JP_Auto

Hi Gringo, Software removed, Donation sent. Thank you so much again for all your help, have a great day!

Thank you for your replies and info. In regards to question #1 (removing the trojan in history). It is located under the History Tab and listed as quarantined. All that i need to do is go down to the "detected item box" and check the box beside the virus name, then click remove. I apologize, i should have been more clear, i was only asking if it was OK for me to remove it. Thanks. I will await your instructions for your software removal.

Well my good man, you did it. Simple restart didnt resolve the redirects but resetting firefox, then restarting PC,did. I tried about 10 sites and didnt get any redirects. Thank You so much. I did have a few questions before you wrapped this up with your software removal instructions... 1. Am i able to clear that Trojan Win32/Tracur.AU that is in my MSE history? 2. MSE is telling me i havent run a scan in awhile (kinda strange considering thats all i've done this past week). Am i ok to now do so? 3. I must give you a donation for all you have done to resolve this for me. Would you say i am safe to now use sensitive info sites such as paypal? (i am always concerned with backdoor viruses that may have not been completely removed/repaired). 4. Lastly, Is there anyway you are able to tell where this virus came from? Reason i ask is because no one screws around on this computer (atleast they shouldnt be). It is strictly for graphic designs and running a vinyl plotter. Only thing i can think if it came from a font download but if im using a free font site, i only download zip files and scan it before i extract it. I was just wondering if you had any thoughts. Thank you so much, Gringo

Computer is still getting google redirects using Firefox. Although, I havent restarted it yet. Not sure if that matters .

Hi Gringo, I removed start up entries and ran ESET Scan Here is the log: C:\Qoobox\Quarantine\C\Users\Purcell\acrobatreader.exe.vir Win32/LockScreen.APR trojan C:\Qoobox\Quarantine\C\Users\Purcell\flashplayer.exe.vir Win32/LockScreen.APR trojan C:\Qoobox\Quarantine\C\Users\Purcell\mstsc.exe.vir a variant of Win32/Injector.AHHN trojan C:\Qoobox\Quarantine\C\Users\Purcell\AppData\Roaming\acmsp.dll.vir a variant of Win32/Medfos.QE trojan C:\Qoobox\Quarantine\C\Users\Purcell\AppData\Roaming\srobc.dll.vir a variant of Win32/Medfos.QE trojan

Only problem i noticed was when the Terms of Service opened for Hijack This, I instantly received a msg from MS WIndows >> "Synaptics TouchPad Enhancements has stopped working" . Close program was only option, so i did that. Computer seems great, although, i still got a google redirect. The order/names of my attempts are as follow: Malwarebytes >> NO redirect, Etsy >> NO redirect, Pinterest>>THIS CONTENT IS LOCKED BY WEBGAURD (the website name looked like an IP address), Ebay >> NO redirect, Facebook >> NO redirect, Pinterest Again >> NO redirect. Again, not sure if that means anything to you or not, just wanted to give you the details. Thank You

HIJACK THIS LOG: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:13:59 PM, on 5/31/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19418) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Windows\Explorer.EXE C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\notepad.exe C:\Users\Purcell\Desktop\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\coIEPlg.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\coIEPlg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9647 bytes

Hi Gringo, The info you requested MBAM LOG: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.31.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19418 Purcell :: PURCELL-PC [administrator] 5/31/2013 5:59:12 PM mbam-log-2013-05-31 (17-59-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227970 Time elapsed: 9 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

PC seems stable. I still have the Trojan:Win32/Tracur.AU in the quarantined list. I checked processes..No iexplorer processes running! So hopefully thats a plus. Still had a redirect..clicked Ebay site link in google search>>>took me to "best weight loss"...

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Purcell [Admin rights] Mode : Remove -- Date : 05/31/2013 01:24:35 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [TASK][sUSP PATH] Update : "C:\Users\Purcell\AppData\Local\Temp\all2that_hastchange.EXE" [x] -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[21] : NtAlpcConnectPort @ 0x819FB8A1 -> HOOKED (Unknown @ 0x872C9890) SSDT[78] : NtCreateThread @ 0x81AA2DC8 -> HOOKED (Unknown @ 0x8734A0C0) SSDT[165] : NtLoadDriver @ 0x8197CE12 -> HOOKED (Unknown @ 0x872C9818) SSDT[282] : NtResumeThread @ 0x81A2CC5A -> HOOKED (Unknown @ 0x8734A208) ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1600BEVT-60ZCT1 ATA Device +++++ --- User --- [MBR] 5a83342323edffadc45fd4f0f3bbd8c5 [bSP] 2ceda49377abb5c8de90bfd3c18981cf : Toshiba MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 142017 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 290852864 | Size: 10606 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_05312013_02d0124.txt >> RKreport[1]_S_05312013_02d0122.txt ; RKreport[2]_D_05312013_02d0124.txt

TDSSKiller.2.8.16.0_31.05.2013_01.06.17_log.txt

Ok, I shut the infected PC down as it has become extremely slow with a constant running fan since this new found trojan that i just mentioned after the last log i posted. I will try and restart and download TDSS Killer. Would you recommend having MSE remove that new trojan first?

MSE now shows a name. Trojan:Win32/Tracur.AU. I did not remove yet. Also, taskbar came back but no icons in bottom right other than battery (which was showing dead for approx 5 min) and interent connection computers ( which were showing disconnected for approx 5 min as well).....

Just had a message pop up for MSE>>detected threats are being cleaned and it has the rotating arrows in the icon showing its scanning. Not sure what thats about, havent seen that since i first had the virus..task just disappeared now as well. Not showing any threat names tho

Still showing the multiple iexplorer processes. Haven't noticed any of the "iexplorer or rundll32 stopped working" messages. Only had 1 redirect. Normally, as a test, i would just type Malwarebytes in google search, click the link to take me to the website and i would be redirected, not the case this time. So then i typed in Etsy, clicked site link and WAS redirected. Then tried Facebook >> no redirect, Ebay >> no redirect...all in that order, The log, as you requested and again thank you.. ========== OTL ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-1729434737-3337028257-902342120-1000_Classes\.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-1729434737-3337028257-902342120-1000_Classes\ComFile\ not found. HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83466BAB-5D79-4670-B0A9-BF6D5826C53A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83466BAB-5D79-4670-B0A9-BF6D5826C53A}\ not found. C:\ProgramData\~36691704r moved successfully. C:\ProgramData\~36691704 moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Purcell\Desktop\cmd.bat deleted successfully. C:\Users\Purcell\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: Purcell ->Java cache emptied: 2625621 bytes Total Java Files Cleaned = 3.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Purcell ->Flash cache emptied: 506 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05302013_234814

OTL logfile created on: 5/30/2013 12:50:52 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Purcell\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19418) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.75 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 42.79% Memory free 5.72 Gb Paging File | 4.22 Gb Available in Paging File | 73.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.69 Gb Total Space | 74.36 Gb Free Space | 53.62% Space Free | Partition Type: NTFS Drive D: | 10.36 Gb Total Space | 1.77 Gb Free Space | 17.07% Space Free | Partition Type: NTFS Computer Name: PURCELL-PC | User Name: Purcell | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Purcell\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit) PRC - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe (Symantec Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\SMINST\BLService.exe () PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\Windows\System32\regsvr32.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\IObit\Advanced SystemCare 3\winSkinD7R.bpl () MOD - C:\Program Files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl () MOD - C:\Program Files\IObit\Advanced SystemCare 3\STFix.dll () MOD - C:\Program Files\IObit\Advanced SystemCare 3\NtfsData.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe (Symantec Corporation) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe () SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SYMREDRV) -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS File not found DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMNDISV.SYS File not found DRV - (SYMFW) -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMFW.SYS File not found DRV - (SYMDNS) -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090825.004\NAVEX15.SYS File not found DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090825.004\NAVENG.SYS File not found DRV - (MpKsle367971c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{232B51DC-55DB-44E7-ADBE-E5A318FCE2D3}\MpKsle367971c.sys File not found DRV - (mbr) -- C:\ComboFix\mbr.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Purcell\AppData\Local\Temp\catchme.sys File not found DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys () DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (ccHP) -- C:\Windows\System32\drivers\NIS\1007020.00A\cchpx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1007020.00A\SymEFA.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1007020.00A\srtsp.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\Windows\System32\drivers\NIS\1007020.00A\BHDrvx86.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\Windows\System32\drivers\NIS\1007020.00A\symtdi.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1007020.00A\srtspx.sys (Symantec Corporation) DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys (Symantec Corporation) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (CA561) -- C:\Windows\System32\drivers\SPCA561.SYS (SP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7 IE - HKLM\..\SearchScopes\{83466BAB-5D79-4670-B0A9-BF6D5826C53A}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKLM\..\SearchScopes\{E137C6B0-FD48-46CA-AC62-69405B0927D6}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\..\SearchScopes,DefaultScope = {B08E068F-912E-4F08-B60B-D4E044A7610C} IE - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\..\SearchScopes\{B08E068F-912E-4F08-B60B-D4E044A7610C}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=723823&p={searchTerms} IE - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\..\SearchScopes\{E137C6B0-FD48-46CA-AC62-69405B0927D6}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: %7Be5aadfdc-c7ed-11e2-8275-b8ac6f996f26%7D:3.0.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/09 20:01:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/09 20:01:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/17 22:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Purcell\AppData\Roaming\Mozilla\Extensions [2013/05/29 22:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Purcell\AppData\Roaming\Mozilla\Firefox\Profiles\mnjl5j50.default\extensions [2012/10/28 20:31:06 | 000,000,000 | ---D | M] (HDTVUnderscanAdv Class extension for Firefox) -- C:\Users\Purcell\AppData\Roaming\Mozilla\Firefox\Profiles\mnjl5j50.default\extensions\{ABAE5D5A-5CCE-417C-94EC-DE70D8A6CDA7} [2013/05/30 07:43:41 | 000,003,988 | ---- | M] () (No name found) -- C:\Users\Purcell\AppData\Roaming\Mozilla\Firefox\Profiles\mnjl5j50.default\extensions\{e5aadfdc-c7ed-11e2-8275-b8ac6f996f26}.xpi [2013/05/23 21:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/05/23 21:36:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013/05/30 12:07:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\CoIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-1729434737-3337028257-902342120-1000..\Run: [Leadertech] C:\Windows\System32\regsvr32.exe (Microsoft Corporation) O4 - Startup: C:\Users\Purcell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B7B3669-7C2C-4B3C-B6A8-9EC08B92446A}: DhcpNameServer = 172.168.37.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D80E6B7D-3E92-44ED-AE11-96E8BE06D67D}: DhcpNameServer = 10.0.0.1 O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\CoIEPlg.dll (Symantec Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-1729434737-3337028257-902342120-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/05/30 12:48:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Purcell\Desktop\OTL.exe [2013/05/30 12:11:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/05/30 12:10:53 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/05/30 11:48:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/05/30 11:48:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/05/30 11:48:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/05/30 11:46:41 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/05/30 11:45:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/05/30 11:43:54 | 005,074,935 | R--- | C] (Swearware) -- C:\Users\Purcell\Desktop\ComboFix.exe [2013/05/29 23:37:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/05/29 23:37:16 | 000,000,000 | ---D | C] -- C:\JRT [2013/05/29 23:34:37 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Purcell\Desktop\JRT.exe [2013/05/29 22:32:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Purcell\Desktop\dds.scr [2013/05/29 04:07:32 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware [2013/05/25 14:32:55 | 000,000,000 | ---D | C] -- C:\Users\Purcell\Desktop\people [2013/05/23 21:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/05/14 22:50:04 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013/05/14 22:49:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/05/14 22:49:51 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/05/14 22:49:50 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2013/05/14 22:49:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013/05/14 22:49:49 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013/05/14 22:49:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013/05/14 22:49:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/05/14 22:49:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/05/14 22:49:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/05/14 22:49:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/05/14 22:49:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/05/14 22:49:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/05/14 22:49:46 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/05/14 22:49:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013/05/14 22:49:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013/05/14 22:49:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/05/14 22:49:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013/05/14 22:49:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/05/14 22:49:39 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/05/07 21:33:54 | 000,000,000 | ---D | C] -- C:\Users\Purcell\Desktop\trees, nature [2013/05/07 21:28:19 | 000,000,000 | ---D | C] -- C:\Users\Purcell\Desktop\hearts, splatters [2013/05/07 20:55:00 | 000,000,000 | ---D | C] -- C:\Users\Purcell\Desktop\sports ========== Files - Modified Within 30 Days ========== [2013/05/30 12:48:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Purcell\Desktop\OTL.exe [2013/05/30 12:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/30 12:07:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/05/30 11:44:49 | 005,074,935 | R--- | M] (Swearware) -- C:\Users\Purcell\Desktop\ComboFix.exe [2013/05/30 11:39:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/30 07:43:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/30 07:43:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/30 07:42:54 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job [2013/05/30 07:42:07 | 2951,057,408 | -HS- | M] () -- C:\hiberfil.sys [2013/05/29 23:35:18 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Purcell\Desktop\JRT.exe [2013/05/29 23:17:43 | 000,632,031 | ---- | M] () -- C:\Users\Purcell\Desktop\AdwCleaner.exe [2013/05/29 22:32:22 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Purcell\Desktop\dds.scr [2013/05/29 14:01:54 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/05/29 14:01:54 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/05/28 23:12:10 | 000,000,218 | ---- | M] () -- C:\Users\Purcell\.recently-used.xbel [2013/05/28 20:39:05 | 000,001,356 | ---- | M] () -- C:\Users\Purcell\AppData\Local\d3d9caps.dat [2013/05/28 18:01:27 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/05/28 17:26:52 | 000,001,062 | ---- | M] () -- C:\Users\Purcell\Documents\cc_20130528_172634.reg [2013/05/28 08:19:50 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPurcell.job [2013/05/15 13:20:51 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/05/15 13:20:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/05/15 03:37:46 | 000,670,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/05/09 14:18:43 | 019,280,946 | ---- | M] () -- C:\Users\Purcell\nina design.2013_05_09_14_18_39.0 [2013/05/07 20:52:24 | 000,000,037 | ---- | M] () -- C:\Users\Purcell\AppData\Roaming\mbam.context.scan [2013/05/05 15:58:35 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/05/02 11:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe ========== Files Created - No Company Name ========== [2013/05/30 11:48:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/05/30 11:48:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/05/30 11:48:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/05/30 11:48:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/05/30 11:48:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/05/29 23:17:21 | 000,632,031 | ---- | C] () -- C:\Users\Purcell\Desktop\AdwCleaner.exe [2013/05/28 23:12:10 | 000,000,218 | ---- | C] () -- C:\Users\Purcell\.recently-used.xbel [2013/05/28 22:50:22 | 2951,057,408 | -HS- | C] () -- C:\hiberfil.sys [2013/05/28 17:26:49 | 000,001,062 | ---- | C] () -- C:\Users\Purcell\Documents\cc_20130528_172634.reg [2013/05/09 14:18:39 | 019,280,946 | ---- | C] () -- C:\Users\Purcell\nina design.2013_05_09_14_18_39.0 [2013/05/07 20:52:24 | 000,000,037 | ---- | C] () -- C:\Users\Purcell\AppData\Roaming\mbam.context.scan [2013/02/08 02:22:26 | 000,021,156 | ---- | C] () -- C:\Users\Purcell\Unnamed document 3.2013_02_08_01_22_26.1 [2013/02/03 16:17:01 | 002,871,178 | ---- | C] () -- C:\Users\Purcell\witmers 2013 ca.2013_02_03_15_17_01.0 [2013/01/12 00:52:40 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe [2013/01/10 20:15:53 | 000,003,526 | ---- | C] () -- C:\Users\Purcell\New_document_2-path8017-528.png [2013/01/10 20:12:32 | 000,024,419 | ---- | C] () -- C:\Users\Purcell\New_document_2-rect7931-976.png [2013/01/02 23:44:53 | 000,051,058 | ---- | C] () -- C:\Users\Purcell\jl.jpg [2012/12/28 12:23:10 | 000,058,687 | ---- | C] () -- C:\Users\Purcell\New document 1.2012_12_28_11_23_10.0.svg [2012/12/24 03:00:09 | 000,010,922 | ---- | C] () -- C:\Users\Purcell\New document 1.2012_12_24_02_00_09.0.svg [2012/12/24 02:57:47 | 000,006,375 | ---- | C] () -- C:\Users\Purcell\New document 1.2012_12_24_01_57_47.0.svg [2012/12/24 02:12:47 | 000,025,407 | ---- | C] () -- C:\Users\Purcell\New_document_1-g3332-512.png [2012/12/11 02:00:30 | 001,017,383 | ---- | C] () -- C:\Users\Purcell\gun contro.2012_12_11_01_00_30.0 [2012/12/10 22:22:53 | 000,735,881 | ---- | C] () -- C:\Users\Purcell\gun contro.2012_12_10_21_22_53.0 [2012/12/06 22:30:08 | 000,071,503 | ---- | C] () -- C:\Users\Purcell\decal install instructions.2012_12_06_21_30_08.0 [2012/12/06 01:08:54 | 000,029,286 | ---- | C] () -- C:\Users\Purcell\decal install instructions.2012_12_06_00_08_54.0 [2012/12/06 00:19:01 | 000,014,285 | ---- | C] () -- C:\Users\Purcell\decal install instructions.2012_12_05_23_19_01.0 [2012/11/26 00:00:59 | 000,002,869 | ---- | C] () -- C:\Users\Purcell\New document 40.2012_11_25_23_00_59.0 [2012/11/22 17:28:22 | 000,026,707 | ---- | C] () -- C:\Users\Purcell\girls race to.2012_11_22_16_28_22.0 [2012/10/28 20:31:06 | 000,083,260 | ---- | C] () -- C:\Users\Purcell\AppData\Local\{ACA44586-E6C7-CABC-6E58-0D1D8C9FB69D}.dat [2012/10/26 21:23:38 | 000,255,168 | ---- | C] () -- C:\Users\Purcell\censored ur dubsvg.2012_10_26_21_23_38.0 [2012/10/25 23:06:51 | 000,047,134 | ---- | C] () -- C:\Users\Purcell\censored ur dubsvg.2012_10_25_23_06_51.2 [2012/09/22 19:39:58 | 000,003,050 | ---- | C] () -- C:\Users\Purcell\New document 9.2012_09_22_19_39_58.1 [2012/04/20 03:00:23 | 000,001,356 | ---- | C] () -- C:\Users\Purcell\AppData\Local\d3d9caps.dat [2011/12/21 20:24:38 | 000,193,458 | ---- | C] () -- C:\Users\Purcell\purcell automotive3change.2011_12_21_19_24_38.1 [2011/12/21 20:20:38 | 000,311,424 | ---- | C] () -- C:\Users\Purcell\purcell automotive3change.2011_12_21_19_20_38.1 [2011/10/23 01:07:37 | 000,343,105 | ---- | C] () -- C:\Users\Purcell\witmers 2012 sportsma.2011_10_23_01_07_37.1 [2011/10/18 21:41:04 | 000,000,040 | ---- | C] () -- C:\Users\Purcell\.gtk-bookmarks [2011/05/14 02:08:29 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~36691704r [2011/05/14 02:08:28 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~36691704 [2011/01/09 01:29:37 | 000,028,097 | -H-- | C] () -- C:\Users\Purcell\road rag.2011_01_09_00_29_37.0 [2011/01/08 18:38:15 | 000,018,097 | -H-- | C] () -- C:\Users\Purcell\road rag.2011_01_08_17_38_15.0 [2011/01/08 17:21:19 | 000,066,543 | -H-- | C] () -- C:\Users\Purcell\farmers log.2011_01_08_16_21_19.2 [2011/01/08 17:21:19 | 000,016,493 | -H-- | C] () -- C:\Users\Purcell\road rag.2011_01_08_16_21_19.0 [2011/01/08 17:21:19 | 000,002,543 | -H-- | C] () -- C:\Users\Purcell\New document 13.2011_01_08_16_21_19.1 [2010/12/31 01:11:55 | 000,065,762 | -H-- | C] () -- C:\Users\Purcell\cat_stick_figur.2010_12_31_00_11_55.0 [2010/11/30 22:14:22 | 000,013,241 | -H-- | C] () -- C:\Users\Purcell\stack.2010_11_30_21_14_22.0 [2010/11/28 23:46:59 | 000,025,331 | -H-- | C] () -- C:\Users\Purcell\witmer dirt modifie.2010_11_28_22_46_59.0 [2010/11/24 01:07:12 | 000,031,346 | -H-- | C] () -- C:\Users\Purcell\dirt modifie.2010_11_24_00_07_12.0 [2010/11/23 21:03:00 | 000,074,312 | -H-- | C] () -- C:\Users\Purcell\dirt modified schinke.2010_11_23_20_03_00.0 [2010/11/23 20:09:11 | 000,064,721 | -H-- | C] () -- C:\Users\Purcell\dirt modified schinke.2010_11_23_19_09_11.0 [2010/10/09 19:53:03 | 000,077,802 | -H-- | C] () -- C:\Users\Purcell\novv.2010_10_09_19_53_03.0 [2010/07/31 00:03:05 | 000,167,076 | -H-- | C] () -- C:\Users\Purcell\fire cros.2010_07_31_00_03_05.0 [2010/07/09 13:14:41 | 000,015,404 | -H-- | C] () -- C:\Users\Purcell\New document 1.2010_07_09_13_14_41.0 [2010/05/02 23:01:18 | 000,461,153 | -H-- | C] () -- C:\Users\Purcell\loyu.2010_05_02_23_01_18.0 [2010/04/01 23:03:41 | 000,101,993 | -H-- | C] () -- C:\Users\Purcell\New document 1.2010_04_01_23_03_41.0 [2010/03/05 01:53:46 | 000,000,000 | -H-- | C] () -- C:\Users\Purcell\notepad [2010/02/19 23:13:11 | 000,003,440 | -H-- | C] () -- C:\Users\Purcell\New document 21.2010_02_19_22_13_11.2 [2010/02/13 20:21:01 | 000,072,629 | -H-- | C] () -- C:\Users\Purcell\sprint00ar .2010_02_13_19_21_01.1 [2010/02/13 20:21:01 | 000,047,400 | -H-- | C] () -- C:\Users\Purcell\New document 31.2010_02_13_19_21_01.3 [2010/02/13 20:21:01 | 000,045,554 | -H-- | C] () -- C:\Users\Purcell\sprint00ar .2010_02_13_19_21_01.2 [2010/02/13 20:21:01 | 000,002,595 | -H-- | C] () -- C:\Users\Purcell\sprint car .2010_02_13_19_21_01.0 [2009/11/16 23:08:42 | 000,032,061 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2009/11/16 22:34:33 | 000,032,061 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2009/11/16 22:16:24 | 000,006,656 | ---- | C] () -- C:\Users\Purcell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/05/23 05:01:24 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini ========== ZeroAccess Check ========== [2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2010/11/24 01:11:32 | 000,015,879 | -H-- | M] ()(C:\Users\Purcell\dirt modifie?.2010_11_24_00_11_32.0) -- C:\Users\Purcell\dirt modifie֚.2010_11_24_00_11_32.0 [2010/11/24 01:11:32 | 000,015,879 | -H-- | C] ()(C:\Users\Purcell\dirt modifie?.2010_11_24_00_11_32.0) -- C:\Users\Purcell\dirt modifie֚.2010_11_24_00_11_32.0 < End of report >

Also, i just noticed i now have 2 internet explorer icons on my desktop as opposed to just one. I don't know if that means anything to you but just wanted to make you aware of that. Thanks.

Alrighty, i only noticed one "problem" after downloading Combofix. The moment i double clicked it and the scan window opened with the blue background and administrator at top left, i received a msg from microsoft windows saying "pev.3xe stopped working". The only option was to close that program, so i did so and Combofix scan finished successfully. The computer did not restart, nor did i restart it manually but it does seem to be "less laggy". I did notice that i still have multiple iexplorer processes running, tho my total processes went down to 71 (roughly where it was before this virus) as opposed to the 82-84 its been showing. I am also still having the google redirects. I don't know if that has relevance or not but i dont have much info to go by as far i problems that i am noticing. Here is the Combofix log and once again, Thank you so much for your help so far. ComboFix 13-05-30.02 - Purcell 05/30/2013 11:51:57.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2814.1647 [GMT -4:00] Running from: c:\users\Purcell\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\36691704 c:\users\Purcell\acrobat.exe c:\users\Purcell\acrobatreader.exe c:\users\Purcell\AppData\Roaming\acmsp.dll c:\users\Purcell\AppData\Roaming\skype.ini c:\users\Purcell\AppData\Roaming\srobc.dll c:\users\Purcell\flashplayer.exe c:\users\Purcell\java.exe c:\users\Purcell\jucheck.exe c:\users\Purcell\msconfig.exe c:\users\Purcell\mstsc.exe c:\users\Purcell\opera.exe . . ((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-30 ))))))))))))))))))))))))))))))) . . 2013-05-30 16:07 . 2013-05-30 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-30 11:45 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4EDC2CF-443B-48C6-B327-9F26719EED76}\mpengine.dll 2013-05-30 03:37 . 2013-05-30 03:37 -------- d-----w- c:\windows\ERUNT 2013-05-30 03:37 . 2013-05-30 03:37 -------- d-----w- C:\JRT 2013-05-29 08:07 . 2013-05-29 08:07 -------- d-----w- c:\windows\Microsoft Antimalware 2013-05-28 13:25 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-21 05:15 . 2013-05-21 05:10 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E8322CB-E6C1-4CF2-8A64-53DD35882427}\gapaengine.dll 2013-05-15 02:50 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 02:50 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 17:20 . 2012-11-04 18:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-15 17:20 . 2011-12-27 00:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-02 15:28 . 2010-09-23 01:10 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-23 19:29 . 2011-03-25 07:13 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-04-04 18:50 . 2011-05-16 00:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-27 05:02 . 2013-03-27 05:03 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-27 05:02 . 2013-03-27 05:03 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-27 05:02 . 2010-11-20 20:25 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-11 13:25 . 2013-04-10 02:28 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-11 13:25 . 2013-04-10 02:28 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-09 03:45 . 2013-04-10 02:28 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-09 01:28 . 2013-04-10 02:28 64000 ----a-w- c:\windows\system32\smss.exe 2013-03-08 03:53 . 2013-04-10 02:27 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-03-08 03:52 . 2013-04-10 02:27 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-03-03 19:07 . 2013-04-10 02:28 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Leadertech"="c:\users\Purcell\AppData\Local\Leadertech\hywhmsco.dll" [2013-05-28 700416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Purcell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-9 113664] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 17:20] . 2013-05-30 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-12-26 21:19] . 2013-05-28 c:\windows\Tasks\HPCeeScheduleForPurcell.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Purcell\AppData\Roaming\Mozilla\Firefox\Profiles\mnjl5j50.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - ExtSQL: 2013-05-30 07:43; {e5aadfdc-c7ed-11e2-8275-b8ac6f996f26}; c:\users\Purcell\AppData\Roaming\Mozilla\Firefox\Profiles\mnjl5j50.default\extensions\{e5aadfdc-c7ed-11e2-8275-b8ac6f996f26}.xpi FF - ExtSQL: !HIDDEN! 2010-06-09 20:01; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKCU-Run-acmsp - c:\users\Purcell\AppData\Roaming\acmsp.dll HKCU-Run-srobc - c:\users\Purcell\AppData\Roaming\srobc.dll SafeBoot-Wdf01000.sys SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-30 12:07 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.10\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-05-30 12:10:50 ComboFix-quarantined-files.txt 2013-05-30 16:10 . Pre-Run: 79,839,711,232 bytes free Post-Run: 79,792,029,696 bytes free . - - End Of File - - 086269A34A97E658EAA6653EA9DC9667

Hi again, I ran the Adw cleaner with no problems and i am attaching that file. The JRT program made it to "checking registry" and stayed there for over 8 hours. I wasnt sure if that amount of time was normal or not so i closed it and restarted pc. Things are still running the same, only difference i notice is that it seems to take a few minutes longer than usual to connect to the internet. Thanks again # Updated 16/05/2013 by Xplode # Operating system : Windows Vista Home Basic Service Pack 2 (32 bits) # User : Purcell - PURCELL-PC # Boot Mode : Normal # Running from : C:\Users\Purcell\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Folder Deleted : C:\Program Files\Common Files\Software Update Utility Folder Deleted : C:\Program Files\Viewpoint Folder Deleted : C:\ProgramData\Viewpoint Folder Deleted : C:\Users\Purcell\AppData\LocalLow\AVG Security Toolbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager Key Deleted : HKLM\Software\Viewpoint Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.19418 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Purcell\AppData\Roaming\Mozilla\Firefox\Profiles\mnjl5j50.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [4109 octets] - [29/05/2013 23:19:51] ########## EOF - C:\AdwCleaner[s1].txt - [4169 octets] ##########

Hi Gringo, Thank you very much for your fast reply. I did as you instructed and i attached both logs. As an update to my first post, MSE completed a full scan in normal start-up mode (no "FBI lockout screen"). It detected the same "JS/Medfos.A" trojan as Defender Offline did. I removed it and restarted PC but it still has redirect issues, numerous iexplorer processes running and Rundll32 crashing. Just wanted to pass that info along. Thanks Again. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.19418 BrowserJavaVersion: 10.17.2 Run by Purcell at 22:33:23 on 2013-05-29 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2814.1341 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\regsvr32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe C:\Program Files\SMINST\BLService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Yahoo!\Companion\Installs\cpn2\ytbb.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\YTNavAssist.dll mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll dURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file> BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\16.7.2.10\CoIEPlg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\16.7.2.10\IPSBHO.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\16.7.2.10\CoIEPlg.dll TB: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - c:\program files\aim toolbar\aimtb.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\16.7.2.10\CoIEPlg.dll TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Leadertech] RegSVR32.exe c:\users\purcell\appdata\local\leadertech\hywhmsco.dll uRun: [acmsp] "c:\windows\system32\rundll32.exe" "c:\users\purcell\appdata\roaming\acmsp.dll",UnpackTuple uRun: [srobc] "c:\windows\system32\rundll32.exe" "c:\users\purcell\appdata\roaming\srobc.dll",_mystrnicmp mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\purcell\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 10.0.0.1 TCP: Interfaces\{7B7B3669-7C2C-4B3C-B6A8-9EC08B92446A} : DHCPNameServer = 172.168.37.1 TCP: Interfaces\{D80E6B7D-3E92-44ED-AE11-96E8BE06D67D} : DHCPNameServer = 10.0.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.10\CoIEPlg.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\purcell\appdata\roaming\mozilla\firefox\profiles\mnjl5j50.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2013-05-29 22:22; {e5aadfdc-c7ed-11e2-8275-b8ac6f996f26}; c:\users\purcell\appdata\roaming\mozilla\firefox\profiles\mnjl5j50.default\extensions\{e5aadfdc-c7ed-11e2-8275-b8ac6f996f26}.xpi FF - ExtSQL: !HIDDEN! 2010-06-09 20:01; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-2-2 15672] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00a\SymEFA.sys [2009-8-20 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00a\BHDrvx86.sys [2009-8-20 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00a\cchpx86.sys [2009-8-20 482432] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090730.003\IDSvix86.sys [2009-8-6 293424] R1 MpKsle647a9c5;MpKsle647a9c5;c:\programdata\microsoft\microsoft antimalware\definition updates\{084ce0a3-07ff-4695-96a1-94d54ddbc781}\MpKsle647a9c5.sys [2013-5-29 29904] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328] R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.10\ccSvcHst.exe [2009-8-20 117640] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-26 101936] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-05-30 02:23:00 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{084ce0a3-07ff-4695-96a1-94d54ddbc781}\MpKsle647a9c5.sys 2013-05-29 08:07:32 -------- d-----w- c:\windows\Microsoft Antimalware 2013-05-29 02:09:18 0 ----a-w- c:\users\purcell\java.exe 2013-05-29 02:08:30 69632 ----a-w- c:\users\purcell\acrobatreader.exe 2013-05-29 02:08:12 0 ----a-w- c:\users\purcell\acrobat.exe 2013-05-29 02:07:08 69632 ----a-w- c:\users\purcell\flashplayer.exe 2013-05-29 01:50:40 66523 ----a-w- c:\users\purcell\mstsc.exe 2013-05-28 23:26:06 503808 ----a-w- c:\users\purcell\appdata\roaming\srobc.dll 2013-05-28 23:25:51 884736 ----a-w- c:\users\purcell\appdata\roaming\acmsp.dll 2013-05-28 23:24:18 0 ----a-w- c:\users\purcell\opera.exe 2013-05-28 23:24:14 0 ----a-w- c:\users\purcell\jucheck.exe 2013-05-28 21:37:53 0 ----a-w- c:\users\purcell\msconfig.exe 2013-05-28 13:25:59 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{084ce0a3-07ff-4695-96a1-94d54ddbc781}\mpengine.dll 2013-05-27 02:11:50 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-05-24 01:36:38 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll 2013-05-21 05:15:22 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2e8322cb-e6c1-4cf2-8a64-53dd35882427}\gapaengine.dll 2013-05-15 02:50:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 02:50:04 37376 ----a-w- c:\windows\system32\cdd.dll . ==================== Find3M ==================== . 2013-05-15 17:20:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-15 17:20:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-05 19:58:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-04 10:10:30 916480 ----a-w- c:\windows\system32\wininet.dll 2013-04-04 10:04:49 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-04 10:04:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-04 10:04:07 71680 ----a-w- c:\windows\system32\iesetup.dll 2013-04-04 10:04:07 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-04-04 08:23:20 385024 ----a-w- c:\windows\system32\html.iec 2013-04-04 06:43:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-27 05:02:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-27 05:02:04 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-27 05:02:04 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe 2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-03-08 03:52:22 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-03-03 19:07:52 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys . ============= FINISH: 22:40:05.53 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume1 Install Date: 5/23/2009 4:24:05 AM System Uptime: 5/29/2013 10:20:00 PM (0 hours ago) . Motherboard: Wistron | | 303C Processor: AMD Sempron SI-42 | Socket A | 2100/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 139 GiB total, 74.666 GiB free. D: is FIXED (NTFS) - 10 GiB total, 1.768 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer 7-Zip 4.65 Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Center 1.0 Adobe Illustrator CS2 Adobe Photoshop 7.0 Adobe Reader X (10.1.6) Adobe Shockwave Player Adobe Stock Photos 1.0 Adobe SVG Viewer 3.0 Advanced SystemCare 3 AIM Toolbar AMP Font Viewer Atheros Driver Installation Program BufferChm CCleaner Compatibility Pack for the 2007 Office system Conexant HD Audio Copy CustomerResearchQFolder CyberLink DVD Suite Destination Component DeviceDiscovery DeviceManagementQFolder DJ_AIO_03_F4200_ProductContext DJ_AIO_03_F4200_Software DJ_AIO_03_F4200_Software_Min Download Updater (AOL LLC) ESU for Microsoft Vista eSupportQFolder FontCreator 5.6 GPBaseService HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Customer Participation Program 10.0 HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 HP Doc Viewer HP DVD Play 3.7 HP Help and Support HP Imaging Device Functions 10.0 HP Photosmart Essential 2.5 HP Quick Launch Buttons 6.40 H2 HP Smart Web Printing 4.60 HP Solution Center 10.0 HP Total Care Advisor HP Total Care Setup HP Update HP User Guides 0118 HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant HPProductAssistant HPSSupply Inkscape 0.48.0 Java 7 Update 17 Java Auto Updater Java 6 Update 7 Juno Preloader LabelPrint Logitech QuickCam Driver Package Logitech Vid Logitech Webcam Software Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch McAfee Agent Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal My HP Games NetWaiting NetZero Preloader Norton Internet Security NVIDIA Drivers OGA Notifier 2.0.0048.0 PokerStars.net Power2Go PowerDirector PSSWCORE PVSonyDll Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Shop for HP Supplies SignBlazer Elements for USCutter release 6.0.21 SignBlazer5.5 XP buttons SignCut (remove only) SmartWebPrinting SolutionCenter Spelling Dictionaries Support For Adobe Reader 9 SPORE Creature Creator Trial Edition Status Synaptics Pointing Device Driver Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VideoToolkit01 WebReg Yahoo! Detect Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== End Of File ===========================

Hello All, I'm hoping someone can help me the 2 issues i've listed in the title. I noticed the "tobfy.f yesterday when my Microsoft Security Essentials threat box opened up and said "threat detected-no further action required". It happened twice within 5 minutes before getting the "FBI computer locked screen" I shut it down, booted in Safe Mode, ran Malwarebytes (full scan). It detected and removed 5 items. I restarted normal then ran MSE again. It detected the threat again and almost instantly, I got the same "FBI locked screen". I ran Malwarebytes a second time in safe mode and detected and removed 6 items this time. I then booted the PC from a flash drive with windows defender offline installed. This scan turned up the JS/Medfos.A trojan, which, according to defender,was successfully removed. Now, the problem i'm having is, i am still getting google redirects along with anywhere from 4-8 "iexplorer" processes running in my task manager (i have iexplorer but dont use it so i'm guessing the multiple processes are related to this viruses) . I'm also getting "rundll and iexplorer has stopped working" messages. I am currently running the MSE full scan a third time and so far i have not gotten the "FBI locked screen" I apologize for the long description but i wanted to give the details of what i have tried doing to resolve this issue in hopes of giving a little insight to anyone who may be kind enough to help me. Any help is greatly appreciated. Thank you.