arnolfini

Ah, RogueKiller just freed up and it is finishing now. Log will be posted soon.

Thanks for staying with me on this one, Gringo. I'm having problems scanning with RogueKiller; it is stuck on "searching for SERVICE" but I was able to run Adwcleaner. # AdwCleaner v2.300 - Logfile created 05/01/2013 at 19:40:15 # Updated 28/04/2013 by Xplode # Operating system : Windows Vista Business Service Pack 2 (32 bits) # User : eva - EVA-PC # Boot Mode : Normal # Running from : C:\Users\eva\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\ekn2o7n6.default\prefs.js [OK] File is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1200 octets] - [01/05/2013 19:40:03] AdwCleaner[s3].txt - [1135 octets] - [01/05/2013 19:40:15] ########## EOF - C:\AdwCleaner[s3].txt - [1195 octets] ##########

Thank you, Maurice, for reopening the thread! Gringo, if you are still available to help with this system, it would be fantasic. Internet explorer is now redirecting to ad sites when clicking on google results. Your assistance would be appreciated. Thank you! Here are the logs: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16476 Run by eva at 17:56:47 on 2013-05-01 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1917.855 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\taskeng.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\WerCon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Users\eva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKNUQFX0\util_su_password_25675A.exe C:\Users\eva\AppData\Local\Temp\WZSE0.TMP\install.exe C:\Users\eva\AppData\Local\Temp\WZSE0.TMP\setup.exe C:\Users\eva\AppData\Local\Temp\WZSE0.TMP\setup.exe C:\Windows\system32\vssvc.exe C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k swprv . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {4DB74D06-491C-440D-305E-012400990F3E} - c:\windows\system32\DevvicePairing.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: NameServer = 74.5.116.246 205.244.194.36 TCP: Interfaces\{41D05144-516C-4E08-AC3B-B44E04B9DDD5} : DHCPNameServer = 74.5.116.246 205.244.194.36 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\eva\appdata\roaming\mozilla\firefox\profiles\ekn2o7n6.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - ExtSQL: 2013-04-28 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-26 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-26 701512] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2013-4-26 7168] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-26 22856] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-05-01 21:42:11 -------- d-----w- c:\users\eva\appdata\local\Mozilla 2013-05-01 02:36:35 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3e99289f-e790-4bc3-bd10-e7062677a4f6}\mpengine.dll 2013-05-01 02:30:36 15712 ----a-w- c:\program files\common files\windows live\.cache\dc5c3b301ce461337\MeshBetaRemover.exe 2013-05-01 02:28:20 89944 ----a-w- c:\program files\common files\windows live\.cache\8b391cf01ce46132a\DSETUP.dll 2013-05-01 02:28:20 537432 ----a-w- c:\program files\common files\windows live\.cache\8b391cf01ce46132a\DXSETUP.exe 2013-05-01 02:28:20 1801048 ----a-w- c:\program files\common files\windows live\.cache\8b391cf01ce46132a\dsetup32.dll 2013-05-01 02:28:14 94040 ----a-w- c:\program files\common files\windows live\.cache\871a9bd01ce461329\DSETUP.dll 2013-05-01 02:28:14 525656 ----a-w- c:\program files\common files\windows live\.cache\871a9bd01ce461329\DXSETUP.exe 2013-05-01 02:28:14 1691480 ----a-w- c:\program files\common files\windows live\.cache\871a9bd01ce461329\dsetup32.dll 2013-05-01 02:22:11 -------- d-----w- c:\program files\common files\Windows Live 2013-05-01 02:21:28 754688 ----a-w- c:\windows\system32\webservices.dll 2013-04-30 16:40:15 -------- d-----w- c:\program files\Jewel Quest - The Sleepless Star 2013-04-30 16:39:13 -------- d-----w- c:\windows\system32\3045 2013-04-30 16:26:15 6906960 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-04-30 15:58:35 -------- d-----w- c:\program files\TurboTax 2013-04-30 15:53:39 90112 ----a-w- c:\windows\unvise32.exe 2013-04-30 15:53:28 -------- d-----w- c:\program files\Quicken WillMaker Plus 2009 2013-04-30 15:37:11 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll 2013-04-30 15:37:11 31640 ----a-w- c:\windows\system32\msonpmon.dll 2013-04-30 15:33:09 -------- d-----w- c:\windows\PCHEALTH 2013-04-30 15:31:08 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2013-04-30 15:22:08 -------- d-----w- c:\programdata\PopCap Games 2013-04-30 15:21:13 -------- d-----w- c:\program files\Zuma Deluxe 2013-04-30 15:14:23 -------- d-----w- c:\program files\Jewel Quest II 2013-04-30 15:04:13 4194304 ----a-w- c:\windows\system32\cdintf400.dll 2013-04-30 14:59:04 -------- d-----w- c:\programdata\Nuance 2013-04-30 14:59:03 -------- d-----w- c:\programdata\Intuit 2013-04-30 14:59:03 -------- d-----w- c:\program files\Intuit 2013-04-30 14:59:03 -------- d-----w- c:\program files\common files\Intuit 2013-04-30 14:58:25 -------- d-----w- c:\programdata\SQL Anywhere 11 2013-04-30 14:58:24 -------- d-----w- c:\programdata\COMMON FILES 2013-04-30 14:57:39 -------- d-----w- c:\program files\MSXML 4.0 2013-04-30 14:36:35 -------- d-----w- c:\windows\Intuit 2013-04-30 14:27:12 -------- d-----w- c:\program files\Atari 2013-04-30 14:20:37 -------- d-----w- c:\programdata\ZoomBrowser 2013-04-30 14:20:07 -------- d-----w- c:\program files\Canon 2013-04-30 14:19:29 -------- d-----w- c:\program files\common files\Canon 2013-04-30 14:12:00 -------- d-----w- c:\programdata\VS Revo Group 2013-04-29 02:41:57 -------- d-sh--w- C:\$RECYCLE.BIN 2013-04-29 00:33:07 -------- d-----w- C:\Windows.old 2013-04-28 17:34:27 -------- d--h--w- C:\VirtualStore 2013-04-27 04:34:50 -------- d-----w- C:\components 2013-04-27 01:58:14 770384 ----a-w- c:\windows\system32\msvcr100.dll 2013-04-27 01:58:14 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-04-27 00:35:39 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll 2013-04-27 00:35:39 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe 2013-04-27 00:35:39 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll 2013-04-27 00:35:39 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll 2013-04-27 00:35:38 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll 2013-04-27 00:35:38 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll 2013-04-27 00:35:38 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll 2013-04-27 00:35:22 9728 ----a-w- c:\windows\system32\TCMSVR.dll 2013-04-27 00:35:22 152848 ----a-w- c:\windows\system32\Comdlg32.ocx 2013-04-27 00:35:20 7168 ----a-w- c:\windows\system32\drivers\FwLnk.sys 2013-04-27 00:35:20 -------- d-----w- c:\program files\TOSHIBA 2013-04-27 00:31:36 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll 2013-04-27 00:31:36 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe 2013-04-27 00:31:36 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll 2013-04-27 00:31:36 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll 2013-04-27 00:31:36 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll 2013-04-27 00:31:35 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll 2013-04-27 00:31:35 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll 2013-04-27 00:31:34 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll 2013-04-27 00:14:23 706640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b8cbc70f-e53f-4408-9318-e9d2c2874778}\gapaengine.dll 2013-04-27 00:13:53 -------- d-----w- c:\windows\Panther 2013-04-27 00:13:38 -------- d-----w- C:\Boot 2013-04-27 00:04:43 -------- d-----w- c:\program files\Microsoft Security Client 2013-04-27 00:04:17 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2013-04-26 23:58:59 920472 ----a-w- c:\program files\mozilla firefox\firefox.exe 2013-04-26 23:58:59 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2013-04-26 23:58:59 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2013-04-26 23:58:59 478616 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2013-04-26 23:58:59 2989464 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2013-04-26 23:58:59 279448 ----a-w- c:\program files\mozilla firefox\freebl3.dll 2013-04-26 23:58:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2013-04-26 23:58:59 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2013-04-26 23:58:59 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2013-04-26 23:58:59 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2013-04-26 23:55:49 -------- d-----w- c:\programdata\Malwarebytes 2013-04-26 23:55:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-26 23:55:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-04-26 23:55:04 -------- d-----w- c:\program files\CCleaner 2013-04-26 23:41:54 -------- d-----w- c:\program files\Synaptics 2013-04-26 22:54:08 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2013-04-26 22:54:06 683008 ----a-w- c:\windows\system32\d2d1.dll 2013-04-26 22:54:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-04-26 22:54:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2013-04-26 22:54:06 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2013-04-26 22:54:06 1069056 ----a-w- c:\windows\system32\DWrite.dll 2013-04-26 22:32:50 0 ----a-w- c:\windows\ativpsrm.bin 2013-04-26 22:30:41 -------- d-----w- c:\program files\Windows Portable Devices 2013-04-26 22:08:54 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2013-04-26 22:08:53 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2013-04-26 22:08:53 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2013-04-26 22:00:46 5120 ----a-w- c:\windows\system32\wmi.dll 2013-04-26 22:00:46 157696 ----a-w- c:\windows\system32\imagehlp.dll 2013-04-26 22:00:46 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-04-26 21:47:34 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2013-04-26 21:47:34 252928 ----a-w- c:\windows\system32\dxdiag.exe 2013-04-26 21:47:34 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2013-04-26 21:47:33 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-04-26 21:47:33 519680 ----a-w- c:\windows\system32\d3d11.dll 2013-04-26 21:47:33 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2013-04-26 21:47:33 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-04-26 21:44:37 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-04-26 21:44:37 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-04-26 21:44:37 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-04-26 21:44:37 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-04-26 21:44:37 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-04-26 21:37:54 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-04-26 21:37:50 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-04-26 21:37:50 16896 ----a-w- c:\windows\system32\winusb.dll 2013-04-26 21:37:50 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-04-26 21:37:49 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-04-26 21:37:49 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-04-26 21:37:49 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-04-26 21:37:49 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-04-26 21:37:49 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-04-26 21:37:49 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-04-26 21:37:49 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-04-26 21:33:35 72704 ----a-w- c:\windows\system32\fontsub.dll 2013-04-26 21:33:35 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-04-26 21:33:35 293376 ----a-w- c:\windows\system32\atmfd.dll 2013-04-26 21:31:32 66048 ----a-w- c:\program files\windows mail\wabmig.exe 2013-04-26 21:31:32 515584 ----a-w- c:\program files\windows mail\wab.exe 2013-04-26 21:31:32 33280 ----a-w- c:\program files\windows mail\wabfind.dll 2013-04-26 21:31:31 125952 ----a-w- c:\windows\system32\srvsvc.dll 2013-04-26 21:31:30 17920 ----a-w- c:\windows\system32\netevent.dll 2013-04-26 21:31:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2013-04-26 21:31:21 168960 ----a-w- c:\program files\windows media player\wmplayer.exe 2013-04-26 21:31:13 623616 ----a-w- c:\windows\system32\localspl.dll 2013-04-26 21:31:09 128000 ----a-w- c:\windows\system32\spoolsv.exe 2013-04-26 21:30:51 707584 ----a-w- c:\program files\common files\system\wab32.dll 2013-04-26 21:30:50 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-04-26 21:30:49 157184 ----a-w- c:\windows\system32\t2embed.dll 2013-04-26 21:28:54 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL 2013-04-26 21:28:53 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll 2013-04-26 21:28:53 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll 2013-04-26 21:28:53 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2013-04-26 21:28:53 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe 2013-04-26 21:28:53 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll 2013-04-26 21:28:48 797696 ----a-w- c:\windows\system32\FntCache.dll 2013-04-26 21:28:48 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-04-26 21:24:14 531968 ----a-w- c:\windows\system32\comctl32.dll 2013-04-26 21:24:13 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-04-26 21:24:12 739328 ----a-w- c:\windows\system32\inetcomm.dll 2013-04-26 21:24:10 278528 ----a-w- c:\windows\system32\schannel.dll 2013-04-26 21:24:09 9728 ----a-w- c:\windows\system32\lsass.exe 2013-04-26 21:24:09 72704 ----a-w- c:\windows\system32\secur32.dll 2013-04-26 21:24:09 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2013-04-26 21:24:09 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2013-04-26 21:24:08 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2013-04-26 21:22:47 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2013-04-26 21:21:59 322560 ----a-w- c:\windows\system32\sbe.dll 2013-04-26 21:21:59 177664 ----a-w- c:\windows\system32\mpg2splt.ax 2013-04-26 21:21:59 153088 ----a-w- c:\windows\system32\sbeio.dll 2013-04-26 21:21:58 81920 ----a-w- c:\windows\system32\consent.exe 2013-04-26 21:21:57 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-26 21:21:55 680448 ----a-w- c:\windows\system32\msvcrt.dll 2013-04-26 21:21:54 867328 ----a-w- c:\windows\system32\wmpmde.dll 2013-04-26 21:13:50 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2013-04-26 21:13:41 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{94bb7bac-4e91-428a-b79b-3aaf9db27f28}\mpengine.dll 2013-04-26 21:13:38 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 21:11:02 -------- d-sh--w- c:\windows\Installer 2013-04-26 21:10:35 613376 ----a-w- c:\windows\system32\rdpencom.dll 2013-04-26 21:02:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2013-04-26 21:02:22 88576 ----a-w- c:\windows\system32\wudriver.dll 2013-04-26 21:02:14 33792 ----a-w- c:\windows\system32\wuapp.exe 2013-04-26 21:02:14 171904 ----a-w- c:\windows\system32\wuwebv.dll 2013-04-26 21:00:41 290304 ----a-w- c:\windows\system\rtl8187B.sys 2013-04-26 21:00:41 -------- d-----w- c:\windows\OPTIONS 2013-04-26 21:00:40 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver 2013-04-16 21:11:26 16504 ----a-w- c:\windows\system32\drivers\pssnap.sys 2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr . ==================== Find3M ==================== . 2013-04-26 21:47:34 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui 2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe 2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-03-05 01:40:56 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-02-12 01:57:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys . ============= FINISH: 17:57:56.60 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Business Boot Device: \Device\HarddiskVolume1 Install Date: 4/26/2013 7:19:40 PM System Uptime: 5/1/2013 5:38:19 PM (0 hours ago) . Motherboard: ATI | | SB600 Processor: AMD Turion 64 X2 Mobile Technology TL-58 | Socket M2/S1G1 | 1900/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 195.023 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Reader X (10.1.4) Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon G.726 WMP-Decoder Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX CCleaner Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Jewel Quest - The Sleepless Star Jewel Quest II (remove only) Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Picasa 3 QuickBooks QuickBooks Premier Edition 2010 Quicken WillMaker Plus 2009 REALTEK RTL8187B Wireless LAN Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Scrabble Complete Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Synaptics Pointing Device Driver TOSHIBA Supervisor Password TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) . ==== End Of File ===========================

Yes, I agree. I ended up getting a new hard disk and starting from scratch. Thanks for your replies.

Thanks for all your help, Gringo. It seems to be running great now! I appreciate your time and expertise.

Yes I have without luck. It just loops with the same error.

Trying again: C:\Users\eva\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application

<p>Gringo, here is what Eset found.</p> <p> </p> <p> </p> <div>C:\Users\eva\Downloads\KeyFinderInstaller.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div>

Alright, here are the requested logs. Things seem to be running well. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.27.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 eva :: EVA-PC [administrator] Protection: Enabled 4/27/2013 6:44:49 PM mbam-log-2013-04-27 (18-44-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216112 Time elapsed: 4 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:52:35 PM, on 4/27/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16476) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wuauclt.exe C:\Users\eva\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- End of file - 2580 bytes

Ah okay; I got it. Here is what it says: CCleaner Eusing Free Registry Cleaner Google Chrome Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Magical Jelly Bean KeyFinder Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Security Client Microsoft Security Essentials Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service REALTEK RTL8187B Wireless LAN Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Synaptics Pointing Device Driver TOSHIBA Supervisor Password Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Gringo, Actually it won't let me do it. It comes up with the error: "Illegal operation attempted on a registry key that has been marked for deletion."

Hello, thanks for asking. It is actually a different system.

Seems to be running well. Here is the log: ComboFix 13-04-27.04 - eva 04/27/2013 16:32:39.2.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1917.721 [GMT -4:00] Running from: c:\users\eva\Downloads\ComboFix.exe Command switches used :: c:\users\eva\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-27 to 2013-04-27 ))))))))))))))))))))))))))))))) . . 2013-04-27 20:37 . 2013-04-27 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-27 20:09 . 2013-04-10 00:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D9ACDF9-6C63-4305-B58A-4B93F4010042}\mpengine.dll 2013-04-27 04:34 . 2013-04-27 04:34 -------- d-----w- C:\components 2013-04-27 04:24 . 2013-04-27 04:48 -------- d-----w- c:\program files\Eusing Free Registry Cleaner 2013-04-27 01:58 . 2013-04-11 14:22 770384 ----a-w- c:\windows\system32\msvcr100.dll 2013-04-27 01:58 . 2013-04-11 14:22 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-04-27 01:56 . 2013-04-27 01:56 -------- d-----w- c:\program files\Magical Jelly Bean 2013-04-27 00:37 . 2007-03-22 02:02 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys 2013-04-27 00:37 . 2007-02-24 18:42 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys 2013-04-27 00:37 . 2005-05-07 16:06 16480 ----a-w- c:\windows\system32\rixdicon.dll 2013-04-27 00:37 . 2007-01-23 20:40 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys 2013-04-27 00:35 . 2006-03-23 01:44 9728 ----a-w- c:\windows\system32\TCMSVR.dll 2013-04-27 00:35 . 2004-03-09 04:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx 2013-04-27 00:35 . 2004-03-09 04:00 1081616 ----a-w- c:\windows\system32\mscomctl.ocx 2013-04-27 00:35 . 2013-04-27 00:35 -------- d-----w- c:\program files\TOSHIBA 2013-04-27 00:35 . 2006-11-20 02:11 7168 ----a-w- c:\windows\system32\drivers\FwLnk.sys 2013-04-27 00:31 . 2013-04-27 00:31 -------- d-----w- c:\program files\Common Files\InstallShield 2013-04-27 00:14 . 2013-04-27 00:14 706640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8CBC70F-E53F-4408-9318-E9D2C2874778}\gapaengine.dll 2013-04-27 00:13 . 2013-04-27 03:20 -------- d-----w- c:\windows\Panther 2013-04-27 00:13 . 2013-04-27 00:13 -------- d-----w- C:\Boot 2013-04-27 00:04 . 2013-04-27 00:05 -------- d-----w- c:\program files\Microsoft Security Client 2013-04-27 00:04 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2013-04-26 23:59 . 2013-04-26 23:59 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-04-26 23:55 . 2013-04-26 23:55 -------- d-----w- c:\programdata\Malwarebytes 2013-04-26 23:55 . 2013-04-26 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-04-26 23:55 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-26 23:55 . 2013-04-26 23:55 -------- d-----w- c:\program files\CCleaner 2013-04-26 23:54 . 2013-04-27 03:20 -------- d-----w- c:\windows\Debug 2013-04-26 23:41 . 2013-04-26 23:41 -------- d-----w- c:\program files\Synaptics 2013-04-26 22:54 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2013-04-26 22:54 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-04-26 22:54 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2013-04-26 22:54 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2013-04-26 22:54 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll 2013-04-26 22:54 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll 2013-04-26 22:40 . 2013-04-26 22:40 -------- d-----w- c:\program files\Microsoft.NET 2013-04-26 22:32 . 2013-04-26 22:32 0 ----a-w- c:\windows\ativpsrm.bin 2013-04-26 22:30 . 2013-04-26 22:30 -------- d-----w- c:\program files\Windows Portable Devices 2013-04-26 22:08 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2013-04-26 22:08 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2013-04-26 22:08 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2013-04-26 22:07 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2013-04-26 22:07 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2013-04-26 22:07 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2013-04-26 22:07 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2013-04-26 22:07 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2013-04-26 22:07 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2013-04-26 22:07 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2013-04-26 22:07 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2013-04-26 22:07 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2013-04-26 22:07 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2013-04-26 22:07 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2013-04-26 22:07 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2013-04-26 22:00 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll 2013-04-26 22:00 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll 2013-04-26 22:00 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-04-26 21:47 . 2013-04-26 21:47 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2013-04-26 21:47 . 2013-04-26 21:47 252928 ----a-w- c:\windows\system32\dxdiag.exe 2013-04-26 21:47 . 2013-04-26 21:47 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2013-04-26 21:47 . 2013-04-26 21:47 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-04-26 21:47 . 2013-04-26 21:47 519680 ----a-w- c:\windows\system32\d3d11.dll 2013-04-26 21:47 . 2013-04-26 21:47 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2013-04-26 21:47 . 2013-04-26 21:47 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-04-26 21:44 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-04-26 21:44 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-04-26 21:44 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-04-26 21:44 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-04-26 21:44 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-04-26 21:37 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-04-26 21:37 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-04-26 21:37 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-04-26 21:37 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2013-04-26 21:37 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-04-26 21:37 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-04-26 21:37 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-04-26 21:37 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-04-26 21:37 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-04-26 21:37 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-04-26 21:37 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-04-26 21:33 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-04-26 21:33 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2013-04-26 21:33 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll 2013-04-26 21:31 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll 2013-04-26 21:31 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe 2013-04-26 21:31 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe 2013-04-26 21:31 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2013-04-26 21:31 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2013-04-26 21:31 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2013-04-26 21:31 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2013-04-26 21:31 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll 2013-04-26 21:31 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe 2013-04-26 21:30 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2013-04-26 21:30 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-04-26 21:30 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll 2013-04-26 21:28 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-04-26 21:28 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-04-26 21:28 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-04-26 21:28 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-04-26 21:28 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll 2013-04-26 21:28 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe 2013-04-26 21:28 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-04-26 21:28 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2013-04-26 21:24 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll 2013-04-26 21:24 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-04-26 21:24 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2013-04-26 21:24 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2013-04-26 21:24 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2013-04-26 21:24 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2013-04-26 21:24 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2013-04-26 21:24 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2013-04-26 21:24 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2013-04-26 21:22 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2013-04-26 21:21 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll 2013-04-26 21:21 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll 2013-04-26 21:21 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax 2013-04-26 21:21 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe 2013-04-26 21:21 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-26 21:21 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll 2013-04-26 21:21 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll 2013-04-26 21:13 . 2013-04-17 10:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94BB7BAC-4E91-428A-B79B-3AAF9DB27F28}\mpengine.dll 2013-04-26 21:13 . 2013-04-02 10:33 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 21:11 . 2013-04-27 00:05 -------- d-sh--w- c:\windows\Installer 2013-04-26 21:10 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2013-04-26 21:06 . 2013-04-26 21:08 -------- d-----w- c:\program files\Google 2013-04-26 21:02 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-26 21:47 . 2013-04-26 21:47 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui 2013-04-10 06:58 . 2013-04-26 23:59 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLEB9C1421 *Deregistered* - MpKsleb9c1421 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-26 21:08 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 21:06] . 2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 21:06] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com TCP: DhcpNameServer = 74.5.116.246 205.244.194.36 FF - ProfilePath - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-27 16:37 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-04-27 16:39:06 ComboFix-quarantined-files.txt 2013-04-27 20:39 ComboFix2.txt 2013-04-27 20:02 . Pre-Run: 266,991,153,152 bytes free Post-Run: 266,980,265,984 bytes free . - - End Of File - - 6D99C35D1FACCC8617D16EAA7A819C1F

Hello fine folks at malwarebytes. I have a laptop that refuses to boot. It is running Vista and the message I get is: \windows\system32\ntkrnlpa.exe Windows cannot verify the digital signature of this file When booting to F8 startup options and choosing skip driver verification, I get a message that states Windows cannot start because the NLS data is missing or corrupt. Things I have tried: Boot to safe mode with no luck. Machine doesn't get past first line, "config" I believe booting to recovery DVD startup repair from recovery DVD and from Vista install DVD sfc /scannow sfc /scannow /offbootdir=e:\ /offwindir=e:\windows sfc cannot start the repair service searching for "pending.xml" file for sfc to run (not present) turing windows modules installer to manual for sfc to run running chkdsk /f /r multiple times rebuilding BCD bootrec /fixboot bootrec /fixmbr Upgrade install from DVD Custom install from DVD (produces Windows.old, which I would like to avoid) replacing files from install DVD such as ntkrnlpa.exe, hal.dll, etc. loading registry hive into working system resurrecting registry files from \windows\system32\config system restore loading NLS files from working Vista installation (all files were backed up before copying files from good installation) Please help me get this system to boot. All data is backed up. Any help would be appreciated. I would like to avoid having to do a custom install or reinstall if possible, as getting the files from Windows.old is not very concise.

Hi Gringo, Here's the log. Strangely, an icon appeared on the desktop resembling internet explorer titled "the internet." But, IE no longer redirects. ComboFix 13-04-27.04 - eva 04/27/2013 15:55:06.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1917.861 [GMT -4:00] Running from: c:\users\eva\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . E:\autorun.inf . . ((((((((((((((((((((((((( Files Created from 2013-03-27 to 2013-04-27 ))))))))))))))))))))))))))))))) . . 2013-04-27 04:34 . 2013-04-27 04:34 -------- d-----w- C:\components 2013-04-27 04:24 . 2013-04-27 04:48 -------- d-----w- c:\program files\Eusing Free Registry Cleaner 2013-04-27 01:58 . 2013-04-11 14:22 770384 ----a-w- c:\windows\system32\msvcr100.dll 2013-04-27 01:58 . 2013-04-11 14:22 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-04-27 01:56 . 2013-04-27 01:56 -------- d-----w- c:\program files\Magical Jelly Bean 2013-04-27 00:37 . 2007-03-22 02:02 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys 2013-04-27 00:37 . 2007-02-24 18:42 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys 2013-04-27 00:37 . 2005-05-07 16:06 16480 ----a-w- c:\windows\system32\rixdicon.dll 2013-04-27 00:37 . 2007-01-23 20:40 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys 2013-04-27 00:35 . 2006-03-23 01:44 9728 ----a-w- c:\windows\system32\TCMSVR.dll 2013-04-27 00:35 . 2004-03-09 04:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx 2013-04-27 00:35 . 2004-03-09 04:00 1081616 ----a-w- c:\windows\system32\mscomctl.ocx 2013-04-27 00:35 . 2013-04-27 00:35 -------- d-----w- c:\program files\TOSHIBA 2013-04-27 00:35 . 2006-11-20 02:11 7168 ----a-w- c:\windows\system32\drivers\FwLnk.sys 2013-04-27 00:31 . 2013-04-27 00:31 -------- d-----w- c:\program files\Common Files\InstallShield 2013-04-27 00:14 . 2013-04-27 00:14 706640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8CBC70F-E53F-4408-9318-E9D2C2874778}\gapaengine.dll 2013-04-27 00:14 . 2013-04-10 00:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03C6D932-943C-4ED2-8B6D-EAB74CEF341B}\mpengine.dll 2013-04-27 00:13 . 2013-04-27 03:20 -------- d-----w- c:\windows\Panther 2013-04-27 00:13 . 2013-04-27 00:13 -------- d-----w- C:\Boot 2013-04-27 00:04 . 2013-04-27 00:05 -------- d-----w- c:\program files\Microsoft Security Client 2013-04-27 00:04 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2013-04-26 23:59 . 2013-04-26 23:59 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-04-26 23:55 . 2013-04-26 23:55 -------- d-----w- c:\programdata\Malwarebytes 2013-04-26 23:55 . 2013-04-26 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-04-26 23:55 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-26 23:55 . 2013-04-26 23:55 -------- d-----w- c:\program files\CCleaner 2013-04-26 23:54 . 2013-04-27 03:20 -------- d-----w- c:\windows\Debug 2013-04-26 23:41 . 2013-04-26 23:41 -------- d-----w- c:\program files\Synaptics 2013-04-26 22:54 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2013-04-26 22:54 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-04-26 22:54 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2013-04-26 22:54 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2013-04-26 22:54 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll 2013-04-26 22:54 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll 2013-04-26 22:40 . 2013-04-26 22:40 -------- d-----w- c:\program files\Microsoft.NET 2013-04-26 22:32 . 2013-04-26 22:32 0 ----a-w- c:\windows\ativpsrm.bin 2013-04-26 22:30 . 2013-04-26 22:30 -------- d-----w- c:\program files\Windows Portable Devices 2013-04-26 22:08 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2013-04-26 22:08 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2013-04-26 22:08 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2013-04-26 22:07 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2013-04-26 22:07 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2013-04-26 22:07 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2013-04-26 22:07 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2013-04-26 22:07 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2013-04-26 22:07 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2013-04-26 22:07 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2013-04-26 22:07 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2013-04-26 22:07 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2013-04-26 22:07 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2013-04-26 22:07 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2013-04-26 22:07 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2013-04-26 22:00 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll 2013-04-26 22:00 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll 2013-04-26 22:00 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-04-26 21:47 . 2013-04-26 21:47 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2013-04-26 21:47 . 2013-04-26 21:47 252928 ----a-w- c:\windows\system32\dxdiag.exe 2013-04-26 21:47 . 2013-04-26 21:47 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2013-04-26 21:47 . 2013-04-26 21:47 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-04-26 21:47 . 2013-04-26 21:47 519680 ----a-w- c:\windows\system32\d3d11.dll 2013-04-26 21:47 . 2013-04-26 21:47 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2013-04-26 21:47 . 2013-04-26 21:47 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-04-26 21:44 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-04-26 21:44 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-04-26 21:44 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-04-26 21:44 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-04-26 21:44 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-04-26 21:37 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-04-26 21:37 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-04-26 21:37 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-04-26 21:37 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2013-04-26 21:37 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-04-26 21:37 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-04-26 21:37 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-04-26 21:37 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-04-26 21:37 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-04-26 21:37 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-04-26 21:37 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-04-26 21:33 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-04-26 21:33 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2013-04-26 21:33 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll 2013-04-26 21:31 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll 2013-04-26 21:31 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe 2013-04-26 21:31 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe 2013-04-26 21:31 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2013-04-26 21:31 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2013-04-26 21:31 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2013-04-26 21:31 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2013-04-26 21:31 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll 2013-04-26 21:31 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe 2013-04-26 21:30 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2013-04-26 21:30 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-04-26 21:30 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll 2013-04-26 21:28 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-04-26 21:28 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-04-26 21:28 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-04-26 21:28 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-04-26 21:28 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll 2013-04-26 21:28 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe 2013-04-26 21:28 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-04-26 21:28 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2013-04-26 21:24 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll 2013-04-26 21:24 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-04-26 21:24 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2013-04-26 21:24 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2013-04-26 21:24 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2013-04-26 21:24 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2013-04-26 21:24 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2013-04-26 21:24 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2013-04-26 21:24 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2013-04-26 21:22 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2013-04-26 21:21 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll 2013-04-26 21:21 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll 2013-04-26 21:21 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax 2013-04-26 21:21 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe 2013-04-26 21:21 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-26 21:21 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll 2013-04-26 21:21 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll 2013-04-26 21:13 . 2013-04-17 10:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94BB7BAC-4E91-428A-B79B-3AAF9DB27F28}\mpengine.dll 2013-04-26 21:13 . 2013-04-02 10:33 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 21:11 . 2013-04-27 00:05 -------- d-sh--w- c:\windows\Installer 2013-04-26 21:10 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2013-04-26 21:06 . 2013-04-26 21:08 -------- d-----w- c:\program files\Google 2013-04-26 21:02 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2013-04-26 21:02 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-26 21:47 . 2013-04-26 21:47 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui 2013-04-10 06:58 . 2013-04-26 23:59 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLEB9C1421 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-26 21:08 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 21:06] . 2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 21:06] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com TCP: DhcpNameServer = 74.5.116.246 205.244.194.36 FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-27 16:00 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-04-27 16:02:17 ComboFix-quarantined-files.txt 2013-04-27 20:02 . Pre-Run: 267,137,949,696 bytes free Post-Run: 267,147,886,592 bytes free . - - End Of File - - 902EF5989DC0D07F1487E7F9EF4DF2D7

Hi again, Gringo. I remember working with you before; thanks for your quick response. Here are the logs. Looking forward to seeing what you have to say about this. Results of screen317's Security Check version 0.99.63 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Eusing Free Registry Cleaner Mozilla Firefox (20.0.1) Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` # AdwCleaner v2.202 - Logfile created 04/27/2013 at 10:15:13 # Updated 23/04/2013 by Xplode # Operating system : Windows Vista ™ Business Service Pack 2 (32 bits) # User : eva - EVA-PC # Boot Mode : Normal # Running from : C:\Users\eva\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END Folder Deleted : C:\Users\eva\AppData\Local\Conduit Folder Deleted : C:\Users\eva\AppData\LocalLow\Conduit Folder Deleted : C:\Users\eva\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\eva\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3281675 Key Deleted : HKLM\Software\Conduit ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN96604950014471249&UM=2&UP=SP0CDD2B9A-FD96-4650-9253-3E0F6BCC84A8 --> hxxp://www.google.com -\\ Google Chrome v26.0.1410.64 File : C:\Users\eva\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [319 octets] - [27/04/2013 10:14:51] AdwCleaner[s2].txt - [1643 octets] - [27/04/2013 10:15:13] ########## EOF - C:\AdwCleaner[s2].txt - [1703 octets] ########## RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : eva [Admin rights] Mode : Remove -- Date : 04/27/2013 10:25:34 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST320LM001 HN-M320MBB ATA Device +++++ --- User --- [MBR] 102c632399d3e6f785deeb4d39a99bd5 [bSP] 7184a5a0bfc9ad3c7c46a3f470675c0b : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04272013_02d1025.txt >> RKreport[1]_S_04272013_02d1024.txt ; RKreport[2]_D_04272013_02d1025.txt

Hello fine folks at malwarebytes! I have a machine whose Internet explorer redirects to search.conduit.com. I do not know how this got on here as the operating system is less than one day old (fresh format and install). Any help would be greatly appreciated! Thank you for your time. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16476 Run by eva at 0:43:35 on 2013-04-27 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1917.901 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\CCleaner\CCleaner.exe C:\PROGRA~1\EUSING~1\REGCLE~1.EXE C:\Windows\regedit.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN96604950014471249&UM=2&UP=SP0CDD2B9A-FD96-4650-9253-3E0F6BCC84A8 mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRunOnce: [spUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 TCP: NameServer = 74.5.116.246 205.244.194.36 TCP: Interfaces\{41D05144-516C-4E08-AC3B-B44E04B9DDD5} : DHCPNameServer = 74.5.116.246 205.244.194.36 LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-26 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-26 701512] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2013-4-26 7168] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-26 22856] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-4-27 40776] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-04-27 04:39:55 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-04-27 04:34:50 -------- d-----w- C:\components 2013-04-27 04:24:16 -------- d-----w- c:\program files\Eusing Free Registry Cleaner 2013-04-27 01:58:14 770384 ----a-w- c:\windows\system32\msvcr100.dll 2013-04-27 01:58:14 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-04-27 01:57:41 -------- d-----w- c:\users\eva\appdata\local\Conduit 2013-04-27 01:56:39 -------- d-----w- c:\users\eva\appdata\roaming\OpenCandy 2013-04-27 01:56:39 -------- d-----w- c:\program files\Magical Jelly Bean 2013-04-27 00:37:20 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys 2013-04-27 00:37:20 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys 2013-04-27 00:37:20 16480 ----a-w- c:\windows\system32\rixdicon.dll 2013-04-27 00:37:19 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys 2013-04-27 00:35:39 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll 2013-04-27 00:35:39 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe 2013-04-27 00:35:39 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll 2013-04-27 00:35:39 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll 2013-04-27 00:35:38 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll 2013-04-27 00:35:38 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll 2013-04-27 00:35:38 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll 2013-04-27 00:35:22 9728 ----a-w- c:\windows\system32\TCMSVR.dll 2013-04-27 00:35:22 152848 ----a-w- c:\windows\system32\Comdlg32.ocx 2013-04-27 00:35:22 1081616 ----a-w- c:\windows\system32\mscomctl.ocx 2013-04-27 00:35:20 7168 ----a-w- c:\windows\system32\drivers\FwLnk.sys 2013-04-27 00:35:20 -------- d-----w- c:\program files\TOSHIBA 2013-04-27 00:31:36 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll 2013-04-27 00:31:36 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe 2013-04-27 00:31:36 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll 2013-04-27 00:31:36 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll 2013-04-27 00:31:36 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll 2013-04-27 00:31:35 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll 2013-04-27 00:31:35 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll 2013-04-27 00:31:34 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll 2013-04-27 00:14:23 706640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b8cbc70f-e53f-4408-9318-e9d2c2874778}\gapaengine.dll 2013-04-27 00:14:16 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{03c6d932-943c-4ed2-8b6d-eab74cef341b}\mpengine.dll 2013-04-27 00:13:53 -------- d-----w- c:\windows\Panther 2013-04-27 00:13:38 -------- d-sh--w- C:\Boot 2013-04-27 00:04:43 -------- d-----w- c:\program files\Microsoft Security Client 2013-04-27 00:04:17 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2013-04-26 23:58:59 920472 ----a-w- c:\program files\mozilla firefox\firefox.exe 2013-04-26 23:58:59 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2013-04-26 23:58:59 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2013-04-26 23:58:59 478616 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2013-04-26 23:58:59 2989464 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2013-04-26 23:58:59 279448 ----a-w- c:\program files\mozilla firefox\freebl3.dll 2013-04-26 23:58:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2013-04-26 23:58:59 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2013-04-26 23:58:59 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2013-04-26 23:58:59 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2013-04-26 23:58:46 -------- d-----w- c:\users\eva\appdata\roaming\Malwarebytes 2013-04-26 23:55:49 -------- d-----w- c:\programdata\Malwarebytes 2013-04-26 23:55:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-26 23:55:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-04-26 23:55:04 -------- d-----w- c:\program files\CCleaner 2013-04-26 23:41:54 -------- d-----w- c:\program files\Synaptics 2013-04-26 22:54:08 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2013-04-26 22:54:06 683008 ----a-w- c:\windows\system32\d2d1.dll 2013-04-26 22:54:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-04-26 22:54:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2013-04-26 22:54:06 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2013-04-26 22:54:06 1069056 ----a-w- c:\windows\system32\DWrite.dll 2013-04-26 22:52:45 -------- d-----w- c:\users\eva\appdata\local\MigWiz 2013-04-26 22:32:50 0 ----a-w- c:\windows\ativpsrm.bin 2013-04-26 22:30:41 -------- d-----w- c:\program files\Windows Portable Devices 2013-04-26 22:08:54 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2013-04-26 22:08:53 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2013-04-26 22:08:53 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2013-04-26 22:00:46 5120 ----a-w- c:\windows\system32\wmi.dll 2013-04-26 22:00:46 157696 ----a-w- c:\windows\system32\imagehlp.dll 2013-04-26 22:00:46 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-04-26 21:47:34 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2013-04-26 21:47:34 252928 ----a-w- c:\windows\system32\dxdiag.exe 2013-04-26 21:47:34 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2013-04-26 21:47:33 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-04-26 21:47:33 519680 ----a-w- c:\windows\system32\d3d11.dll 2013-04-26 21:47:33 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2013-04-26 21:47:33 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-04-26 21:44:37 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-04-26 21:44:37 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-04-26 21:44:37 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-04-26 21:44:37 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-04-26 21:44:37 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-04-26 21:37:54 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-04-26 21:37:50 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-04-26 21:37:50 16896 ----a-w- c:\windows\system32\winusb.dll 2013-04-26 21:37:50 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-04-26 21:37:49 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-04-26 21:37:49 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-04-26 21:37:49 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-04-26 21:37:49 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-04-26 21:37:49 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-04-26 21:37:49 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-04-26 21:37:49 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-04-26 21:33:35 72704 ----a-w- c:\windows\system32\fontsub.dll 2013-04-26 21:33:35 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-04-26 21:33:35 293376 ----a-w- c:\windows\system32\atmfd.dll 2013-04-26 21:31:32 66048 ----a-w- c:\program files\windows mail\wabmig.exe 2013-04-26 21:31:32 515584 ----a-w- c:\program files\windows mail\wab.exe 2013-04-26 21:31:32 33280 ----a-w- c:\program files\windows mail\wabfind.dll 2013-04-26 21:31:31 125952 ----a-w- c:\windows\system32\srvsvc.dll 2013-04-26 21:31:30 17920 ----a-w- c:\windows\system32\netevent.dll 2013-04-26 21:31:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2013-04-26 21:31:21 168960 ----a-w- c:\program files\windows media player\wmplayer.exe 2013-04-26 21:31:13 623616 ----a-w- c:\windows\system32\localspl.dll 2013-04-26 21:31:09 128000 ----a-w- c:\windows\system32\spoolsv.exe 2013-04-26 21:30:51 707584 ----a-w- c:\program files\common files\system\wab32.dll 2013-04-26 21:30:50 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-04-26 21:30:49 157184 ----a-w- c:\windows\system32\t2embed.dll 2013-04-26 21:28:54 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL 2013-04-26 21:28:53 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll 2013-04-26 21:28:53 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll 2013-04-26 21:28:53 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2013-04-26 21:28:53 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe 2013-04-26 21:28:53 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll 2013-04-26 21:28:48 797696 ----a-w- c:\windows\system32\FntCache.dll 2013-04-26 21:28:48 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-04-26 21:24:14 531968 ----a-w- c:\windows\system32\comctl32.dll 2013-04-26 21:24:13 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-04-26 21:24:12 739328 ----a-w- c:\windows\system32\inetcomm.dll 2013-04-26 21:24:10 278528 ----a-w- c:\windows\system32\schannel.dll 2013-04-26 21:24:09 9728 ----a-w- c:\windows\system32\lsass.exe 2013-04-26 21:24:09 72704 ----a-w- c:\windows\system32\secur32.dll 2013-04-26 21:24:09 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2013-04-26 21:24:09 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2013-04-26 21:24:08 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2013-04-26 21:22:47 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2013-04-26 21:21:59 322560 ----a-w- c:\windows\system32\sbe.dll 2013-04-26 21:21:59 177664 ----a-w- c:\windows\system32\mpg2splt.ax 2013-04-26 21:21:59 153088 ----a-w- c:\windows\system32\sbeio.dll 2013-04-26 21:21:58 81920 ----a-w- c:\windows\system32\consent.exe 2013-04-26 21:21:57 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-26 21:21:55 680448 ----a-w- c:\windows\system32\msvcrt.dll 2013-04-26 21:21:54 867328 ----a-w- c:\windows\system32\wmpmde.dll 2013-04-26 21:13:50 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2013-04-26 21:13:41 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{94bb7bac-4e91-428a-b79b-3aaf9db27f28}\mpengine.dll 2013-04-26 21:13:38 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 21:11:02 -------- d-sh--w- c:\windows\Installer 2013-04-26 21:10:35 613376 ----a-w- c:\windows\system32\rdpencom.dll 2013-04-26 21:06:50 -------- d-----w- c:\users\eva\appdata\local\Google 2013-04-26 21:06:41 -------- d-----w- c:\users\eva\appdata\local\Deployment 2013-04-26 21:06:41 -------- d-----w- c:\users\eva\appdata\local\Apps 2013-04-26 21:02:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2013-04-26 21:02:22 88576 ----a-w- c:\windows\system32\wudriver.dll 2013-04-26 21:02:14 33792 ----a-w- c:\windows\system32\wuapp.exe 2013-04-26 21:02:14 171904 ----a-w- c:\windows\system32\wuwebv.dll 2013-04-26 21:00:41 290304 ----a-w- c:\windows\system\rtl8187B.sys 2013-04-26 21:00:41 -------- d-----w- c:\windows\OPTIONS 2013-04-26 21:00:40 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver 2013-04-26 21:00:26 -------- d-----w- c:\users\eva\appdata\roaming\WinBatch . ==================== Find3M ==================== . 2013-04-26 21:47:34 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui 2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe 2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-03-05 01:40:56 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-02-12 01:57:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys . ============= FINISH: 0:44:53.04 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Business Boot Device: \Device\HarddiskVolume1 Install Date: 4/26/2013 7:19:40 PM System Uptime: 4/26/2013 11:57:56 PM (1 hours ago) . Motherboard: ATI | | SB600 Processor: AMD Turion™ 64 X2 Mobile Technology TL-58 | Socket M2/S1G1 | 1900/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 274.608 GiB free. D: is CDROM (UDF) E: is FIXED (NTFS) - 99 GiB total, 49.343 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . CCleaner Eusing Free Registry Cleaner Google Chrome Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Magical Jelly Bean KeyFinder Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Security Client Microsoft Security Essentials Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service REALTEK RTL8187B Wireless LAN Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Synaptics Pointing Device Driver TOSHIBA Supervisor Password Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) . ==== End Of File ===========================

Will do! Thanks again for everything.

Thanks, Mr. Charlie. Microsoft said they would respond within 4-6 weeks. Thanks for all your help, it's much appreciated!

okay here are the logs. # AdwCleaner v2.113 - Logfile created 02/27/2013 at 13:48:27 # Updated 23/02/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : michael - MA # Boot Mode : Normal # Running from : C:\Users\michael\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\Users\michael\AppData\Local\APN Folder Deleted : C:\Users\michael\AppData\LocalLow\AskToolbar Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Google Chrome v25.0.1364.97 File : C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2176 octets] - [26/02/2013 22:21:03] AdwCleaner[R2].txt - [2236 octets] - [27/02/2013 13:47:39] AdwCleaner[R3].txt - [2296 octets] - [27/02/2013 13:47:55] AdwCleaner[s1].txt - [2267 octets] - [27/02/2013 13:48:27] ########## EOF - C:\AdwCleaner[s1].txt - [2327 octets] ########## Results of screen317's Security Check version 0.99.60 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 9 Java version out of Date! Adobe Reader 10.1.5 Adobe Reader out of Date! Google Chrome 24.0.1312.57 Google Chrome 25.0.1364.97 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 10% ````````````````````End of Log``````````````````````

It wouldn't work activating it online, by phone, or through customer service. The rep advised me to submit a counterfeit report and send the product to the Microsoft PID Center, which I'm doing right now.

I went to "change product key" and entered the key. The key has apparently been blocked by Microsoft now. It must have been compromised when the computer that the infection. I'm not sure what to do.

There is a sticker inside the plastic box that the Windows DVD came in.

Mr. Charlie, private message has been sent.

Hi Maurice, Yes, Mr. Charlie is helping me and that is the same system. Thanks for checking.