[Google Redirect Virus/Issue]

As of today I have not had any problems today. I updated Java and Adobe and both updated just fine. From the little I have used the internet today I have not had the redirect issue at all today. Is there anything else I need to do or am I good to go? Thanks again for all the help!

[Google Redirect Virus/Issue]

Sorry for the delayed response, I think the forums were down. My internet is working now after running the rootkit tool. Here are the logs below.

MBtyes mbar-log

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.11.03.01

Windows 7 Service Pack 1 x86 FAT32

Internet Explorer 9.0.8112.16421

twheeler :: 69KNGH1 [administrator]

11/27/2012 12:10:52 PM

mbar-log-2012-11-27 (12-10-52).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 26765

Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MBytes system-log

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: FAT32

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 3185168384, free: 2131046400

------------ Kernel report ------------

11/27/2012 12:03:05

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\mqxij.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\Drivers\fsbts.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys

\SystemRoot\System32\drivers\fsdfw.sys

\SystemRoot\System32\drivers\fses.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\e1e6032.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\udfs.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\parvdm.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\System32\drivers\rdpdr.sys

\SystemRoot\system32\drivers\tdtcp.sys

\SystemRoot\System32\DRIVERS\tssecsrv.sys

\SystemRoot\System32\Drivers\RDPWD.SYS

\SystemRoot\system32\drivers\spsys.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\setupapi.dll

\Windows\System32\usp10.dll

\Windows\System32\ole32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\comdlg32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\iertutil.dll

\Windows\System32\advapi32.dll

\Windows\System32\psapi.dll

\Windows\System32\kernel32.dll

\Windows\System32\shell32.dll

\Windows\System32\urlmon.dll

\Windows\System32\difxapi.dll

\Windows\System32\nsi.dll

\Windows\System32\imm32.dll

\Windows\System32\msctf.dll

\Windows\System32\user32.dll

\Windows\System32\sechost.dll

\Windows\System32\gdi32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\wininet.dll

\Windows\System32\ws2_32.dll

\Windows\System32\lpk.dll

\Windows\System32\shlwapi.dll

\Windows\System32\imagehlp.dll

\Windows\System32\normaliz.dll

\Windows\System32\msvcrt.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\wintrust.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\comctl32.dll

\Windows\System32\crypt32.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR5

Upper Device Object: 0xffffffff856a57c0

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000078\

Lower Device Object: 0xffffffff856aa728

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xffffffff86d6bac8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006b\

Lower Device Object: 0xffffffff86d35ca8

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xffffffff86d3c7b8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006a\

Lower Device Object: 0xffffffff86d35030

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xffffffff86d3c030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000069\

Lower Device Object: 0xffffffff86d37478

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff86d38548

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000068\

Lower Device Object: 0xffffffff86ca8030

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff86326030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\

Lower Device Object: 0xffffffff85e6d030

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Host not found

Initializing...

Done!

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff86326030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff86326d10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff86326030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff85e6d030, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffab608fb8, 0xffffffff86326030, 0xffffffff858334d0

Lower DeviceData: 0xffffffffab62da18, 0xffffffff85e6d030, 0xffffffff8584d478

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: A908A908

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 312496317

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 160000000000 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff86d38548, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff86d38228, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff86d38548, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff86ca8030, DeviceName: \Device\00000068\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xffffffff86d3c030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff86d3cd10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff86d3c030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff86d37478, DeviceName: \Device\00000069\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xffffffff86d3c7b8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff86d6b020, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff86d3c7b8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff86d35030, DeviceName: \Device\0000006a\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xffffffff86d6bac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff86d6b7a8, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff86d6bac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff86d35ca8, DeviceName: \Device\0000006b\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 512

Drive: 5, DevicePointer: 0xffffffff856a57c0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff868a14f0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff856a57c0, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff856aa728, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\

------------ End ----------

Upper DeviceData: 0xffffffff910546f8, 0xffffffff856a57c0, 0xffffffff856bc048

Lower DeviceData: 0xffffffff9d96d940, 0xffffffff856aa728, 0xffffffff8588ac20

Drive 5

Scanning MBR on drive 5...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 4DD5721

Partition information:

Partition 0 type is Other (0xc)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 31717376

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 16240345088 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.5.6 (11.27.2012:3)

OS: Windows 7 Professional x86

Ran by twheeler on Tue 11/27/2012 at 12:13:16.74

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Users\twheeler.MCOLLINS\AppData\Local\{5270069B-CC21-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]

Successfully deleted: [File] C:\Users\twheeler.MCOLLINS\appdata\local\Google\Chrome\Application\..\Extensions\chromeupdate.crx [Trojan:JS/Medfos.B]

~~~ Folders

Successfully deleted: [Folder] %cdJS/Medfos.A]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 11/27/2012 at 12:15:47.79

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Google Redirect Virus/Issue]

Thanks again for all of the help, here are the two logs posted below. However after i completed these two steps I am unable to go anywhere on the internet now.

FIXLOG

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2012

Ran by SYSTEM at 2012-11-27 10:11:20 Run:1

Running from I:\

==============================================

HKEY_USERS\twheeler.MCOLLINS\Software\Microsoft\Windows\CurrentVersion\Run\\ngeca Value deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).

C:\Users\twheeler.MCOLLINS\AppData\Roaming\ngeca.dll moved successfully.

C:\$Recycle.Bin\S-1-5-21-1582705245-1855416065-7473742-2004\$83ca970dd30cb2574d088815f7c9e83d moved successfully.

C:\$Recycle.Bin\S-1-5-18\$83ca970dd30cb2574d088815f7c9e83d moved successfully.

==== End of Fixlog ====

COMBOFIX

ComboFix 12-11-27.01 - twheeler 11/27/2012 10:19:17.2.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3038.2004 [GMT -5:00]

Running from: c:\users\twheeler.MCOLLINS\Desktop\ComboFix.exe

AV: F-Secure Client Security 9.31 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: F-Secure Client Security 9.31 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: F-Secure Client Security 9.31 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\twheeler.MCOLLINS\Desktop\Internet Explorer.lnk

c:\windows\XSxS

.

.

((((((((((((((((((((((((( Files Created from 2012-10-27 to 2012-11-27 )))))))))))))))))))))))))))))))

.

.

2012-11-27 17:39 . 2012-11-27 17:39 -------- d-----w- C:\FRST

2012-11-27 15:27 . 2012-11-27 15:27 -------- d-----w- c:\users\TWHEEL~1~MCO\AppData\Local\temp

2012-11-27 15:27 . 2012-11-27 15:27 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-11-27 15:27 . 2012-11-27 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-27 15:27 . 2012-11-27 15:27 -------- d-----w- c:\users\twheeler\AppData\Local\temp

2012-11-26 13:54 . 2012-11-26 13:54 -------- d-----w- c:\users\twheeler.MCOLLINS\AppData\Roaming\SUPERAntiSpyware.com

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-15 16:05 . 2012-04-12 21:52 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-10-09 00:58 . 2012-09-12 15:15 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 00:58 . 2012-02-06 14:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-30 00:54 . 2012-05-24 13:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 11:56 . 2012-09-28 11:57 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-28 11:56 . 2012-06-12 17:05 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-28 11:56 . 2012-06-12 17:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-16 12:05 . 2012-02-06 13:49 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"Spotify"="c:\users\twheeler.MCOLLINS\AppData\Roaming\Spotify\Spotify.exe" [2012-11-05 7880664]

"Spotify Web Helper"="c:\users\twheeler.MCOLLINS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-05 1199576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-06-12 12099672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-27 13683232]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-27 92704]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2012-06-26 306928]

"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2012-06-26 1654512]

"atchk"="c:\program files\Intel\AMT\atchk.exe" [2009-12-01 401408]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 MonitorUsbDnld;SymbolUSBDnld;c:\windows\system32\Drivers\Symbol_USB_Dwnld.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [x]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [x]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]

S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [x]

S2 CoreScanner;CoreScanner;c:\program files\Motorola Scanner\Common\CoreScanner.exe [x]

S2 fsdevcon;F-Secure Device Control Daemon;c:\program files\F-Secure\Device Control\\fsdevcon32.exe [x]

S2 rsmdriverproviderservice;RSM Driver Provider Service;c:\program files\Motorola Scanner\Common\RSMDriverProviderService.exe [x]

S2 ScnSrvc;Symbol Scanner Management;c:\program files\Motorola Scanner\Common\ScannerService.exe [x]

S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [x]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 00:58]

.

2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1582705245-1855416065-7473742-2004Core1cd61a3916fdbd6.job

- c:\users\twheeler.MCOLLINS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11 19:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local;<local>

LSP: c:\program files\F-Secure\FSPS\program\fslsp.dll

TCP: DhcpNameServer = 10.7.7.204 10.7.7.154 10.7.7.203

FF - ProfilePath - c:\users\twheeler.MCOLLINS\AppData\Roaming\Mozilla\Firefox\Profiles\3xlfu7by.default\

FF - ExtSQL: !HIDDEN! 2012-11-27 09:42; {a16643af-2f54-11e2-8271-b8ac6f996f26}; c:\users\twheeler.MCOLLINS\AppData\Roaming\Mozilla\Firefox\Profiles\3xlfu7by.default\extensions\{a16643af-2f54-11e2-8271-b8ac6f996f26}.xpi

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Intel\AMT\atchksrv.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\F-Secure\Anti-Virus\fsgk32st.exe

c:\program files\F-Secure\Device Control\fsdevcon32.exe

c:\program files\F-Secure\Anti-Virus\FSGK32.EXE

c:\program files\F-Secure\Common\FSMA32.EXE

c:\program files\Intel\AMT\LMS.exe

c:\program files\F-Secure\Common\FSHDLL32.EXE

c:\windows\system32\rundll32.exe

c:\program files\F-Secure\FWES\Program\fsdfwd.exe

c:\program files\F-Secure\Common\FNRB32.EXE

c:\program files\F-Secure\Common\FIH32.EXE

c:\program files\F-Secure\Anti-Virus\fssm32.exe

c:\windows\system32\WUDFHost.exe

c:\program files\F-Secure\Anti-Virus\fsav32.exe

c:\windows\system32\taskhost.exe

c:\program files\Motorola Scanner\Common\HidKeyboardEmulator.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2012-11-27 10:32:22 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-27 15:32

.

Pre-Run: 86,121,668,608 bytes free

Post-Run: 85,774,462,976 bytes free

.

- - End Of File - - 4362D060D3AB98AD073F399AEA4AF6CA

[Google Redirect Virus/Issue]

Sorry it took so long my computer was giving me a hard time. Here is the FRST Log included below

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2012

Ran by SYSTEM at 27-11-2012 09:40:11

Running from I:\

Windows 7 Professional (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM\...\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation)

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13683232 2009-02-26] (NVIDIA Corporation)

HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-02-26] (NVIDIA Corporation)

HKLM\...\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2005-02-16] (InstallShield Software Corporation)

HKLM\...\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash [306928 2012-06-26] (F-Secure Corporation)

HKLM\...\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW [1654512 2012-06-26] (F-Secure Corporation)

HKLM\...\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" [401408 2009-12-01] (Intel Corporation)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKU\twheeler.MCOLLINS\...\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2005-02-16] (InstallShield Software Corporation)

HKU\twheeler.MCOLLINS\...\Run: [spotify] "C:\Users\twheeler.MCOLLINS\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7880664 2012-11-05] (Spotify Ltd)

HKU\twheeler.MCOLLINS\...\Run: [spotify Web Helper] "C:\Users\twheeler.MCOLLINS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-11-05] (Spotify Ltd)

HKU\twheeler.MCOLLINS\...\Run: [ngeca] "C:\Windows\System32\rundll32.exe" "C:\Users\twheeler.MCOLLINS\AppData\Roaming\ngeca.dll",EOFError [351232 2012-11-15] (Promise Technology,Inc)

HKU\twheeler.MCOLLINS\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4763008 2012-11-01] (SUPERAntiSpyware.com)

HKU\twheeler.MCOLLINS\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex [692152 2012-10-08] (Adobe Systems Incorporated)

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess

Tcpip\Parameters: [DhcpNameServer] 10.7.7.204 10.7.7.154 10.7.7.203

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-07-11] (SUPERAntiSpyware.com)

2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation)

2 CoreScanner; "C:\Program Files\Motorola Scanner\Common\CoreScanner.exe" [217088 2011-06-13] (Motorola Solutions, Inc.)

2 F-Secure Gatekeeper Handler Starter; "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe" [220912 2012-06-26] (F-Secure Corporation)

3 F-Secure Network Request Broker; "C:\Program Files\F-Secure\Common\FNRB32.EXE" [188144 2012-06-26] (F-Secure Corporation)

2 fsdevcon; "C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe" [404160 2012-02-06] (F-Secure Corporation)

3 FSDFWD; "C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe" [557760 2012-02-06] (F-Secure Corporation)

2 FSMA; "C:\Program Files\F-Secure\Common\FSMA32.EXE" [188144 2012-06-26] (F-Secure Corporation)

3 FSORSPClient; "C:\Program Files\F-Secure\ORSP Client\fsorsp.exe" [62144 2012-02-06] (F-Secure Corporation)

2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel)

2 rsmdriverproviderservice; C:\Program Files\Motorola Scanner\Common\RSMDriverProviderService.exe [61440 2011-06-13] (Motorola Solutions, Inc.)

2 ScnSrvc; C:\Program Files\Motorola Scanner\Common\ScannerService.exe [176128 2011-06-13] (Motorola Solutions, Inc.)

2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel)

==================== Drivers (Whitelisted) ====================

3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-08-02] (LG Electronics Inc.)

3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20864 2010-08-02] (LG Electronics Inc.)

3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [19968 2010-08-02] (LG Electronics Inc.)

3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [24960 2010-08-02] (LG Electronics Inc.)

3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [25728 2010-08-02] (Google Inc)

4 F-Secure Filter; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [41072 2012-06-26] ()

3 F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [144440 2012-10-31] ()

4 F-Secure Recognizer; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [26352 2012-06-26] ()

0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2012-10-15] ()

1 FSES; C:\Windows\System32\drivers\fses.sys [37952 2012-02-06] (F-Secure Corporation)

1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [73664 2012-02-06] (F-Secure Corporation)

1 fsvista; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [13552 2012-06-26] ()

3 MonitorUsbDnld; C:\Windows\System32\Drivers\Symbol_USB_Dwnld.sys [36570 2003-12-01] (Your Corporation)

1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

3 catchme; \??\C:\Users\TWHEEL~1.MCO\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-11-27 06:16 - 2012-11-27 06:16 - 00907994 ____A (Farbar) C:\Users\twheeler.MCOLLINS\Desktop\FRST.exe

2012-11-27 06:03 - 2012-11-27 06:03 - 00013561 ____A C:\Users\twheeler.MCOLLINS\Desktop\dds.txt

2012-11-27 06:03 - 2012-11-27 06:03 - 00009353 ____A C:\Users\twheeler.MCOLLINS\Desktop\attach.txt

2012-11-27 05:53 - 2012-11-27 05:53 - 00688992 ____R (Swearware) C:\Users\twheeler.MCOLLINS\Desktop\dds.com

2012-11-26 05:54 - 2012-11-26 05:54 - 00000000 ____D C:\Users\twheeler.MCOLLINS\AppData\Roaming\SUPERAntiSpyware.com

2012-11-26 05:53 - 2012-11-26 05:54 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2012-11-26 05:53 - 2012-11-26 05:53 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com

2012-11-20 12:11 - 2012-11-27 06:19 - 00006465 ____A C:\Users\twheeler.MCOLLINS\AppData\Local\chromeupdate.crx

2012-11-15 10:44 - 2012-11-15 10:44 - 00351232 ____A (Promise Technology,Inc) C:\Users\twheeler.MCOLLINS\AppData\Roaming\ngeca.dll

2012-11-14 13:52 - 2012-11-14 13:52 - 00000515 ____A C:\Users\All Users\DVRSupport.log

2012-11-09 10:31 - 2012-11-09 10:31 - 00005548 ____A C:\Users\All Users\DVRClient.log

==================== One Month Modified Files and Folders ========

2012-11-27 09:39 - 2012-11-27 09:39 - 00000000 ____D C:\FRST

2012-11-27 06:20 - 2012-02-03 15:28 - 01607530 ____A C:\Windows\WindowsUpdate.log

2012-11-27 06:19 - 2012-11-20 12:11 - 00006465 ____A C:\Users\twheeler.MCOLLINS\AppData\Local\chromeupdate.crx

2012-11-27 06:18 - 2010-11-20 13:01 - 00737484 ____A C:\Windows\System32\PerfStringBackup.INI

2012-11-27 06:16 - 2012-11-27 06:16 - 00907994 ____A (Farbar) C:\Users\twheeler.MCOLLINS\Desktop\FRST.exe

2012-11-27 06:10 - 2012-02-03 12:31 - 00000248 ____A C:\Windows\System32\config\netlogon.ftl

2012-11-27 06:03 - 2012-11-27 06:03 - 00013561 ____A C:\Users\twheeler.MCOLLINS\Desktop\dds.txt

2012-11-27 06:03 - 2012-11-27 06:03 - 00009353 ____A C:\Users\twheeler.MCOLLINS\Desktop\attach.txt

2012-11-27 05:58 - 2012-09-12 07:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-11-27 05:53 - 2012-11-27 05:53 - 00688992 ____R (Swearware) C:\Users\twheeler.MCOLLINS\Desktop\dds.com

2012-11-27 05:51 - 2012-10-15 08:03 - 00000000 ____D C:\Users\twheeler.MCOLLINS\AppData\Roaming\Spotify

2012-11-26 13:57 - 2012-10-15 08:03 - 00000000 ____D C:\Users\twheeler.MCOLLINS\AppData\Local\Spotify

2012-11-26 11:35 - 2012-09-14 07:45 - 00038400 ____A C:\Users\twheeler.MCOLLINS\Desktop\2001 Dodge Maint-Fuel 11-26-12.xls

2012-11-26 09:15 - 2012-02-08 06:23 - 00002030 ___AH C:\Users\twheeler.MCOLLINS\Documents\Default.rdp

2012-11-26 05:54 - 2012-11-26 05:54 - 00000000 ____D C:\Users\twheeler.MCOLLINS\AppData\Roaming\SUPERAntiSpyware.com

2012-11-26 05:54 - 2012-11-26 05:53 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2012-11-26 05:53 - 2012-11-26 05:53 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com

2012-11-20 12:15 - 2009-07-13 20:34 - 00025904 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-11-20 12:15 - 2009-07-13 20:34 - 00025904 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-11-20 12:11 - 2012-02-06 05:56 - 00000000 ____D C:\Users\twheeler.MCOLLINS\Tracing

2012-11-20 12:08 - 2012-05-15 05:18 - 00000106 ____A C:\Windows\System32\symbscnr.log

2012-11-20 12:08 - 2012-05-15 05:18 - 00000000 ____A C:\Windows\System32\symbscnrsvc.log

2012-11-20 12:08 - 2010-11-20 13:48 - 00190908 ____A C:\Windows\PFRO.log

2012-11-20 12:08 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-11-20 12:08 - 2009-07-13 20:39 - 00069786 ____A C:\Windows\setupact.log

2012-11-20 11:00 - 2012-05-24 05:05 - 00001063 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-11-20 11:00 - 2012-05-24 05:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-11-15 10:44 - 2012-11-15 10:44 - 00351232 ____A (Promise Technology,Inc) C:\Users\twheeler.MCOLLINS\AppData\Roaming\ngeca.dll

2012-11-15 10:07 - 2012-05-15 05:18 - 00000106 ____A C:\Windows\System32\symbscnr.log.bak

2012-11-14 13:53 - 2012-10-19 07:37 - 00071406 ____A C:\Users\All Users\DVRCommunication.log

2012-11-14 13:52 - 2012-11-14 13:52 - 00000515 ____A C:\Users\All Users\DVRSupport.log

2012-11-13 13:08 - 2012-02-06 06:43 - 00000000 ____D C:\Users\twheeler.MCOLLINS\Desktop\Me

2012-11-09 10:31 - 2012-11-09 10:31 - 00005548 ____A C:\Users\All Users\DVRClient.log

2012-11-02 09:05 - 2012-10-16 06:46 - 00000132 ____A C:\Users\twheeler.MCOLLINS\AppData\Roaming\Adobe GIF Format CS5 Prefs

2012-10-28 13:38 - 2012-02-03 12:33 - 00007748 _RASH C:\Users\All Users\ntuser.pol

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-1582705245-1855416065-7473742-2004\$83ca970dd30cb2574d088815f7c9e83d

ZeroAccess:

C:\$Recycle.Bin\S-1-5-18\$83ca970dd30cb2574d088815f7c9e83d

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-18 20:00:14

Restore point made on: 2012-10-26 20:00:15

Restore point made on: 2012-11-07 08:41:59

Restore point made on: 2012-11-15 14:22:04

Restore point made on: 2012-11-26 13:36:56

Restore point made on: 2012-11-27 05:48:01

==================== Memory info ===========================

Percentage of memory in use: 21%

Total physical RAM: 3037.61 MB

Available physical RAM: 2397.12 MB

Total Pagefile: 3035.89 MB

Available Pagefile: 2403.64 MB

Total Virtual: 2047.88 MB

Available Virtual: 1954.3 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:149.01 GB) (Free:79.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

3 Drive e: (WIN_7_PROFESSIONAL) (CDROM) (Total:4.78 GB) (Free:0 GB) UDF

7 Drive i: (CORSAIR) (Removable) (Total:15.12 GB) (Free:9.84 GB) FAT32

8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 149 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 Online 15 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 149 GB 31 KB

=========================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 149 GB Healthy

=========================================================

Partitions of Disk 5:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 15 GB 1024 KB

=========================================================

Disk: 5

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 6 I CORSAIR FAT32 Removable 15 GB Healthy

=========================================================

Last Boot: 2012-11-15 14:14

==================== End Of Log ============================

[Google Redirect Virus/Issue]

Hello,

Some co-workers of mine have used this site before and recommended me to come here for some help. I have ran MB and it found a couple "infections" I thought that I had solved the issue. However today I am still getting redirects when googling to http://63.209.69.107 and few other addresses. I honestly have no clue what else to do in these case so I came here for help.

I have attached the logs below, any help would be greatly appreciated.

Thanks ahead!

attach.txt

dds.txt