Solved Possible virus?

Z

Zachareye

Posts: 47   +0
Symptoms:
1) Firefox and Google Crome are not loading paiges that the once had (e.g. veetle.com) despite trying to update the website plugin and even java plugin.
2) Google Crome will open random tabs when trying to open a link (not related to anything), sometimes will redirect me from sites like pandora saying the site can be a virus and harmful (when not even at the computer)
3) Malwarebytes Anti-Malware and SuperAntispyware will not update adjusting firewall settings to allow access and even disabling Norton.
4) Media Center for the internet tv will give me to box to check to agree, then I click the install button and nothing happens

What I have tried:
1) Scan with Norton 2010
2) Scan with Avast Free
3) Scan with Malwarebytes Anti-Malware (not up-to date)
4) Scan with SuperAntiSpyware (not up-to date)
All of which have not fixed the problems described.

I have attached HJT Log

I am running Windows 7 Home Premium 64bit OS

Please let me know you suggestions?
 

Attachments

  • hijackthis.log
    23 KB · Views: 1
Okay, so step 1 done. step 2 done. step 3 would not update (even with firewall disabled) and when I ran the scan anyway it ended up crashing my system and reboot. step 4 skiped because I have windows 7 64 bit. step 5 is attached.
 

Attachments

  • DDS.txt
    43.9 KB · Views: 4
  • Attach.txt
    11.9 KB · Views: 0
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Part 1 the MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: AY747AA-ABA p6310y
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 223):
0x0305E000 \SystemRoot\system32\ntoskrnl.exe
0x03015000 \SystemRoot\system32\hal.dll
0x00BB1000 \SystemRoot\system32\kdcom.dll
0x00CBF000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CCC000 \SystemRoot\system32\PSHED.dll
0x00CE0000 \SystemRoot\system32\CLFS.SYS
0x00D3E000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00CA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E83000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00EDA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00EE3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00EED000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F20000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F2D000 \SystemRoot\System32\drivers\partmgr.sys
0x00F42000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F57000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FB3000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x0107E000 \SystemRoot\system32\DRIVERS\storport.sys
0x010E0000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010EB000 \SystemRoot\system32\drivers\fltmgr.sys
0x01137000 \SystemRoot\system32\drivers\fileinfo.sys
0x0114B000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS
0x011B9000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS
0x01227000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x013CA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01447000 \SystemRoot\System32\Drivers\cng.sys
0x014BA000 \SystemRoot\System32\drivers\pcw.sys
0x014CB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014D5000 \SystemRoot\system32\drivers\ndis.sys
0x016A6000 \SystemRoot\system32\drivers\NETIO.SYS
0x01706000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x01731000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AAB000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01B5B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01BA7000 \SystemRoot\System32\Drivers\Tpkd.sys
0x01A00000 \SystemRoot\system32\DRIVERS\tdrpman.sys
0x01A94000 \SystemRoot\System32\Drivers\spldr.sys
0x0177B000 \SystemRoot\system32\DRIVERS\snapman.sys
0x017B6000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BCA000 \SystemRoot\System32\Drivers\mup.sys
0x01BDC000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BE5000 \SystemRoot\system32\DRIVERS\disk.sys
0x0163A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x015C7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02EA5000 \SystemRoot\System32\Drivers\NISx64\1107000.00C\SRTSP64.SYS
0x02F2B000 \SystemRoot\system32\drivers\NISx64\1107000.00C\Ironx64.SYS
0x02F52000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS
0x04008000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100912.005\EX64.SYS
0x041C2000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x02F66000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100912.005\ENG64.SYS
0x02F86000 \SystemRoot\system32\DRIVERS\CLBStor.sys
0x02F90000 \SystemRoot\System32\Drivers\Null.SYS
0x041F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x02F99000 \SystemRoot\System32\drivers\vga.sys
0x02FA7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02FCC000 \SystemRoot\System32\drivers\watchdog.sys
0x02FDC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02FE5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02FEE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02E00000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02E0B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02E1C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02E3A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E47000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x04284000 \SystemRoot\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS
0x042FA000 \SystemRoot\system32\drivers\afd.sys
0x04384000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x0438E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x043D3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04200000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04226000 \SystemRoot\system32\DRIVERS\jswpslwfx.sys
0x04233000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04249000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04258000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x043DC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x043F0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x04273000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x0442D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0447E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0448A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04495000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100909.001\IDSvia64.sys
0x0450B000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x04516000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x0458C000 \SystemRoot\System32\drivers\discache.sys
0x0459B000 \SystemRoot\System32\Drivers\dfsc.sys
0x04620000 \SystemRoot\system32\drivers\NISx64\1107000.00C\ccHPx64.sys
0x046BC000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x046CD000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
0x047B8000 \SystemRoot\System32\Drivers\aswSP.SYS
0x045B9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x047DB000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x047F0000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x04600000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04CA1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04CF7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04D08000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x05083000 \SystemRoot\system32\drivers\ctaud2k.sys
0x05155000 \SystemRoot\system32\drivers\portcls.sys
0x05192000 \SystemRoot\system32\drivers\drmk.sys
0x051B4000 \SystemRoot\system32\drivers\ks.sys
0x05000000 \SystemRoot\system32\drivers\ctoss2k.sys
0x0503B000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x05043000 \SystemRoot\system32\drivers\ksthunk.sys
0x05049000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x0506B000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x04D46000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04D53000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x04DA5000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x058EF000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x0545C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05550000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05596000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x055BA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x055C3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x055D3000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
0x055DF000 \SystemRoot\System32\Drivers\RootMdm.sys
0x055E7000 \SystemRoot\system32\drivers\modem.sys
0x05400000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05416000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0543A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05F32000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05F61000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05F7C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05F9D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05446000 \SystemRoot\System32\Drivers\pcouffin.sys
0x055F6000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x05FB7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05FC6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05FD5000 \SystemRoot\system32\DRIVERS\VClone.sys
0x05800000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x055FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0582F000 \SystemRoot\system32\DRIVERS\circlass.sys
0x05841000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05853000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x058AD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x058C2000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x04C00000 \SystemRoot\system32\drivers\hap16v2k.sys
0x06A2A000 \SystemRoot\system32\drivers\ha10kx2k.sys
0x04C42000 \SystemRoot\system32\drivers\emupia2k.sys
0x02E57000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x06CC5000 \SystemRoot\system32\drivers\ctac32k.sys
0x06D73000 \SystemRoot\System32\drivers\COMMONFX.SYS
0x06C00000 \SystemRoot\System32\drivers\CTSBLFX.SYS
0x06E52000 \SystemRoot\System32\drivers\CTAUDFX.SYS
0x06F02000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06F10000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x06F1A000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x06F59000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06F6C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06F89000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06F8B000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x06F9C000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x06FA8000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x06FB8000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x06FE0000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x06E1B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06E36000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06CAB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06E44000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x000E0000 \SystemRoot\System32\win32k.sys
0x06FEA000 \SystemRoot\System32\drivers\Dxapi.sys
0x06FF6000 \SystemRoot\SYSTEM32\DRIVERS\MBX2DFU.sys
0x02018000 \SystemRoot\system32\drivers\dalwdm.sys
0x0219B000 \SystemRoot\system32\drivers\mbx2midk.sys
0x021A2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x021B0000 \SystemRoot\system32\drivers\usbaudio.sys
0x021CB000 \SystemRoot\system32\DRIVERS\usbcir.sys
0x02A86000 \SystemRoot\system32\DRIVERS\WN111v2w7x.sys
0x02B90000 \SystemRoot\System32\drivers\vwifibus.sys
0x02B9D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x02BAB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02BB8000 \SystemRoot\system32\DRIVERS\hidir.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x00820000 \SystemRoot\System32\ATMFD.DLL
0x02BC9000 \SystemRoot\system32\drivers\luafv.sys
0x02A00000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x02A3A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x02A43000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0x02A5A000 \SystemRoot\system32\drivers\WudfPf.sys
0x03C9C000 \SystemRoot\System32\Drivers\CLBUDF.SYS
0x03D06000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x03D23000 \SystemRoot\system32\DRIVERS\udfs.sys
0x03D77000 \SystemRoot\system32\DRIVERS\diginet.sys
0x03D7F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03D94000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03DE7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03C00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03C18000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x0747B000 \SystemRoot\system32\drivers\HTTP.sys
0x07543000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07561000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07579000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x075A6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07400000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07AA9000 \SystemRoot\system32\drivers\peauth.sys
0x07B4F000 \SystemRoot\system32\drivers\regi.sys
0x07B57000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07B62000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07B8F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07BA1000 \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
0x07BCC000 \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
0x07A00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08647000 \SystemRoot\System32\DRIVERS\srv.sys
0x086DD000 \SystemRoot\System32\drivers\ipnat.sys
0x0870C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x087AE000 \SystemRoot\System32\Drivers\PCASp50a64.sys
0x77890000 \Windows\System32\ntdll.dll
0x48240000 \Windows\System32\smss.exe
0xFFBB0000 \Windows\System32\apisetschema.dll
0xFF610000 \Windows\System32\autochk.exe
0xFFAC0000 \Windows\System32\oleaut32.dll
0xFFA70000 \Windows\System32\Wldap32.dll
0xFECE0000 \Windows\System32\shell32.dll
0xFEB00000 \Windows\System32\setupapi.dll
0xFE9F0000 \Windows\System32\msctf.dll
0x77770000 \Windows\System32\kernel32.dll
0x77A60000 \Windows\System32\psapi.dll

Processes (total 107):
0 System Idle Process
4 System
480 C:\Windows\System32\smss.exe
632 csrss.exe
852 C:\Windows\System32\wininit.exe
888 csrss.exe
920 C:\Windows\System32\services.exe
948 C:\Windows\System32\lsass.exe
956 C:\Windows\System32\lsm.exe
592 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\nvvsvc.exe
1076 C:\Windows\System32\winlogon.exe
1124 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\atiesrxx.exe
1292 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\svchost.exe
1452 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
1488 C:\Windows\System32\svchost.exe
1664 C:\Windows\System32\atieclxx.exe
1704 C:\Windows\System32\svchost.exe
1872 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1912 C:\Windows\System32\spoolsv.exe
1628 C:\Windows\System32\svchost.exe
2064 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2088 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2108 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
2136 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2160 C:\Windows\SysWOW64\CTSVCCDA.EXE
2216 C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
2256 C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
2300 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2336 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2364 C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
2396 C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
2496 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2536 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2752 C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
2780 C:\Windows\System32\svchost.exe
2864 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3012 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
1852 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3132 C:\Program Files (x86)\Ziggy TV Toolbar\ZiggyTVSvc.exe
3164 C:\ProgramData\ZwankySearch\zwankysearch149.exe
3628 C:\Windows\System32\taskhost.exe
3644 C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
3724 C:\Windows\System32\dwm.exe
3808 C:\Windows\explorer.exe
4016 C:\Windows\System32\SearchIndexer.exe
4040 C:\Windows\System32\alg.exe
3592 WUDFHost.exe
4160 C:\Windows\System32\svchost.exe
4320 C:\Windows\System32\svchost.exe
4424 C:\Program Files (x86)\ZwankySearch\zwankysearch.exe
4912 C:\Windows\System32\taskeng.exe
4956 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
5960 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
5988 C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
5996 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
6028 C:\Program Files (x86)\Creative\MediaSource\RemoteControl\RcMan.exe
6100 C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
1048 C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
5136 C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
5248 C:\Windows\System32\svchost.exe
5276 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
5460 C:\Program Files\Windows Media Player\wmpnetwk.exe
5592 C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
5604 C:\Windows\System32\conhost.exe
2976 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
184 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4952 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
876 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
4056 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
6052 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
5980 C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
4876 C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
2392 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
4452 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3816 C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
1132 C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
3364 dllhost.exe
5368 C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
2660 C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
3452 C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
5736 C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
5672 C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
1896 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3256 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2148 C:\Program Files (x86)\Dealio Toolbar\SearchSettings.exe
5320 C:\Windows\SysWOW64\CtHelper.exe
6224 C:\Program Files (x86)\iTunes\iTunesHelper.exe
6360 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
6412 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
6420 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
6556 C:\Program Files\iPod\bin\iPodService.exe
7128 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3532 C:\Users\Zachareye\AppData\Local\Google\Chrome\Application\chrome.exe
3708 C:\Users\Zachareye\AppData\Local\Google\Chrome\Application\chrome.exe
4868 C:\Windows\System32\svchost.exe
3076 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
6952 C:\Users\Zachareye\AppData\Local\Google\Chrome\Application\chrome.exe
4388 C:\Windows\System32\SearchProtocolHost.exe
6216 C:\Windows\System32\SearchFilterHost.exe
4800 C:\Users\Zachareye\Desktop\MBRCheck.exe
4316 C:\Windows\System32\conhost.exe
5952 C:\Windows\System32\dllhost.exe
5432 C:\Windows\System32\notepad.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e6`2f900000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)

PhysicalDrive0 Model Number: WDC WD10EADS-65M2BX, Rev: 01.0
PhysicalDrive1 Model Number: ST31000528AS, Rev: CC38

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: 27DD67BECBE46EB36CE4A3845152BD78B42F7052
931 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
 
OTL results in Safemode w/out customer scan, because I couldn't get online to copy and past, but I will boot again in safemode and save the customer scan on my notepad so I can run again too: Text was too long so I have attached it
 

Attachments

  • OTL.Txt
    151.2 KB · Views: 0
So for some reason I have been unable to f8 into safemode but I am given the option after the system crashes, so I ran the OTL scan again with the custom information included with the intention of crashing my system, this time I decided to disable my virus/firewall protection and it ran without crashing (might be useful for other having similar problems).
 

Attachments

  • OTL2.Txt
    186.6 KB · Views: 2
I can see two AV programs running, Avast and Norton.
One of them has to go.
If Norton, make sure to use Norton Removal Tool: http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
If Norton goes, make sure to turn Windows firewall ON.

=========================================================================

Uninstall Ask.com, known adware.

========================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
PRC - [2010/09/08 19:40:30 | 000,057,616 | ---- | M] () -- C:\ProgramData\ZwankySearch\zwankysearch149.exe
PRC - [2010/09/08 19:40:30 | 000,057,616 | ---- | M] () -- C:\Program Files (x86)\ZwankySearch\zwankysearch.exe
MOD - [2010/09/08 19:41:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\ZwankySearch\zwankysearch.dll
SRV - [2010/09/08 19:40:30 | 000,057,616 | ---- | M] () [Auto | Running] -- C:\ProgramData\ZwankySearch\zwankysearch149.exe -- (ZwankySearch Service)
[2010/09/08 21:49:06 | 000,000,000 | ---D | M] (ZwankySearch) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{5F321A53-3F65-45F2-9903-587E3CA15404}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [RemoteControl] File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.80,93.188.166.230
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2 C:\Users\Zachareye\*.tmp files -> C:\Users\Zachareye\*.tmp -> ]
[2010/03/13 13:30:28 | 000,000,088 | RHS- | C] () -- C:\ProgramData\464B05520D.sys
@Alternate Data Stream - 76 bytes -> C:\Users\Zachareye\Documents\hells choirs the song movie_0001.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Zachareye\Documents\billing_315664045_4b63051fe9445.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Zachareye\Documents\015.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Zachareye\Documents\007 (2).JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Zachareye\Documents\006 (2).JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Zachareye\Documents\004.JPG:Roxio EMC Stream
@Alternate Data Stream - 1161 bytes -> C:\Users\Zachareye\AppData\Local\Temp:XO3mxP5FCFJ7Hb7Gti27k
@Alternate Data Stream - 1146 bytes -> C:\ProgramData\Microsoft:gpGsYheuPiHZzNpBhxrFcB
@Alternate Data Stream - 1111 bytes -> C:\Users\Zachareye\AppData\Local\Temp:uJ3rYPnJDKxkets5e6tPD1iRPU
@Alternate Data Stream - 1110 bytes -> C:\Users\Zachareye\AppData\Local\Temp:71bKPnAsXDylFi1I2iW0x6k9
@Alternate Data Stream - 1079 bytes -> C:\ProgramData\Microsoft:uGPTw8s383GO1QncBySMV6UuyReE2
@Alternate Data Stream - 1014 bytes -> C:\Users\Zachareye\AppData\Local\BmMRwwWJgvC:oz0qeERBVTxx15Uurziwc

:Services

:Reg

:Files
C:\ProgramData\ZwankySearch
C:\Program Files (x86)\ZwankySearch
ipconfig /flushdns /c


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
[2010/09/12 10:15:15 | 000,002,555 | ---- | M] () -- C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\searchplugins\askcom.xml
O2 - BHO: (ZiggyTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (ZiggyTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZiggyTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Go to Kaspersky website and perform an online antivirus scan.

  • Disable your active antivirus program.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
Here are two of the three attachments, with the Kaspersky online scanner I ran into problems with all three browsers, crome tells me I don't meet the requirements, IE and Firefox tell me the following:

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.



Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: Connection to updates source cannot be established]

I have disable Norton and tried several attempts with no other windows open at all, so I am not sure what to do from here.
 

Attachments

  • checkup.txt
    1 KB · Views: 1
  • fixlog2.txt
    5.7 KB · Views: 1
Instead of Kaspersky...

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • IMPORTANT! UN-check Remove found threats
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

======================================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

FoxitReaderInstallation.png


make sure, you have both boxes UN-checked AND (important!) click on Decline button
 
I can't get to the ESET page, I even tried google'ing it and still nothing, i can get to the ESET.eu page, and other countries too but not the .com page.
 
Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Start scan button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View log.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
QuickScan Beta 32-bit v0.9.9.38
-------------------------------
Scan date: Wed Sep 15 00:07:28 2010
Machine ID: 3475EF13



No infection found.
-------------------



Processes
---------
hpwuSchd Application 4572 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
Acronis True Image 4784 C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
Adobe Reader and Acrobat Manager 5200 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AnyDVD 4352 C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
Apple Mobile Device Service 2012 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Bonjour 2032 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
CloneCD 4636 C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
Creative Audio Service 1408 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
Creative MediaSource 2 Remote Control S 4268 C:\Program Files (x86)\Creative\MediaSource\RemoteControl\RcMan.exe
Creative MediaSource Detector 4320 C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
Creative Service for CDROM Access 1300 C:\Windows\SysWOW64\CTSVCCDA.EXE
CtHelper Application 5440 C:\Windows\SysWOW64\CtHelper.exe
cyberlink brs 4896 C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
CyberLink MediaLibray Service 4992 C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
CyberLink MediaLibray Service 5688 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
Digidesign MME Binder 1520 C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
DivX Update 5588 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Firefox 5184 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
HP Advisor 3832 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HP Remote Solution 4556 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
hpsysdrv Application 4448 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
iTunes 5580 C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 5364 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
LG Firmware Autoupdate 4668 C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
LightScribe 4360 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
LightScribe 2136 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
Metadata monitor 4340 C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
Microsoft Search Enhancement Pack 2368 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Microsoft SQL Server 2196 C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
Microsoft® Visual Studio .NET 2160 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
Network Connect 1648 C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PictureMover Application 4548 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PowerDVD RC Service 4880 C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
PowerDVD RC Service 5052 C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
RichVideo Module 2300 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
Seagate DiscWizard 4756 C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
Seagate Scheduler Helper 3780 C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
Symantec Security Technologies 2220 C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
Symantec Security Technologies 3268 C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
Virtual CloneDrive 4628 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
WN111V2 4488 C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
Yahoo! AutoUpdater 2696 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


Network activity
----------------
Process firefox.exe (5184) connected on port 80 (HTTP) --> 96.17.156.83
Process firefox.exe (5184) connected on port 443 (HTTP over SSL) --> 173.194.33.97



Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
Acronis True Image C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AnyDVD C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
ATI Customer Care C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
Carbonite Setup Lite C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
CloneCD C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
Creative MediaSource 2 Remote Control S C:\Program Files (x86)\Creative\MediaSource\RemoteControl\RcMan.exe
Creative MediaSource Detector C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
Creative Product Registration C:\Windows\CTRegRun.EXE
CtHelper Application C:\Windows\system32\CTHELPER.EXE
cyberlink brs C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
CyberLink MediaLibray Service C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
Digidesign MME Binder C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
DivX Update C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Google Update C:\Users\Zachareye\AppData\Local\Google\Update\GoogleUpdate.exe
Hardware Diagnostic Tools C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
HP Advisor C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HP Ceement C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
HP Digital Imaging C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
HP Remote Solution C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
hpsysdrv Application C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
InstantBurn C:\Program Files (x86)\Cyberlink\InstantBurn\Win2K\IBurn.exe
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
LG Firmware Autoupdate C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
LightScribe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Metadata monitor C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
Microsoft Office OneNote C:\Program Files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE
Microsoft® Windows® Operating System C:\Windows\system32\REGSVR32.EXE
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
MUI StartMenu Application C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
MUI StartMenu Application C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
MUI StartMenu Application C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
Norton Online Backup C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
PictureMover Application C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PowerDVD Language Application C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe
PowerDVD Language Application C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe
PowerDVD RC Service C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
PowerDVD RC Service C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
Seagate DiscWizard C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
Standalone Scanner Components C:\Program Files (x86)\Norton Security Scan\Engine\2.7.0.52\Nss.exe
Virtual CloneDrive C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
WN111V2 C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe


Browser plugins
---------------
npMailUtil Dynamic Link Library C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
AOL Media Playback Plugin C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
BitDefender QuickScan C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Conduit Toolbar c:\program files (x86)\vuze_remote\tbvuz1.dll
Coupons Inc., Coupon Printer Manager C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
Coupons Inc., Coupon Printer Manager C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
DivX Web Player C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
downloadUpdater C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
downloadUpdater2 C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
Engine.dll C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}\components\Engine.dll
HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
Java Deployment Toolkit 6.0.210.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U21 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U21 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
JuniperExt.exe C:\Windows\Downloaded Program Files\JuniperExt.exe
JuniperSetupClientATL ActiveX Control M C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx
libcurl.dll C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\[email protected]\plugins\libcurl.dll
libexpatw.dll C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\[email protected]\plugins\libexpatw.dll
Microsoft Office 2003 C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
Microsoft Office Live Plug-in for Firef C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
Microsoft Search Enhancement Pack c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
Microsoft® Visual Studio .NET C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\[email protected]\plugins\msvcp71.dll
Microsoft® Visual Studio .NET C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\[email protected]\plugins\msvcr71.dll
Microsoft® Windows Live ID c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows Live ID C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
MSN® Toolbar c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
Norton Confidential c:\program files (x86)\norton internet security\engine\17.7.0.12\coieplg.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPWebSLLauncher.dll C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
RealPlayer Version Plugin C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll
Symantec Intrusion Detection c:\program files (x86)\norton internet security\engine\17.7.0.12\ipsbho.dll
The OpenSSL Toolkit C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\[email protected]\plugins\libeay32.dll
The OpenSSL Toolkit C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\[email protected]\plugins\ssleay32.dll
TVU Web Player for FireFox C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\[email protected]\plugins\npTVUAx.dll
TVU Web Player for FireFox C:\Windows\system32\TVUAx\npTVUAx.dll
Veetle Broadcaster Plugin C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
Veetle TV Core C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
Veetle TV Player C:\Program Files (x86)\Veetle\Player\npvlc.dll
VLC Multimedia Plug-in C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
Windows Live Toolbar c:\program files (x86)\windows live\toolbar\wltcore.dll
Windows Live® Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll
Yahoo Application State Plugin C:\Program Files (x86)\Yahoo!\Shared\npYState.dll
Yahoo! Single Instance for Mail c:\program files (x86)\yahoo!\companion\installs\cpn1\ytsingleinstance.dll
Yahoo! Toolbar c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
zlib C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\[email protected]\plugins\zlib1.dll


Missing files
-------------
File not found: C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"ISUSPM"

File not found: C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"UpdatePSTShortCut"
--> HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"UpdatePSTShortCut"

File not found: C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"jswtrayutil"
--> HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"jswtrayutil"

File not found: C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"DW6"

File not found: disabled
--> HLKM\Software\MozillaPlugins\@microsoft.com/GENUINE\"Path"


Scan
----


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.07 MB sent, 1.40 KB recvd
Scanned 1028 files and modules - 51 seconds

==============================================================================
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
Still having problems:
Windows Update will not run and hasn't since 8/19 (error: Code 80072EE2) witch says the server may be busy but I have made several attempts over the past few days at different times of day and end up with the same result.

Malwarebyte still will not update neither will Superantispyware

Crome still opens tabs when clicking links, switched to Firefox and it will open a new window when clicking on links and the tab/window doesn't always pop up but it is never related to anything I am doing. To give you an example on Techspot I click on My Posts, the page directs me to my posts but a new tab/window opens up most recent looking for the following address (http://dc1e.3vg58t1.com/ct?version=...ile injury attorney,backfill_conducive/l=COND) then give an "Oops could not find". I tried to get another example but it is not 100% of the time that it does this so that's the only one so far.
 
I just re-read the topic and I can see I missed the fact that your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
It tells me there is a problem loading the page when i click on the link, i have tried just going to noahdfear.net and same thing, even tried googling it with the same thing, so i am led to believe that there truly is a problem loading that site, i will try again tomorrow.
 

Similar threads

midian182
Google Photos feature uses AI to scan your pictures and help pick your clothes
Replies
6
Views
74
GTvon
GTvon
A
Malware campaign lures users with fake Windows Update website
Replies
1
Views
85
Theinsanegamer
T
D
AI-powered defenses help Google shield Android users from malicious apps
Replies
3
Views
124
ScottSoapbox
S

Latest posts

Back