Hello and welcome to Techspot.
Your system is infected with at least 2 trojans.
Boot into safe mode. See how
HERE.
Turn off system restore. See how
HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how
HERE.
Open your task manager, by pressing the ctrl/alt/delete keys together.
Click on the processes tab, and end process for(if there).
nvctrl.exe
mssearchnet.exe
wuauboot.exe
SkateParkPOS.exe
Close task manager.
Click start/run, and type regsvr32 /u C:\WINDOWS\SYSTEM32\winpsa32.dll and press the enter key.
Run HJT with no other programmes open, and have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: (no name) - {91DF094B-C9A0-BB26-A2AD-E2CB59EB5EB5} - C:\WINDOWS\system32\alsjtcd.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp80A9.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKCU\..\Run: [Zfcwnzxl] C:\WINDOWS\system32\?icrosoft\wuauboot.exe
Fix all 016 DPF entries.
O20 - Winlogon Notify: winpsa32 - C:\WINDOWS\SYSTEM32\winpsa32.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
Now click on the fix checked button.
Close HJT.
Locate, and delete the following bold files(if there).
C:\WINDOWS\SYSTEM32\
winpsa32.dll
C:\WINDOWS\system32\
nvctrl.exe
C:\WINDOWS\system32\
mssearchnet.exe
C:\WINDOWS\system32\
hp80A9.tmp
Reboot into normal mode and turn system restore back on.
Then, go
HERE and follow the instructions.
Then, post a fresh HJT log.
Regards Howard :wave: :wave: