advisor
    HP Customer Experience Enhancements
    HP Game Console
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart SmartMenu
    HP MediaSmart Video
    HP MediaSmart/TouchSmart Netflix
    HP Odometer
    HP Product Detection
    HP Setup
    HP Support Assistant
    HP Support Information
    HP Update
    HP Vision Hardware Diagnostics
    Hulu Desktop
    HydraVision
    Intuit SiteBuilder
    Java 7 Update 17
    Java Auto Updater
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Kobo
    LabelPrint
    Lexmark 5000 Series
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Microsoft_VC90_MFCLOC_x86
    Microsoft_VC90_MFCLOC_x86_x64
    Movie Theme Pack for HP MediaSmart Video
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Online Backup
    Norton Security Suite
    Origin
    PDF Complete Special Edition
    PDF Settings CS5
    Peachtree Accounting 2010
    Peachtree Complete Accounting 2010
    PeachTree Signature Ready Forms
    Penguins!
    Pervasive PSQL v10.10 Workgroup (32-bit)
    PhotoNow!
    PictureMover
    Plants vs. Zombies
    PlayReady PC Runtime amd64
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PressReader
    Ralink RT2860 Wireless LAN Card
    Realtek High Definition Audio Driver
    Recovery Manager
    Roxio CinemaNow 2.0
    Sage Integration Services
    Sage Message Center
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 Fast Lane Stuff
    The Sims™ 3 Generations
    The Sims™ 3 High-End Loft Stuff
    The Sims™ 3 Late Night
    The Sims™ 3 Outdoor Living Stuff
    The Sims™ 3 Pets
    The Sims™ 3 Seasons
    The Sims™ 3 Showtime
    The Sims™ 3 Town Life Stuff
    The Sims™ 3 University Life
    The Sims™ 3 World Adventures
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Virtual Families
    Virtual Villagers - The Secret City
    Wheel of Fortune 2
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Mobile Device Center
    WinZip 17.0
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/25/2013 3:08:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdmCATSCustConnectService service to connect.
    3/25/2013 3:08:22 PM, Error: Service Control Manager [7000] - The lxdmCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/21/2013 11:12:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CGPS Service service to connect.
    3/21/2013 11:12:35 AM, Error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/18/2013 10:23:49 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    3/18/2013 10:23:49 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    3/18/2013 10:22:10 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
    Run by Jonathan at 15:23:44 on 2013-03-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2283 [GMT -4:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxdmcoms.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Lexmark 5000 Series\lxdmmon.exe
    C:\Program Files (x86)\Lexmark 5000 Series\lxdmamon.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\regsvr32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.111.1\NativeBHO.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll
    uRun: [Programs] rundll32 "C:\Users\Jonathan\AppData\Local\PDFC\Programs\zkhoaitqy.dll",D3DXSHEvalHemisphereLight
    uRun: [Conduit] Regsvr32.exe C:\Users\Jonathan\AppData\Local\Conduit\bwgrktks.dll
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [PeachtreePrefetcher.exe] "C:\PROGRA~2\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
    mRun: [Lexmark 5000 Series] "C:\Program Files (x86)\Lexmark 5000 Series\fm3032.exe" /s
    mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    mRun: [ShopAtHomeWatcher] C:\Users\Jonathan\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{2D5FCB86-53B8-4469-8144-762A47826CDE} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{3F3E7EEA-CE39-41FC-8410-F329CEE39604} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{6794ECD7-BDFF-4540-9EA3-9507F4F733CF} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{6794ECD7-BDFF-4540-9EA3-9507F4F733CF}\35475677162747 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{6794ECD7-BDFF-4540-9EA3-9507F4F733CF}\C696E6B6379737 : DHCPNameServer = 68.87.73.246 68.87.71.230
    SSODL: WebCheck - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [lxdmmon.exe] "C:\Program Files (x86)\Lexmark 5000 Series\lxdmmon.exe"
    x64-Run: [lxdmamon] "C:\Program Files (x86)\Lexmark 5000 Series\lxdmamon.exe"
    x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1402000.013\symds64.sys [2013-2-18 493216]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1402000.013\symefa64.sys [2013-2-18 1133216]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-5 1388120]
    R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1402000.013\ccsetx64.sys [2013-2-18 168096]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130322.001\IDSviA64.sys [2013-3-23 513184]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1402000.013\ironx64.sys [2013-2-18 224416]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1402000.013\symnets.sys [2013-2-18 432800]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-21 203264]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-28 354304]
    R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
    R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2013-1-14 66600]
    R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe [2013-2-18 143928]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-21 635416]
    R2 psqlWGE;Pervasive PSQL Workgroup Engine;C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2008-6-6 435496]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-4-19 46136]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-18 138912]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-10-21 852256]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-21 346144]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-10-21 38456]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-13 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-18 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-03-25 18:44:56 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Malwarebytes
    2013-03-25 18:44:35 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-25 18:44:35 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-03-25 18:44:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-25 17:59:12 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-24 14:41:26 -------- d-----w- C:\Users\Jonathan\AppData\Local\WinZip
    2013-03-18 14:22:02 822328 ----a-w- C:\ProgramData\SPL3479.tmp
    2013-03-13 21:52:31 -------- d-----w- C:\Users\Jonathan\AppData\Local\Origin
    2013-03-11 18:12:07 404840 ----a-w- C:\ProgramData\SPLEB6F.tmp
    2013-03-11 14:49:10 496112 ----a-w- C:\ProgramData\SPL1C2C.tmp
    2013-03-11 06:35:31 407406 ----a-w- C:\ProgramData\SPL1E7C.tmp
    2013-03-07 16:36:10 -------- d-----w- C:\components
    2013-03-07 00:24:27 -------- d-----w- C:\Users\Jonathan\AppData\Local\CRE
    2013-03-07 00:24:05 -------- d-----w- C:\Users\Jonathan\AppData\Local\Conduit
    2013-03-07 00:23:56 -------- d-----w- C:\Program Files (x86)\uTorrent
    2013-03-07 00:22:56 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\uTorrent
    2013-03-04 20:09:23 1527761 ----a-w- C:\ProgramData\SPL3800.tmp
    2013-03-04 20:07:32 1527449 ----a-w- C:\ProgramData\SPL87D4.tmp
    2013-02-27 23:49:44 6378715 ----a-w- C:\ProgramData\SPLE26F.tmp
    2013-02-27 15:00:46 2021083 ----a-w- C:\ProgramData\SPL9ABC.tmp
    .
    ==================== Find3M ====================
    .
    2013-03-25 17:59:07 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-03-25 17:59:07 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-03-06 10:38:36 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
    2013-03-06 10:38:36 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
    2013-02-19 00:39:32 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-02-01 15:42:04 813856 ----a-w- C:\ProgramData\SPLAA54.tmp
    2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
    2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
    2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
    2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-03 19:41:02 3294888 ----a-w- C:\ProgramData\SPL6070.tmp
    2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ============= FINISH: 15:24:34.86 ===============
     
  4. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    Another thing I'm noticing is that, after I ran the malwarebytes and removed the selected. I did as it said to restart my computer and now I'm having this error for RegSvr32 looking for the file that was deleted.
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay, we'll continue here. Go ahead with TDSSKiller.
     
  6. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    What program should I open the TDSSKiller Scan with? It won't let me continue until I choose a progarm
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu). Once there, try again.
     
  8. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    Sorry, I did what you stated to do and it still asking me "what file to use to open it."
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. Use the following tool, and then try again please:

    Please download and run RKill.

    Download mirror 1 - Download mirror 2 - Download mirror 3

    • Save it to your Desktop.
    • Double click the RKill desktop icon.
    • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
    • Please post its log in your next reply.
    • After it has run successfully, delete RKill.
    Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.
     
  10. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    Rkill 2.4.7 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 03/25/2013 06:06:32 PM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * Windows Defender Disabled
    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001
    Checking Windows Service Integrity:
    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Manual
    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)
    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)
    * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
    Searching for Missing Digital Signatures:
    * No issues found.
    Checking HOSTS File:
    * No issues found.
    Program finished at: 03/25/2013 06:06:43 PM
    Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)
     
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Did TDSSKiller work?
     
     
  12. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    No TDSSKiller doesn't work
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
     
  14. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    It is asking me if I want to download the lastest avast! virus defintions, Should I click yes?
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes, please. :)
     
  16. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    I just click no because I have AV on my computer already. here's the log:

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-03-26 15:58:30
    -----------------------------
    15:58:30.783 OS Version: Windows x64 6.1.7601 Service Pack 1
    15:58:30.783 Number of processors: 4 586 0x502
    15:58:30.783 ComputerName: CANDY-HP UserName: Jonathan
    15:58:33.030 Initialize success
    16:33:04.631 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
    16:33:04.631 Disk 0 Vendor: Hitachi_ JP3O Size: 715404MB BusType: 11
    16:33:04.693 Disk 0 MBR read successfully
    16:33:04.693 Disk 0 MBR scan
    16:33:04.724 Disk 0 unknown MBR code
    16:33:04.724 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    16:33:04.724 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702933 MB offset 206848
    16:33:04.755 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12368 MB offset 1439814401
    16:33:04.818 Disk 0 scanning C:\Windows\system32\drivers
    16:33:09.404 Service scanning
    16:33:21.510 Modules scanning
    16:33:21.510 Scan finished successfully
    16:33:59.777 Disk 0 MBR has been saved successfully to "C:\Users\Jonathan\Desktop\MBR.dat"
    16:33:59.777 The log file has been saved successfully to "C:\Users\Jonathan\Desktop\aswMBR.txt"
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I need the following file uploaded please:

    C:\Users\Jonathan\Desktop\MBR.dat

    Upload to SpeedyShare.com.
    • When you enter the site, click the center bar, "Click here to upload[...]", find the file "mbr.dat" in "Desktop". Select that, and upload it.
    • Once you do that, you will get a sharing link. Please post that in your next reply.
     
  18. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    Code:
    http://speedy.sh/c23hs/MBRscan.txt
     
  19. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    Was this what you needed?
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good work. Now, please the following:

    Malwarebytes' Anti-Rootkit

    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
     
  21. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    Malwarebytes Anti-Rootkit BETA 1.01.0.1021
    www.malwarebytes.org
    Database version: v2013.03.27.08
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jonathan :: CANDY-HP [administrator]
    3/27/2013 2:10:53 PM
    mbar-log-2013-03-27 (14-10-53).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 30657
    Time elapsed: 26 minute(s), 44 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1021
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.800000 GHz
    Memory total: 4025782272, free: 1978200064
    ------------ Kernel report ------------
    03/27/2013 13:30:32
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\amdsata.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\N360x64\1402000.013\SYMDS64.SYS
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie64.sys
    \SystemRoot\system32\drivers\N360x64\1402000.013\ccSetx64.sys
    \SystemRoot\system32\drivers\N360x64\1402000.013\Ironx64.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS
    \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    \SystemRoot\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\netr28x.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\amdiox64.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_amdsata.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\System32\Drivers\N360x64\1402000.013\SRTSP64.SYS
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130327.004\EX64.SYS
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130327.004\ENG64.SYS
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130326.001\IDSvia64.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\wininet.dll
    \Windows\System32\nsi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\lpk.dll
    \Windows\System32\sechost.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\ole32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\user32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\psapi.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk5\DR5
    Upper Device Object: 0xfffffa8005a4a060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000008c\
    Lower Device Object: 0xfffffa8005888b60
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa8005a45060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000008a\
    Lower Device Object: 0xfffffa8005879b60
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa8005a3b060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000089\
    Lower Device Object: 0xfffffa8005878b60
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa800366f060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000088\
    Lower Device Object: 0xfffffa800586eb60
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa800366e060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000087\
    Lower Device Object: 0xfffffa800586fb60
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8003aa2790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000061\
    Lower Device Object: 0xfffffa80039e09c0
    Lower Device Driver Name: \Driver\amdsata\
    Driver name found: amdsata
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
    Load Function returned 0x0
    Downloaded database version: v2013.03.27.08
    Downloaded database version: v2013.03.25.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8003aa2790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8003aa22c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8003aa2790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80039e5b80, DeviceName: Unknown, DriverName: \Driver\amdxata\
    DevicePointer: 0xfffffa80039e09c0, DeviceName: \Device\00000061\, DriverName: \Driver\amdsata\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00d9c60d0, 0xfffffa8003aa2790, 0xfffffa8008aeb790
    Lower DeviceData: 0xfffff8a01009a190, 0xfffffa80039e09c0, 0xfffffa800718cc90
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 9AC660A3
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 1439607553
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1439814401 Numsec = 25329664
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 750156374016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa800366e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800587eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800366e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800587abf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa800586fb60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xfffffa800366f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800587fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800366f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800587bbf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa800586eb60, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xfffffa8005a3b060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8005a3bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8005a3b060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800587cbf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa8005878b60, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xfffffa8005a45060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8005a45b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8005a45060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800587dbf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa8005879b60, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 5, DevicePointer: 0xfffffa8005a4a060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80058829d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8005a4a060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8005887bf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa8005888b60, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Done!
    Performing system, memory and registry scan...
    Read File: File "c:\Users\Jonathan\AppData\Local\MigWiz\setuperr.log" is compressed (flags = 1)
    Read File: File "c:\Users\Jonathan\AppData\Local\MigWiz\setuperr.log" is compressed (flags = 1)
    Done!
    Scan finished
    =======================================
     
  22. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    Did I do it correctly?
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Sorry for my delay. I was busy with social media stuff yesterday, but I should be back on schedule here...
    Are the redirects still happening? I need a rundown of the current problems affecting the computer, please.
     
  24. newbieRay

    newbieRay TS Member Topic Starter Posts: 36

    That's ok. :) I am still getting redirected. What happens is when I use any main search engine it redirects me to another site which I know isn't a good one because my AV with say it blocked an attack. I can get to the site sometimes by right-clicking and opening a new tab but a new window will pop up with the redirected site. After running the Malwarebytes Anti-Malware, it deleted (removed) two trojans and now my computer with pop up this error message about regsvr 32 looking for one of the deleted trojan file.
     
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lnk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      %systemroot%\AppPatch\Custom\*.*
      %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
      %PROGRAMFILES%\PC-Doctor\Downloads\*.*
      %PROGRAMFILES%\Internet Explorer\*.tmp
      %PROGRAMFILES%\Internet Explorer\*.dat
      %USERPROFILE%\My Documents\*.exe
      %USERPROFILE%\*.exe
      %systemroot%\ADDINS\*.*
      %systemroot%\assembly\*.bak2
      %systemroot%\Config\*.*
      %systemroot%\REPAIR\*.bak2
      %systemroot%\SECURITY\Database\*.sdb /x
      %systemroot%\SYSTEM\*.bak2
      %systemroot%\Web\*.bak2
      %systemroot%\Driver Cache\*.*
      %PROGRAMFILES%\Mozilla Firefox\*.exe
      %ProgramFiles%\Microsoft Common\*.*
      %ProgramFiles%\TinyProxy.
      %USERPROFILE%\Favorites\*.url /x
      %systemroot%\system32\*.bk
      %systemroot%\*.te
      %systemroot%\system32\system32\*.*
      %ALLUSERSPROFILE%\*.dat /x
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\*.exe /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\*.sys
      %systemroot%\system32\drivers\*.dll
      %systemroot%\system32\drivers\*.ini
      %systemroot%\system32\drivers\*.exe
      %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
      %SYSTEMDRIVE%\*.*
      %PROGRAMFILES%\*.
      %appdata%\*.*
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      disk.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      mv61xx.sys
      usbstor.sys
      /md5stop
      CREATERESTOREPOINT
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.