wrund

Nothing was found, seems like it's running fine. I'll be back on it later today. Really appreciate all the help.

Another one AdwCleanerS1.txt JRT.txt

Here you go. AdwCleanerR1.txt

I did run MBAR twice, yes. Attached is the ComboFix log. Thanks for the help. combofix.txt

Okay, I was able to run the test. Two logs attached. mbar-log-2013-07-29 (20-44-31).txt system-log.txt

Got it unzipped. It cannot run because it says the QtGui4.dll is missing.

Apparently I have no way to unzip the file.

RogueKiller just stalls after 3 minutes, after an hour, no progress.

And here is the Rkiller- Rkill 2.5.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/28/2013 10:25:39 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Users\Warren\AppData\Local\Temp\C12A8FE3-8104-41A7-ADAA-BB93833B9FB1\dismhost.exe (PID: 3956) [T-HEUR] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * ALERT: ZEROACCESS rootkit symptoms found! * C:\Users\Warren\AppData\Local\{65f022bc-5c13-990d-42ef-21e1b2e0b37c}\ [ZA Dir] * C:\Users\Warren\AppData\Local\{65f022bc-5c13-990d-42ef-21e1b2e0b37c}\L\ [ZA Dir] * C:\Users\Warren\AppData\Local\{65f022bc-5c13-990d-42ef-21e1b2e0b37c}\U\ [ZA Dir] * C:\windows\Installer\{65f022bc-5c13-990d-42ef-21e1b2e0b37c}\ [ZA Dir] * C:\windows\Installer\{65f022bc-5c13-990d-42ef-21e1b2e0b37c}\L\ [ZA Dir] * C:\windows\Installer\{65f022bc-5c13-990d-42ef-21e1b2e0b37c}\U\ [ZA Dir] Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 07/28/2013 10:26:24 PM Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)

Here is a DDS log on the desktop- DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 Run by Warren at 10:29:43 on 2013-07-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2318 [GMT -7:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\HitmanPro\hmpsched.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Becrypt\Media Viewer\DPRMAgent.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe C:\windows\SysWOW64\NLSSRV32.EXE C:\windows\System32\svchost.exe -k HPZ12 C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\taskhost.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\Dwm.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\windows\Explorer.EXE C:\windows\System32\rundll32.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\TECO\Teco.exe C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe C:\Windows\System32\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\Users\Warren\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Fipsco Life Portraits\AHL\B2BMC-Starter.exe C:\windows\system32\igfxext.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Fipsco Life Portraits\AHL\AHLWebServer.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uProxyOverride = <local>;*.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} - <orphaned> BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll TB: RadioRage: {78ba36c9-6036-482b-b48d-ecca6f964b84} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [{55916796-294E-475F-8D08-53FE0E4707C7}] rundll32 "C:\Users\Warren\AppData\Local\{CCF16F53-5965-4C0D-8295-F2E197D86EFE}\{55916796-294E-475F-8D08-53FE0E4707C7}\egli.dll",DllRegisterServer mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [b2BMC_STARTER] "C:\Fipsco Life Portraits\AHL\B2BMC-Starter.exe" CLT=AHL mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Warren\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Warren\AppData\Roaming\Dropbox\bin\Dropbox.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{5D82369B-D6DB-45AC-9F19-FCBBB2BA6644} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5D82369B-D6DB-45AC-9F19-FCBBB2BA6644}\2375942554432353 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5D82369B-D6DB-45AC-9F19-FCBBB2BA6644}\354716765634F616368623 : DHCPNameServer = 69.239.80.99 69.239.80.99 TCP: Interfaces\{5D82369B-D6DB-45AC-9F19-FCBBB2BA6644}\3557E634F6163747D225F6F6D637D234F687 : DHCPNameServer = 68.105.28.12 68.105.29.11 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 bcfilter;BC Filter Driver;C:\windows\System32\drivers\bcflt64.sys [2010-2-23 18488] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384] R0 w2kenc;BC Encryption Filter Driver;C:\windows\System32\drivers\bcenc64.sys [2010-2-23 258104] R2 DPRMAgent;DPRMAgent;C:\Program Files\Becrypt\Media Viewer\DPRMAgent.exe [2010-7-9 1353728] R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-7-28 109352] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-4 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-4 682344] R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-3-25 230408] R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-3-25 204304] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-11-29 70152] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-21 2656280] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-4 24176] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-5-21 38096] R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-5-21 1109096] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-5-21 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632] R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;C:\windows\System32\drivers\PTUMWBus.sys [2011-7-27 70928] S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;C:\windows\System32\drivers\PTUMWCDF.sys [2011-7-27 24976] S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;C:\windows\System32\drivers\PTUMWCSP.sys [2011-7-27 173328] S3 PTUMWFLT;PTUMWNET Filter Driver;C:\windows\System32\drivers\PTUMWFLT.sys [2011-7-27 12688] S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;C:\windows\System32\drivers\PTUMWMdm.sys [2011-7-27 173328] S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;C:\windows\System32\drivers\PTUMWNET.sys [2011-7-27 143888] S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;C:\windows\System32\drivers\PTUMWNSP.sys [2011-7-27 173328] S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;C:\windows\System32\drivers\PTUMWVsp.sys [2011-7-27 173328] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-5-21 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-5-21 307304] S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-15 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-07-29 06:03:07 -------- d-----w- C:\Users\Warren\AppData\Local\{6BF2D83E-4FE4-4790-9063-93A133677DC7} 2013-07-29 05:53:29 -------- d-----w- C:\Program Files\HitmanPro 2013-07-29 05:51:38 -------- d-----w- C:\ProgramData\HitmanPro 2013-07-29 00:42:43 -------- d-----w- C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP 2013-07-27 20:49:59 -------- d-----w- C:\Users\Warren\AppData\Local\Smsi-VZam 2013-07-26 17:14:54 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9150298F-C980-47C6-9E55-EE391D9602E7}\mpengine.dll 2013-07-18 16:15:56 -------- d-----w- C:\Users\Warren\AppData\Local\Citrix 2013-07-17 17:31:28 -------- d-----w- C:\Users\Warren\AppData\Local\{11BC6EBE-C8D2-4685-A7A6-75A9CF0AA6F4} 2013-07-15 22:53:48 -------- d-----w- C:\Users\Warren\AppData\Local\{67BBF980-BE09-4463-9CF5-57AF16EA4CCB} 2013-07-13 14:30:45 -------- d-----w- C:\windows\System32\MRT 2013-07-12 22:34:18 -------- d-----r- C:\Users\Warren\Dropbox 2013-07-12 22:32:41 -------- d-----w- C:\Users\Warren\AppData\Roaming\Dropbox 2013-07-11 01:43:26 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll 2013-07-11 01:43:26 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll 2013-07-11 01:43:26 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll 2013-07-11 01:43:26 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll 2013-07-11 01:43:26 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll 2013-07-11 01:43:26 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll 2013-07-11 01:43:26 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll 2013-07-11 01:43:24 624128 ----a-w- C:\windows\System32\qedit.dll 2013-07-11 01:43:24 509440 ----a-w- C:\windows\SysWow64\qedit.dll 2013-07-11 01:43:23 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL 2013-07-11 01:43:23 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL 2013-07-11 01:31:10 3153920 ----a-w- C:\windows\System32\win32k.sys 2013-07-11 01:31:08 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-07-11 01:31:08 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2013-07-11 01:31:08 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2013-07-11 01:31:08 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 01:31:07 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 01:22:40 1643520 ----a-w- C:\windows\System32\DWrite.dll 2013-07-11 01:22:40 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll . ==================== Find3M ==================== . 2013-06-12 03:38:42 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 03:38:42 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe 2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-05-02 09:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe 2004-08-04 08:56:44 561179 ----a-w- C:\Program Files (x86)\Common Files\dao360.dll 2004-06-17 17:07:32 570128 ----a-w- C:\Program Files (x86)\Common Files\DAO350.DLL . ============= FINISH: 10:30:08.77 ===============

Hopefully I posted the above correctly.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/13/2011 4:46:01 PM System Uptime: 7/29/2013 7:52:09 AM (3 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 405.738 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: Description: Officejet Pro 8600 Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: Name: Officejet Pro 8600 PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: . ==== System Restore Points =================== . RP247: 7/28/2013 5:42:27 PM - Removed SpyHunter . ==== Installed Programs ====================== . 4500_G510gm_Help_Web 4500G510gm_Software_Min 4500G510gm_web 64 Bit HP CIO Components Installer 7-Zip 9.22beta 7Zip Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) MUI AllApp AllApp - LPES Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Becrypt Media Viewer Best Buy pc app Bonjour BufferChm Cisco EAP-FAST Module UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/13/2011 4:46:01 PM System Uptime: 7/29/2013 7:52:09 AM (3 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 405.738 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: Description: Officejet Pro 8600 Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: Name: Officejet Pro 8600 PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: . ==== System Restore Points =================== . RP247: 7/28/2013 5:42:27 PM - Removed SpyHunter . ==== Installed Programs ====================== . 4500_G510gm_Help_Web 4500G510gm_Software_Min 4500G510gm_web 64 Bit HP CIO Components Installer 7-Zip 9.22beta 7Zip Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) MUI AllApp AllApp - LPES Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Becrypt Media Viewer Best Buy pc app Bonjour BufferChm Cisco EAP-FAST Module

Starting a few days ago, Internet Explorer does the redirect whenever clicking on a link. Plus, now I get a window popping up all the time say Malware Bytes is blocking an outgoing address. As always, any help is much appreciated.

The 14th time was it, it finally posted the log- DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/13/2011 4:46:01 PM System Uptime: 12/3/2012 1:21:04 PM (1 hours ago) . Motherboard: Intel Corp. | | Base Board Product Name Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 402.857 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP161: 10/10/2012 11:49:52 AM - Scheduled Checkpoint RP162: 10/18/2012 8:46:20 AM - Scheduled Checkpoint RP163: 10/29/2012 12:33:03 PM - Scheduled Checkpoint RP164: 11/10/2012 8:21:30 AM - Scheduled Checkpoint RP165: 11/17/2012 10:53:30 PM - Scheduled Checkpoint RP166: 11/29/2012 9:30:16 PM - Installed TOSHIBA Service Station RP167: 12/2/2012 12:06:27 AM - Installed SpyHunter RP168: 12/2/2012 12:40:13 AM - Removed SpyHunter RP169: 12/2/2012 12:40:56 AM - Removed SpyHunter RP170: 12/2/2012 12:53:19 AM - Removed SpyHunter RP171: 12/2/2012 8:35:31 PM - Removed VZAccess Manager. . ==== Image File Execution Options ============= . . ==== Installed Programs ====================== . 7-Zip 9.22beta 7Zip Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) MUI AllApp AllApp - LPES Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Becrypt Media Viewer Best Buy pc app Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Conexant HD Audio D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Google Chrome Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 20 Junk Mail filter update Label@Once 1.0 Malwarebytes Anti-Malware version 1.65.1.1000 MediaBar Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nitro Reader 2 PANTECH USB Modem V2 PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Realtek USB 2.0 Reader Driver Realtek WLAN Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Synaptics Pointing Device Driver TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Resolution+ Plug-in for Windows Media Player TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless LAN Indicator ToshibaRegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Verizon Wireless UM190 Firmware Updates WebEx Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip 15.0 . ==== Event Viewer Messages From Past Week ======== . 12/3/2012 1:20:40 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 12/3/2012 1:20:40 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 12/3/2012 1:20:40 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801. 11/29/2012 5:37:13 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state. 11/29/2012 5:37:08 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting. . ==== End Of File ===========================

Whe I went to check the version of Malwarebytes anti-malware PRO version I have, the fake FBI page came up. I thought thats why I bought his program, so I wouldn't get all these viruses?

This computer has Windows 7 on it.

I think this computer has Vista on it. When I double click DDS, it runs and says it wll create a log, but I don't know where the log is, if any. It's not on the desktop.

Also, I didn't mention that I have the PRO version, and still got infected, nor will the program find the problems.

I tried the initial steps listed on your website- downloaded DDS.com, it's on my desktop. But their is no option to "run it as the Administrator", and it didn't save any logs to my desktop. I also don't find options to be able to "track this topic" with instant email notification.