IMowGrass

As of today I have not had any problems today. I updated Java and Adobe and both updated just fine. From the little I have used the internet today I have not had the redirect issue at all today. Is there anything else I need to do or am I good to go? Thanks again for all the help!

Sorry for the delayed response, I think the forums were down. My internet is working now after running the rootkit tool. Here are the logs below. MBtyes mbar-log Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.03.01 Windows 7 Service Pack 1 x86 FAT32 Internet Explorer 9.0.8112.16421 twheeler :: 69KNGH1 [administrator] 11/27/2012 12:10:52 PM mbar-log-2012-11-27 (12-10-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 26765 Time elapsed: 7 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) MBytes system-log --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: FAT32 Disk drives: C:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 3185168384, free: 2131046400 ------------ Kernel report ------------ 11/27/2012 12:03:05 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\mqxij.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\Drivers\fsbts.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys \SystemRoot\System32\drivers\fsdfw.sys \SystemRoot\System32\drivers\fses.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\e1e6032.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\parvdm.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\rdpdr.sys \SystemRoot\system32\drivers\tdtcp.sys \SystemRoot\System32\DRIVERS\tssecsrv.sys \SystemRoot\System32\Drivers\RDPWD.SYS \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\setupapi.dll \Windows\System32\usp10.dll \Windows\System32\ole32.dll \Windows\System32\clbcatq.dll \Windows\System32\comdlg32.dll \Windows\System32\oleaut32.dll \Windows\System32\iertutil.dll \Windows\System32\advapi32.dll \Windows\System32\psapi.dll \Windows\System32\kernel32.dll \Windows\System32\shell32.dll \Windows\System32\urlmon.dll \Windows\System32\difxapi.dll \Windows\System32\nsi.dll \Windows\System32\imm32.dll \Windows\System32\msctf.dll \Windows\System32\user32.dll \Windows\System32\sechost.dll \Windows\System32\gdi32.dll \Windows\System32\Wldap32.dll \Windows\System32\wininet.dll \Windows\System32\ws2_32.dll \Windows\System32\lpk.dll \Windows\System32\shlwapi.dll \Windows\System32\imagehlp.dll \Windows\System32\normaliz.dll \Windows\System32\msvcrt.dll \Windows\System32\rpcrt4.dll \Windows\System32\wintrust.dll \Windows\System32\cfgmgr32.dll \Windows\System32\KernelBase.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xffffffff856a57c0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000078\ Lower Device Object: 0xffffffff856aa728 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xffffffff86d6bac8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006b\ Lower Device Object: 0xffffffff86d35ca8 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xffffffff86d3c7b8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006a\ Lower Device Object: 0xffffffff86d35030 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xffffffff86d3c030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000069\ Lower Device Object: 0xffffffff86d37478 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff86d38548 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000068\ Lower Device Object: 0xffffffff86ca8030 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86326030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\ Lower Device Object: 0xffffffff85e6d030 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Host not found Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff86326030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86326d10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff86326030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85e6d030, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffab608fb8, 0xffffffff86326030, 0xffffffff858334d0 Lower DeviceData: 0xffffffffab62da18, 0xffffffff85e6d030, 0xffffffff8584d478 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: A908A908 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 312496317 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160000000000 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff86d38548, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86d38228, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff86d38548, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86ca8030, DeviceName: \Device\00000068\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff86d3c030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86d3cd10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff86d3c030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86d37478, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff86d3c7b8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86d6b020, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff86d3c7b8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86d35030, DeviceName: \Device\0000006a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff86d6bac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86d6b7a8, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff86d6bac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86d35ca8, DeviceName: \Device\0000006b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 5, DevicePointer: 0xffffffff856a57c0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff868a14f0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff856a57c0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff856aa728, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0xffffffff910546f8, 0xffffffff856a57c0, 0xffffffff856bc048 Lower DeviceData: 0xffffffff9d96d940, 0xffffffff856aa728, 0xffffffff8588ac20 Drive 5 Scanning MBR on drive 5... Inspecting partition table: MBR Signature: 55AA Disk Signature: 4DD5721 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 31717376 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 16240345088 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Done! Scan finished ======================================= JRT Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.5.6 (11.27.2012:3) OS: Windows 7 Professional x86 Ran by twheeler on Tue 11/27/2012 at 12:13:16.74 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Users\twheeler.MCOLLINS\AppData\Local\{5270069B-CC21-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A] Successfully deleted: [File] C:\Users\twheeler.MCOLLINS\appdata\local\Google\Chrome\Application\..\Extensions\chromeupdate.crx [Trojan:JS/Medfos.B] ~~~ Folders Successfully deleted: [Folder] %cdJS/Medfos.A] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 11/27/2012 at 12:15:47.79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks again for all of the help, here are the two logs posted below. However after i completed these two steps I am unable to go anywhere on the internet now. FIXLOG Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2012 Ran by SYSTEM at 2012-11-27 10:11:20 Run:1 Running from I:\ ============================================== HKEY_USERS\twheeler.MCOLLINS\Software\Microsoft\Windows\CurrentVersion\Run\\ngeca Value deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully . [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present). C:\Users\twheeler.MCOLLINS\AppData\Roaming\ngeca.dll moved successfully. C:\$Recycle.Bin\S-1-5-21-1582705245-1855416065-7473742-2004\$83ca970dd30cb2574d088815f7c9e83d moved successfully. C:\$Recycle.Bin\S-1-5-18\$83ca970dd30cb2574d088815f7c9e83d moved successfully. ==== End of Fixlog ==== COMBOFIX ComboFix 12-11-27.01 - twheeler 11/27/2012 10:19:17.2.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3038.2004 [GMT -5:00] Running from: c:\users\twheeler.MCOLLINS\Desktop\ComboFix.exe AV: F-Secure Client Security 9.31 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: F-Secure Client Security 9.31 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: F-Secure Client Security 9.31 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\twheeler.MCOLLINS\Desktop\Internet Explorer.lnk c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2012-10-27 to 2012-11-27 ))))))))))))))))))))))))))))))) . . 2012-11-27 17:39 . 2012-11-27 17:39 -------- d-----w- C:\FRST 2012-11-27 15:27 . 2012-11-27 15:27 -------- d-----w- c:\users\TWHEEL~1~MCO\AppData\Local\temp 2012-11-27 15:27 . 2012-11-27 15:27 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-27 15:27 . 2012-11-27 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-27 15:27 . 2012-11-27 15:27 -------- d-----w- c:\users\twheeler\AppData\Local\temp 2012-11-26 13:54 . 2012-11-26 13:54 -------- d-----w- c:\users\twheeler.MCOLLINS\AppData\Roaming\SUPERAntiSpyware.com . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-15 16:05 . 2012-04-12 21:52 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys 2012-10-09 00:58 . 2012-09-12 15:15 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 00:58 . 2012-02-06 14:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-30 00:54 . 2012-05-24 13:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-28 11:56 . 2012-09-28 11:57 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-28 11:56 . 2012-06-12 17:05 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-28 11:56 . 2012-06-12 17:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-16 12:05 . 2012-02-06 13:49 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184] "Spotify"="c:\users\twheeler.MCOLLINS\AppData\Roaming\Spotify\Spotify.exe" [2012-11-05 7880664] "Spotify Web Helper"="c:\users\twheeler.MCOLLINS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-05 1199576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-06-12 12099672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-27 13683232] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-27 92704] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2012-06-26 306928] "F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2012-06-26 1654512] "atchk"="c:\program files\Intel\AMT\atchk.exe" [2009-12-01 401408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 MonitorUsbDnld;SymbolUSBDnld;c:\windows\system32\Drivers\Symbol_USB_Dwnld.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [x] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [x] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x] S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [x] S2 CoreScanner;CoreScanner;c:\program files\Motorola Scanner\Common\CoreScanner.exe [x] S2 fsdevcon;F-Secure Device Control Daemon;c:\program files\F-Secure\Device Control\\fsdevcon32.exe [x] S2 rsmdriverproviderservice;RSM Driver Provider Service;c:\program files\Motorola Scanner\Common\RSMDriverProviderService.exe [x] S2 ScnSrvc;Symbol Scanner Management;c:\program files\Motorola Scanner\Common\ScannerService.exe [x] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [x] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 00:58] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1582705245-1855416065-7473742-2004Core1cd61a3916fdbd6.job - c:\users\twheeler.MCOLLINS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11 19:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = *.local;<local> LSP: c:\program files\F-Secure\FSPS\program\fslsp.dll TCP: DhcpNameServer = 10.7.7.204 10.7.7.154 10.7.7.203 FF - ProfilePath - c:\users\twheeler.MCOLLINS\AppData\Roaming\Mozilla\Firefox\Profiles\3xlfu7by.default\ FF - ExtSQL: !HIDDEN! 2012-11-27 09:42; {a16643af-2f54-11e2-8271-b8ac6f996f26}; c:\users\twheeler.MCOLLINS\AppData\Roaming\Mozilla\Firefox\Profiles\3xlfu7by.default\extensions\{a16643af-2f54-11e2-8271-b8ac6f996f26}.xpi . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Intel\AMT\atchksrv.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\F-Secure\Anti-Virus\fsgk32st.exe c:\program files\F-Secure\Device Control\fsdevcon32.exe c:\program files\F-Secure\Anti-Virus\FSGK32.EXE c:\program files\F-Secure\Common\FSMA32.EXE c:\program files\Intel\AMT\LMS.exe c:\program files\F-Secure\Common\FSHDLL32.EXE c:\windows\system32\rundll32.exe c:\program files\F-Secure\FWES\Program\fsdfwd.exe c:\program files\F-Secure\Common\FNRB32.EXE c:\program files\F-Secure\Common\FIH32.EXE c:\program files\F-Secure\Anti-Virus\fssm32.exe c:\windows\system32\WUDFHost.exe c:\program files\F-Secure\Anti-Virus\fsav32.exe c:\windows\system32\taskhost.exe c:\program files\Motorola Scanner\Common\HidKeyboardEmulator.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2012-11-27 10:32:22 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-27 15:32 . Pre-Run: 86,121,668,608 bytes free Post-Run: 85,774,462,976 bytes free . - - End Of File - - 4362D060D3AB98AD073F399AEA4AF6CA

Sorry it took so long my computer was giving me a hard time. Here is the FRST Log included below Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2012 Ran by SYSTEM at 27-11-2012 09:40:11 Running from I:\ Windows 7 Professional (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation) HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13683232 2009-02-26] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-02-26] (NVIDIA Corporation) HKLM\...\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2005-02-16] (InstallShield Software Corporation) HKLM\...\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash [306928 2012-06-26] (F-Secure Corporation) HKLM\...\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW [1654512 2012-06-26] (F-Secure Corporation) HKLM\...\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" [401408 2009-12-01] (Intel Corporation) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.) HKU\twheeler.MCOLLINS\...\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2005-02-16] (InstallShield Software Corporation) HKU\twheeler.MCOLLINS\...\Run: [spotify] "C:\Users\twheeler.MCOLLINS\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7880664 2012-11-05] (Spotify Ltd) HKU\twheeler.MCOLLINS\...\Run: [spotify Web Helper] "C:\Users\twheeler.MCOLLINS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-11-05] (Spotify Ltd) HKU\twheeler.MCOLLINS\...\Run: [ngeca] "C:\Windows\System32\rundll32.exe" "C:\Users\twheeler.MCOLLINS\AppData\Roaming\ngeca.dll",EOFError [351232 2012-11-15] (Promise Technology,Inc) HKU\twheeler.MCOLLINS\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4763008 2012-11-01] (SUPERAntiSpyware.com) HKU\twheeler.MCOLLINS\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex [692152 2012-10-08] (Adobe Systems Incorporated) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess Tcpip\Parameters: [DhcpNameServer] 10.7.7.204 10.7.7.154 10.7.7.203 ==================== Services (Whitelisted) =================== 2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-07-11] (SUPERAntiSpyware.com) 2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) 2 CoreScanner; "C:\Program Files\Motorola Scanner\Common\CoreScanner.exe" [217088 2011-06-13] (Motorola Solutions, Inc.) 2 F-Secure Gatekeeper Handler Starter; "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe" [220912 2012-06-26] (F-Secure Corporation) 3 F-Secure Network Request Broker; "C:\Program Files\F-Secure\Common\FNRB32.EXE" [188144 2012-06-26] (F-Secure Corporation) 2 fsdevcon; "C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe" [404160 2012-02-06] (F-Secure Corporation) 3 FSDFWD; "C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe" [557760 2012-02-06] (F-Secure Corporation) 2 FSMA; "C:\Program Files\F-Secure\Common\FSMA32.EXE" [188144 2012-06-26] (F-Secure Corporation) 3 FSORSPClient; "C:\Program Files\F-Secure\ORSP Client\fsorsp.exe" [62144 2012-02-06] (F-Secure Corporation) 2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) 2 rsmdriverproviderservice; C:\Program Files\Motorola Scanner\Common\RSMDriverProviderService.exe [61440 2011-06-13] (Motorola Solutions, Inc.) 2 ScnSrvc; C:\Program Files\Motorola Scanner\Common\ScannerService.exe [176128 2011-06-13] (Motorola Solutions, Inc.) 2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) ==================== Drivers (Whitelisted) ==================== 3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-08-02] (LG Electronics Inc.) 3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20864 2010-08-02] (LG Electronics Inc.) 3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [19968 2010-08-02] (LG Electronics Inc.) 3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [24960 2010-08-02] (LG Electronics Inc.) 3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [25728 2010-08-02] (Google Inc) 4 F-Secure Filter; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [41072 2012-06-26] () 3 F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [144440 2012-10-31] () 4 F-Secure Recognizer; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [26352 2012-06-26] () 0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2012-10-15] () 1 FSES; C:\Windows\System32\drivers\fses.sys [37952 2012-02-06] (F-Secure Corporation) 1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [73664 2012-02-06] (F-Secure Corporation) 1 fsvista; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [13552 2012-06-26] () 3 MonitorUsbDnld; C:\Windows\System32\Drivers\Symbol_USB_Dwnld.sys [36570 2003-12-01] (Your Corporation) 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 3 catchme; \??\C:\Users\TWHEEL~1.MCO\AppData\Local\Temp\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-11-27 06:16 - 2012-11-27 06:16 - 00907994 ____A (Farbar) C:\Users\twheeler.MCOLLINS\Desktop\FRST.exe 2012-11-27 06:03 - 2012-11-27 06:03 - 00013561 ____A C:\Users\twheeler.MCOLLINS\Desktop\dds.txt 2012-11-27 06:03 - 2012-11-27 06:03 - 00009353 ____A C:\Users\twheeler.MCOLLINS\Desktop\attach.txt 2012-11-27 05:53 - 2012-11-27 05:53 - 00688992 ____R (Swearware) C:\Users\twheeler.MCOLLINS\Desktop\dds.com 2012-11-26 05:54 - 2012-11-26 05:54 - 00000000 ____D C:\Users\twheeler.MCOLLINS\AppData\Roaming\SUPERAntiSpyware.com 2012-11-26 05:53 - 2012-11-26 05:54 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2012-11-26 05:53 - 2012-11-26 05:53 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-11-20 12:11 - 2012-11-27 06:19 - 00006465 ____A C:\Users\twheeler.MCOLLINS\AppData\Local\chromeupdate.crx 2012-11-15 10:44 - 2012-11-15 10:44 - 00351232 ____A (Promise Technology,Inc) C:\Users\twheeler.MCOLLINS\AppData\Roaming\ngeca.dll 2012-11-14 13:52 - 2012-11-14 13:52 - 00000515 ____A C:\Users\All Users\DVRSupport.log 2012-11-09 10:31 - 2012-11-09 10:31 - 00005548 ____A C:\Users\All Users\DVRClient.log ==================== One Month Modified Files and Folders ======== 2012-11-27 09:39 - 2012-11-27 09:39 - 00000000 ____D C:\FRST 2012-11-27 06:20 - 2012-02-03 15:28 - 01607530 ____A C:\Windows\WindowsUpdate.log 2012-11-27 06:19 - 2012-11-20 12:11 - 00006465 ____A C:\Users\twheeler.MCOLLINS\AppData\Local\chromeupdate.crx 2012-11-27 06:18 - 2010-11-20 13:01 - 00737484 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-27 06:16 - 2012-11-27 06:16 - 00907994 ____A (Farbar) C:\Users\twheeler.MCOLLINS\Desktop\FRST.exe 2012-11-27 06:10 - 2012-02-03 12:31 - 00000248 ____A C:\Windows\System32\config\netlogon.ftl 2012-11-27 06:03 - 2012-11-27 06:03 - 00013561 ____A C:\Users\twheeler.MCOLLINS\Desktop\dds.txt 2012-11-27 06:03 - 2012-11-27 06:03 - 00009353 ____A C:\Users\twheeler.MCOLLINS\Desktop\attach.txt 2012-11-27 05:58 - 2012-09-12 07:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-11-27 05:53 - 2012-11-27 05:53 - 00688992 ____R (Swearware) C:\Users\twheeler.MCOLLINS\Desktop\dds.com 2012-11-27 05:51 - 2012-10-15 08:03 - 00000000 ____D C:\Users\twheeler.MCOLLINS\AppData\Roaming\Spotify 2012-11-26 13:57 - 2012-10-15 08:03 - 00000000 ____D C:\Users\twheeler.MCOLLINS\AppData\Local\Spotify 2012-11-26 11:35 - 2012-09-14 07:45 - 00038400 ____A C:\Users\twheeler.MCOLLINS\Desktop\2001 Dodge Maint-Fuel 11-26-12.xls 2012-11-26 09:15 - 2012-02-08 06:23 - 00002030 ___AH C:\Users\twheeler.MCOLLINS\Documents\Default.rdp 2012-11-26 05:54 - 2012-11-26 05:54 - 00000000 ____D C:\Users\twheeler.MCOLLINS\AppData\Roaming\SUPERAntiSpyware.com 2012-11-26 05:54 - 2012-11-26 05:53 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2012-11-26 05:53 - 2012-11-26 05:53 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-11-20 12:15 - 2009-07-13 20:34 - 00025904 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-20 12:15 - 2009-07-13 20:34 - 00025904 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-20 12:11 - 2012-02-06 05:56 - 00000000 ____D C:\Users\twheeler.MCOLLINS\Tracing 2012-11-20 12:08 - 2012-05-15 05:18 - 00000106 ____A C:\Windows\System32\symbscnr.log 2012-11-20 12:08 - 2012-05-15 05:18 - 00000000 ____A C:\Windows\System32\symbscnrsvc.log 2012-11-20 12:08 - 2010-11-20 13:48 - 00190908 ____A C:\Windows\PFRO.log 2012-11-20 12:08 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-20 12:08 - 2009-07-13 20:39 - 00069786 ____A C:\Windows\setupact.log 2012-11-20 11:00 - 2012-05-24 05:05 - 00001063 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-20 11:00 - 2012-05-24 05:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-11-15 10:44 - 2012-11-15 10:44 - 00351232 ____A (Promise Technology,Inc) C:\Users\twheeler.MCOLLINS\AppData\Roaming\ngeca.dll 2012-11-15 10:07 - 2012-05-15 05:18 - 00000106 ____A C:\Windows\System32\symbscnr.log.bak 2012-11-14 13:53 - 2012-10-19 07:37 - 00071406 ____A C:\Users\All Users\DVRCommunication.log 2012-11-14 13:52 - 2012-11-14 13:52 - 00000515 ____A C:\Users\All Users\DVRSupport.log 2012-11-13 13:08 - 2012-02-06 06:43 - 00000000 ____D C:\Users\twheeler.MCOLLINS\Desktop\Me 2012-11-09 10:31 - 2012-11-09 10:31 - 00005548 ____A C:\Users\All Users\DVRClient.log 2012-11-02 09:05 - 2012-10-16 06:46 - 00000132 ____A C:\Users\twheeler.MCOLLINS\AppData\Roaming\Adobe GIF Format CS5 Prefs 2012-10-28 13:38 - 2012-02-03 12:33 - 00007748 _RASH C:\Users\All Users\ntuser.pol ZeroAccess: C:\$Recycle.Bin\S-1-5-21-1582705245-1855416065-7473742-2004\$83ca970dd30cb2574d088815f7c9e83d ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$83ca970dd30cb2574d088815f7c9e83d ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-10-18 20:00:14 Restore point made on: 2012-10-26 20:00:15 Restore point made on: 2012-11-07 08:41:59 Restore point made on: 2012-11-15 14:22:04 Restore point made on: 2012-11-26 13:36:56 Restore point made on: 2012-11-27 05:48:01 ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 3037.61 MB Available physical RAM: 2397.12 MB Total Pagefile: 3035.89 MB Available Pagefile: 2403.64 MB Total Virtual: 2047.88 MB Available Virtual: 1954.3 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:149.01 GB) (Free:79.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive e: (WIN_7_PROFESSIONAL) (CDROM) (Total:4.78 GB) (Free:0 GB) UDF 7 Drive i: (CORSAIR) (Removable) (Total:15.12 GB) (Free:9.84 GB) FAT32 8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 Online 15 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 149 GB 31 KB ========================================================= Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 149 GB Healthy ========================================================= Partitions of Disk 5: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 15 GB 1024 KB ========================================================= Disk: 5 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 6 I CORSAIR FAT32 Removable 15 GB Healthy ========================================================= Last Boot: 2012-11-15 14:14 ==================== End Of Log ============================

Hello, Some co-workers of mine have used this site before and recommended me to come here for some help. I have ran MB and it found a couple "infections" I thought that I had solved the issue. However today I am still getting redirects when googling to http://63.209.69.107 and few other addresses. I honestly have no clue what else to do in these case so I came here for help. I have attached the logs below, any help would be greatly appreciated. Thanks ahead! attach.txt dds.txt