TechSpot

Malwarebytes Access Denied -- Tried Some Stuff, Need Help from Expert

Inactive-A
By begonia
May 13, 2013
  1. .
    Hi,
    I have an issue like this one: http://www.techspot.com/community/topics/virus-cant-install-malwarebytes-access-is-denied.163660/
    My Win7 Pro Thinkpad SP1 computer was randomly rebooting, so I tried to install MBAM but it said access was denied -- it couldn't write the file in the temp directory. So I googled and ran:
    Combofix
    MBAM Clean
    RKill
    TDSSkiller
    aswMBR
    ESET online scanner
    adware cleaner
    FSS
    Unhide

    Ran all of these; still access denied when trying to install MBAM. I don't know much about the logs. Would you be willing to help?
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
    Run by Barbara at 23:46:16 on 2013-05-12
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3892.563 [GMT -4:00]
    .
    AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
    C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
    C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\PC Tools Security\pctsGui.exe
    C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\TpShocks.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Conexant\SAII\SmartAudio.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Prey\platform\windows\cron.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
    C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\vssvc.exe
    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
    C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
    C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AffixaHandlerLib.BHO: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - LocalServer32 - <no file>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    uRun: [087BFA070BC68B68EF72E800FF7EF859CE1EC0E9._service_run] "C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
    mRun: [Prey Laptop Tracker] C:\Program Files\Prey\platform\windows\cron.exe --log
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
    mRun: [AffixaPersonalSettings] "C:\Program Files (x86)\Affixa\AffixaHandler.exe" /APPLYPERSONAL
    mRun: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Users\Barbara\AppData\Local\Apps\2.0\X2XRTH5L.08D\71V3PPR9.7Q5\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
    StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
    IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
    IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
    DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097} : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\37475607863736F6265616 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\45F475E4F6663484D275966496 : DHCPNameServer = 101.104.178.1
    TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\54467716274637 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\64C6563786F584F6573756 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\7457164756D616C616E6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{DABEC673-63C3-4275-8501-8392D7D9F517} : DHCPNameServer = 209.18.47.61 209.18.47.62
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [TpShocks] TpShocks.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: PFW - <no file>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.easwaran.org/thoughts-for-the-day-quotes.html
    FF - prefs.js: network.proxy.type - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2010-6-7 29512]
    R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2010-6-7 163072]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-6-7 292864]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-6-7 294064]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-7 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-6-7 151936]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-6-7 244736]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-19 102368]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-05-13 03:40:16--------d-----w-C:\ProgramData\SUPERAntiSpyware.com
    2013-05-13 03:40:16--------d-----w-C:\Program Files\SUPERAntiSpyware
    2013-05-13 03:39:41--------d-----w-C:\ProgramData\SUPERSetup
    2013-05-13 02:10:45174----a-w-C:\Windows\DeleteOnReboot.bat
    2013-05-13 01:41:55--------d-----w-C:\Program Files (x86)\ESET
    2013-05-13 00:07:20--------d-sh--w-C:\$RECYCLE.BIN
    2013-05-12 23:51:3098816----a-w-C:\Windows\sed.exe
    2013-05-12 23:51:30256000----a-w-C:\Windows\PEV.exe
    2013-05-12 23:51:30208896----a-w-C:\Windows\MBR.exe
    2013-05-03 17:58:29--------d-----w-C:\Program Files (x86)\Canon
    2013-05-03 17:58:2815872----a-w-C:\Windows\SysWow64\CNHMCA.dll
    2013-05-03 17:58:27320000----a-w-C:\Windows\SysWow64\CNC_BBL.dll
    2013-05-03 17:58:27103424----a-w-C:\Windows\SysWow64\CNC_BBU.dll
    2013-05-03 17:55:4030208----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNMPDBB.DLL
    2013-05-03 17:55:40100352----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNMPPBB.DLL
    2013-05-03 17:55:33363520----a-w-C:\Windows\System32\CNC_BBL.dll
    2013-05-03 17:55:33287744----a-w-C:\Windows\System32\CNC_BBC.dll
    2013-05-03 17:55:3317920----a-w-C:\Windows\System32\CNHMCA6.dll
    2013-05-03 17:55:33106496----a-w-C:\Windows\System32\CNC_BBI.dll
    2013-05-03 17:55:22389120----a-w-C:\Windows\System32\CNMLMBB.DLL
    2013-04-28 03:48:33--------d-----w-C:\Users\Barbara\Cloud Drive
    2013-04-28 03:47:32--------d-----w-C:\Users\Barbara\AppData\Local\Amazon Cloud Drive
    2013-04-28 03:42:42--------d-----w-C:\Users\Barbara\AppData\Local\Apps
    2013-04-28 03:42:41--------d-----w-C:\Users\Barbara\AppData\Local\Deployment
    2013-04-24 11:41:0995648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-24 00:09:001656680----a-w-C:\Windows\System32\drivers\ntfs.sys
    2013-04-20 00:24:27--------d-----w-C:\Users\Barbara\.android
    2013-04-20 00:24:10--------d-----w-C:\Users\Barbara\workspace
    2013-04-20 00:10:15--------d-----w-C:\New Folder
    2013-04-19 16:38:13708168----a-w-C:\Windows\System32\WinUSBCoInstaller.dll
    2013-04-19 16:38:131490656----a-w-C:\Windows\System32\WdfCoInstaller01007.dll
    2013-04-19 16:38:12203104----a-w-C:\Windows\System32\drivers\ssudmdm.sys
    2013-04-19 16:38:12102368----a-w-C:\Windows\System32\drivers\ssudbus.sys
    2013-04-19 16:36:10--------d-----w-C:\Verizon_Android
    2013-04-19 16:35:44--------d-----w-C:\ProgramData\Samsung
    .
    ==================== Find3M ====================
    .
    2013-03-19 06:04:065550424----a-w-C:\Windows\System32\ntoskrnl.exe
    2013-03-19 05:46:5643520----a-w-C:\Windows\System32\csrsrv.dll
    2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
    2013-03-19 03:06:33112640----a-w-C:\Windows\System32\smss.exe
    2013-03-10 00:51:44861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2013-03-10 00:51:44782240----a-w-C:\Windows\SysWow64\deployJava1.dll
    2013-03-01 03:36:043153408----a-w-C:\Windows\System32\win32k.sys
    2013-02-21 10:30:161766912----a-w-C:\Windows\SysWow64\wininet.dll
    2013-02-21 10:29:392877440----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-02-21 10:29:3761440----a-w-C:\Windows\SysWow64\iesetup.dll
    2013-02-21 10:29:37109056----a-w-C:\Windows\SysWow64\iesysprep.dll
    2013-02-21 10:15:072240512----a-w-C:\Windows\System32\wininet.dll
    2013-02-21 10:14:093958784----a-w-C:\Windows\System32\jscript9.dll
    2013-02-21 10:14:0567072----a-w-C:\Windows\System32\iesetup.dll
    2013-02-21 10:14:05136704----a-w-C:\Windows\System32\iesysprep.dll
    2013-02-19 12:01:032706432----a-w-C:\Windows\SysWow64\mshtml.tlb
    2013-02-19 11:42:142706432----a-w-C:\Windows\System32\mshtml.tlb
    2013-02-19 11:10:5371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-02-19 10:51:1889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
    2013-02-15 06:08:4044032----a-w-C:\Windows\System32\tsgqec.dll
    2013-02-15 06:06:113717632----a-w-C:\Windows\System32\mstscax.dll
    2013-02-15 06:02:26158720----a-w-C:\Windows\System32\aaclient.dll
    2013-02-15 04:37:103217408----a-w-C:\Windows\SysWow64\mstscax.dll
    2013-02-15 04:34:10131584----a-w-C:\Windows\SysWow64\aaclient.dll
    2013-02-15 03:25:5136864----a-w-C:\Windows\SysWow64\tsgqec.dll
    2013-02-13 13:53:480----a-w-C:\Windows\SysWow64\sho2F08.tmp
    2013-02-12 05:45:24135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31474112----a-w-C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:262176512----a-w-C:\Windows\apppatch\AcGenral.dll
    2013-02-12 04:12:0519968----a-w-C:\Windows\System32\drivers\usb8023.sys
    .
    ============= FINISH: 23:49:30.06 ===============
    ***************************************************************************************************



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/18/2010 3:11:55 AM
    System Uptime: 5/12/2013 10:12:38 PM (1 hours ago)
    .
    Motherboard: LENOVO | | 2516CTO
    Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | None | 2400/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 455 GiB total, 213.232 GiB free.
    Q: is FIXED (NTFS) - 10 GiB total, 0.004 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: PC Tools Data Store
    Device ID: ROOT\LEGACY_PCTDS\0000
    Manufacturer:
    Name: PC Tools Data Store
    PNP Device ID: ROOT\LEGACY_PCTDS\0000
    Service: pctDS
    .
    ==== System Restore Points ===================
    .
    RP375: 4/24/2013 3:00:27 AM - Windows Update
    RP376: 4/24/2013 7:39:48 AM - Installed Java 7 Update 21
    RP377: 4/26/2013 9:20:52 PM - Windows Update
    RP378: 4/30/2013 3:00:15 AM - Windows Update
    RP379: 5/1/2013 3:00:35 AM - Windows Update
    RP380: 5/10/2013 7:53:10 AM - Scheduled Checkpoint
    RP381: 5/12/2013 7:51:38 PM - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    Sansa Media Converter
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    3ivx D4 4.5.1 Decoder (remove only)
    ABBYY FineReader for ScanSnap (TM) 4.0
    Access Help
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Creative Suite 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Center 2.0
    Adobe Photoshop CS2
    Adobe Premiere Pro 2.0
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Adobe Stock Photos 1.0
    Affixa
    Affixa 3.2012.12.22
    Amazon Cloud Drive
    Amazon Kindle
    Amazon MP3 Downloader 1.0.17
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bamboo
    Bamboo Dock
    Bamboo Dock 3.3
    Blackboard IM 4.1.0-C
    Bonjour
    Browser Guard 4.0
    Burn.Now 4.5
    Canon IJ Scan Utility
    Canon MG5400 series MP Drivers
    Canon MP530
    CardMinder
    CardMinder V4.0
    Conexant 20585 SmartAudio HD
    Corel Burn.Now Lenovo Edition
    Corel DVD MovieFactory 7
    Corel DVD MovieFactory Lenovo Edition
    Create Recovery Media
    Direct DiscRecorder
    ESET Online Scanner v3
    Evernote v. 4.6.3
    Fastest Free YouTube Downloader to MP3 Converter
    GIMP 2.6.11
    Google Chrome
    Google Drive
    Google Earth Plug-in
    Google Update Helper
    Human Design Life Chart
    Integrated Camera Driver Installer Package Ver.1.1.0.19
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Turbo Boost Technology Monitor
    InterVideo WinDVD 8
    IP Camera
    iTunes
    Java 7 Update 21
    Java Auto Updater
    Java(TM) 6 Update 31
    Lenovo Auto Scroll Utility
    Lenovo Patch Utility
    Lenovo Patch Utility 64 bit
    Lenovo System Interface Driver
    Lenovo ThinkVantage Toolbox
    Lenovo Warranty Information
    Lenovo Welcome
    LG SP USB Driver
    LG USB WML Modem Driver
    Message Center Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mini-stream Ripper 3.1.2.1.2010.03.30
    Mobile Broadband
    Mozilla Firefox (3.6.12)
    Mozilla Firefox 14.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NirSoft VideoCacheView
    NTI Backup Now EZ
    Pam Call Recorder 4.8
    PC Tools Spyware Doctor with AntiVirus 9.0
    Power Manager
    Quicken 2011
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    RealUpgrade 1.1
    Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
    Rescue and Recovery
    Rosetta Stone Homeschool
    Samsung Mobile phone USB driver Drive Software
    Samsung PC Studio 3
    SAMSUNG USB Driver for Mobile Phones
    Sansa Updater
    ScanSnap
    ScanSnap Manager
    ScanSnap Organizer
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Skype Click to Call
    Skype™ 5.10
    Suite Specific
    SUPERAntiSpyware
    swMSM
    System Update
    ThinkPad FullScreen Magnifier
    ThinkPad Modem Adapter
    ThinkPad Power Management Driver
    ThinkPad UltraNav Driver
    ThinkPad UltraNav Utility
    ThinkVantage Access Connections
    ThinkVantage Active Protection System
    ThinkVantage Communications Utility
    TurboTax 2009
    TurboTax 2009 WinBizFedFormset
    TurboTax 2009 WinBizReleaseEngine
    TurboTax 2009 WinBizTaxSupport
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wnciper
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wnciper
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wnciper
    TurboTax 2011 wrapper
    TurboTax 2012
    TurboTax 2012 WinPerFedFormset
    TurboTax 2012 WinPerReleaseEngine
    TurboTax 2012 WinPerTaxSupport
    TurboTax 2012 wnciper
    TurboTax 2012 wrapper
    TurboTax Business 2009
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    WinASO Registry Optimizer 4.8.2
    Windows Driver Package - Intel (e1kexpress) Net (12/10/2009 11.5.10.0)
    Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179)
    Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
    Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
    Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
    Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
    Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
    Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    Windows XP Mode
    WinRAR archiver
    Wisdom Quest
    Xvid Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/9/2013 8:15:49 PM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    5/8/2013 9:56:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    5/8/2013 2:18:06 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    5/7/2013 5:36:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
    5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/7/2013 5:28:18 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097} because another computer on the network has the same name. The server could not start.
    5/12/2013 8:05:06 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    5/12/2013 8:04:04 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    5/12/2013 10:13:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
    5/12/2013 10:12:50 PM, Error: Ntfs [137] - The default transaction resource manager on volume Q: encountered a non-retryable error and could not start. The data contains the error code.
    5/12/2013 10:12:47 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    5/11/2013 1:48:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
    .
    ==== End Of File ===========================

    Can't run MBAM, but here are the results from AdwCleaner:
    # AdwCleaner v2.300 - Logfile created 05/12/2013 at 22:09:17
    # Updated 28/04/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Barbara - BARBARA-THINK
    # Boot Mode : Normal
    # Running from : C:\Users\Barbara\Favorites\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
    File Deleted : C:\END
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
    Folder Deleted : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
    Folder Deleted : C:\Users\Barbara\AppData\LocalLow\Conduit

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ef32f59633787dd828adf56352222c0f-795373474
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16537

    [OK] Registry is clean.

    -\\ Mozilla Firefox v14.0 (en-US)

    File : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\prefs.js

    Deleted : user_pref("CT3078318_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

    -\\ Google Chrome v26.0.1410.64

    File : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [2817 octets] - [12/05/2013 22:08:23]
    AdwCleaner[S1].txt - [2619 octets] - [12/05/2013 22:09:17]

    ########## EOF - C:\AdwCleaner[S1].txt - [2679 octets] ##########
     
  2. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  3. begonia

    begonia TS Rookie Topic Starter Posts: 20

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Barbara [Admin rights]
    Mode : Remove -- Date : 05/13/2013 08:41:51
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9500420AS +++++
    --- User ---
    [MBR] e8278e7452cdb958e47982cd2b67024c
    [BSP] 472610cc88767ce53d6069fc8b9dfd91 : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465738 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_05132013_02d0841.txt >>
    RKreport[1]_S_05132013_02d0839.txt ; RKreport[2]_D_05132013_02d0841.txt



    **************************************************************************
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.05.13.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16540
    Barbara :: BARBARA-THINK [administrator]

    5/13/2013 8:58:18 AM
    mbar-log-2013-05-13 (08-58-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 31614
    Time elapsed: 11 minute(s), 28 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. begonia

    begonia TS Rookie Topic Starter Posts: 20

    Thanks for the reply. While it was running ESET last night, it shut down again -- and it shuts down, doesn't reboot as I said in the original post. I figured the shutting down meant it was time to hit the sack, but I'm up now (EST) and can work with you on and off all day.
    mbam-setup-1.75.0.1300.exe still gives "Setup was unable to create the directory c:\uses\barbara\appdata\local\temp\is-xxxxx.tmp Error 5: Access is Denied"
     
  5. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  6. begonia

    begonia TS Rookie Topic Starter Posts: 20

    ComboFix 13-05-12.01 - Barbara 05/13/2013 20:31:14.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3892.1923 [GMT -4:00]
    Running from: c:\users\Barbara\Favorites\Downloads\ComboFix.exe
    AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-04-14 to 2013-05-14 )))))))))))))))))))))))))))))))
    .
    .
    2013-05-14 00:39 . 2013-05-14 00:39--------d-----w-c:\users\GuestUser\AppData\Local\temp
    2013-05-14 00:39 . 2013-05-14 00:39--------d-----w-c:\users\Default\AppData\Local\temp
    2013-05-14 00:39 . 2013-05-14 00:39--------d-----w-c:\users\Betsy\AppData\Local\temp
    2013-05-13 12:45 . 2013-05-13 12:45--------d-----w-c:\programdata\Malwarebytes
    2013-05-13 03:40 . 2013-05-13 03:40--------d-----w-c:\program files\SUPERAntiSpyware
    2013-05-13 03:40 . 2013-05-13 03:40--------d-----w-c:\programdata\SUPERAntiSpyware.com
    2013-05-13 03:39 . 2013-05-13 03:40--------d-----w-c:\programdata\SUPERSetup
    2013-05-13 02:10 . 2013-05-13 02:11174----a-w-c:\windows\DeleteOnReboot.bat
    2013-05-13 01:41 . 2013-05-13 01:41--------d-----w-c:\program files (x86)\ESET
    2013-05-03 17:58 . 2013-05-03 17:58--------d-----w-c:\program files (x86)\Canon
    2013-05-03 17:58 . 2008-08-25 22:0215872----a-w-c:\windows\SysWow64\CNHMCA.dll
    2013-05-03 17:58 . 2012-02-08 20:34320000----a-w-c:\windows\SysWow64\CNC_BBL.dll
    2013-05-03 17:58 . 2012-01-16 18:21103424----a-w-c:\windows\SysWow64\CNC_BBU.dll
    2013-05-03 17:55 . 2012-04-16 09:0030208----a-w-c:\windows\system32\Spool\prtprocs\x64\CNMPDBB.DLL
    2013-05-03 17:55 . 2012-04-16 09:00100352----a-w-c:\windows\system32\Spool\prtprocs\x64\CNMPPBB.DLL
    2013-05-03 17:55 . 2012-02-08 20:36363520----a-w-c:\windows\system32\CNC_BBL.dll
    2013-05-03 17:55 . 2012-01-16 18:21287744----a-w-c:\windows\system32\CNC_BBC.dll
    2013-05-03 17:55 . 2012-01-16 18:20106496----a-w-c:\windows\system32\CNC_BBI.dll
    2013-05-03 17:55 . 2008-08-25 22:0217920----a-w-c:\windows\system32\CNHMCA6.dll
    2013-05-03 17:55 . 2012-04-16 09:00389120----a-w-c:\windows\system32\CNMLMBB.DLL
    2013-04-28 03:48 . 2013-04-28 03:52--------d-----w-c:\users\Barbara\Cloud Drive
    2013-04-28 03:47 . 2013-04-28 03:47--------d-----w-c:\users\Barbara\AppData\Local\Amazon Cloud Drive
    2013-04-28 03:42 . 2013-04-28 03:42--------d-----w-c:\users\Barbara\AppData\Local\Apps
    2013-04-28 03:42 . 2013-04-28 21:06--------d-----w-c:\users\Barbara\AppData\Local\Deployment
    2013-04-24 11:56 . 2013-04-24 11:56--------d-----w-c:\program files (x86)\Common Files\Java
    2013-04-24 11:41 . 2013-04-04 09:3595648----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-24 00:09 . 2013-04-12 14:451656680----a-w-c:\windows\system32\drivers\ntfs.sys
    2013-04-20 00:24 . 2013-04-20 00:27--------d-----w-c:\users\Barbara\.android
    2013-04-20 00:24 . 2013-04-20 00:24--------d-----w-c:\users\Barbara\workspace
    2013-04-20 00:10 . 2013-04-20 00:10--------d-----w-C:\New Folder
    2013-04-19 16:38 . 2012-06-27 08:37708168----a-w-c:\windows\system32\WinUSBCoInstaller.dll
    2013-04-19 16:38 . 2012-06-27 08:371490656----a-w-c:\windows\system32\WdfCoInstaller01007.dll
    2013-04-19 16:38 . 2012-08-29 06:24203104----a-w-c:\windows\system32\drivers\ssudmdm.sys
    2013-04-19 16:38 . 2012-08-29 06:24102368----a-w-c:\windows\system32\drivers\ssudbus.sys
    2013-04-19 16:36 . 2013-04-20 00:12--------d-----w-C:\Verizon_Android
    2013-04-19 16:35 . 2013-04-19 16:35--------d-----w-c:\programdata\Samsung
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-11 07:02 . 2010-08-29 18:2272702784----a-w-c:\windows\system32\MRT.exe
    2013-03-19 06:04 . 2013-04-10 16:255550424----a-w-c:\windows\system32\ntoskrnl.exe
    2013-03-19 05:46 . 2013-04-10 16:2543520----a-w-c:\windows\system32\csrsrv.dll
    2013-03-19 05:04 . 2013-04-10 16:253968856----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04 . 2013-04-10 16:253913560----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47 . 2013-04-10 16:256656----a-w-c:\windows\SysWow64\apisetschema.dll
    2013-03-19 03:06 . 2013-04-10 16:25112640----a-w-c:\windows\system32\smss.exe
    2013-03-10 00:51 . 2013-02-07 02:08861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2013-03-10 00:51 . 2011-09-12 22:15782240----a-w-c:\windows\SysWow64\deployJava1.dll
    2013-03-01 03:36 . 2013-04-10 16:263153408----a-w-c:\windows\system32\win32k.sys
    2013-02-15 06:08 . 2013-04-10 16:2644032----a-w-c:\windows\system32\tsgqec.dll
    2013-02-15 06:06 . 2013-04-10 16:263717632----a-w-c:\windows\system32\mstscax.dll
    2013-02-15 06:02 . 2013-04-10 16:26158720----a-w-c:\windows\system32\aaclient.dll
    2013-02-15 04:37 . 2013-04-10 16:263217408----a-w-c:\windows\SysWow64\mstscax.dll
    2013-02-15 04:34 . 2013-04-10 16:26131584----a-w-c:\windows\SysWow64\aaclient.dll
    2013-02-15 03:25 . 2013-04-10 16:2636864----a-w-c:\windows\SysWow64\tsgqec.dll
    2013-02-13 13:53 . 2013-02-13 13:530----a-w-c:\windows\SysWow64\sho2F08.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208------w-c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208------w-c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208------w-c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "087BFA070BC68B68EF72E800FF7EF859CE1EC0E9._service_run"="c:\users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-09-24 5998144]
    "ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2012-06-22 2673624]
    "Prey Laptop Tracker"="c:\program files\Prey\platform\windows\cron.exe" [2011-02-15 216635]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
    "BackupNowEZtray"="c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" [2011-09-24 580632]
    "AffixaPersonalSettings"="c:\program files (x86)\Affixa\AffixaHandler.exe" [2012-12-22 282848]
    "ACWLIcon"="c:\program files (x86)\Lenovo\Access Connections\ACWLIcon.exe" [2010-04-22 181608]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Z1"="c:\users\Barbara\Favorites\Downloads\mbar-1.05.0.1001\mbar\mbar.exe" [2013-03-23 1398856]
    .
    c:\users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    Amazon Cloud Drive.lnk - c:\users\Barbara\AppData\Local\Apps\2.0\X2XRTH5L.08D\71V3PPR9.7Q5\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe [N/A]
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-3-2 1086816]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-08-29 102368]
    R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-09-24 320576]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-06-08 31152]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-09-24 1666112]
    R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-09-24 1665088]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-08-29 203104]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 18288]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-29 1255736]
    R4 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
    R4 PCToolsFixToolInjDrv;PCToolsFixToolInjDrv;c:\program files (x86)\PC Tools Security\pcttFixTool64.sys [2011-05-24 55624]
    R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
    S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-09-24 29512]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-10-09 23592]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-07 143088]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
    S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-04-20 50536]
    S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-04-20 74088]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
    S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [2011-09-24 45592]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 12728]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-25 2320920]
    S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-12-15 163072]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-12-10 294064]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-26 244736]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
    S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
    S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - SASDIFSV
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 16:29]
    .
    2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 16:29]
    .
    2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1281610388-98583384-2208228445-1001Core.job
    - c:\users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 15:36]
    .
    2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1281610388-98583384-2208228445-1001UA.job
    - c:\users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 15:36]
    .
    2013-05-13 c:\windows\Tasks\ReclaimerUpdateFiles_Barbara.job
    - c:\users\Barbara\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-24 21:51]
    .
    2013-05-13 c:\windows\Tasks\ReclaimerUpdateXML_Barbara.job
    - c:\users\Barbara\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-24 21:51]
    .
    2013-05-13 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Barbara.job
    - c:\users\Barbara\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-24 21:51]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2013-04-16 20:10776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-04-16 20:10776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2013-04-16 20:10776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2013-04-16 20:10776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "TpShocks"="TpShocks.exe" [2009-12-11 380776]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-17 307768]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-08 390680]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-08 410136]
    "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
    "AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
    IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
    IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
    FF - ProfilePath - c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.easwaran.org/thoughts-for-the-day-quotes.html
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-05-13 20:42:50
    ComboFix-quarantined-files.txt 2013-05-14 00:42
    ComboFix2.txt 2013-05-13 00:13
    .
    Pre-Run: 229,565,648,896 bytes free
    Post-Run: 229,959,024,640 bytes free
    .
    - - End Of File - - 5ED5A8D851D917CD5073BD455ACB1886
     
  7. begonia

    begonia TS Rookie Topic Starter Posts: 20

    Just ran (expired since April) PC Tools - found Trojan.generic Application.NirCmd Trackware,TrakingCookies!rem Application.TrackingCookies Adware.Advertising
     
  8. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    I don't see anything malicious there.

    It looks like permissions issue.

    For x86 bit systems please download GrantPerms.zip and save it to your desktop.
    For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
    Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
    Copy and paste the following in the edit box:

    Code:
    C:\
    
    Click Unlock. When it is done click "OK".
    Click List Permissions and post the result of Perms.txt file that pops up.
    A copy of Perms.txt will be saved in the same directory the tool is run.

    When done restart computer and see if MBAM will install.
     
  9. begonia

    begonia TS Rookie Topic Starter Posts: 20

    I'll do this, but Trojan.generic showed up as 572 infections. I've had this software active for 2 years, and it's never shown a trojan before that I remember.
    Trojan.generic (572 infections)
    Application.NirCmd (6 infections)
    Trackware,TrakingCookies!rem (7 infections)
    Application.TrackingCookies (29 infectiosn)
    Adware.Advertising (21 infections)

    The last three show up often, but the first two it's the first I've seen
     
  10. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Go ahead with my previous reply and then...

    That's not safe to keep outdated AV program.
    When done with sorting MBAM issue...

    Uninstall PC Tools and...

    Install ONE of these:

    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
    You can keep it or you have to disable it before installing another AV program. How to...

    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    Update, run full scan, report on any findings.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    One thing a t a time.
     
     
  12. begonia

    begonia TS Rookie Topic Starter Posts: 20

    GrantPerms by Farbar
    Ran by Barbara (administrator) at 2013-05-13 22:21:23

    ===============================================
    WARNING: The parameter <c:" -ot file -actn list -lst F:tab;W:O,d;I:y > contains a double quotation mark ("). Did you unintentionally escape a double quote? Hint: use <"C:\\"> instead of <"C:\">.
    ERROR: The object path was not specified.


    ================ End Of List ================


    I definitely typed c:\ and it popped u p"operation unlock completed"
     
  13. begonia

    begonia TS Rookie Topic Starter Posts: 20

    Argh, MBAM is still giving same error. Go ahead w new AV or keep working on MBAM? Would you like to see the results of the programs I ran yesterday? Maybe they cleaned something but not all the way
    Combofix
    MBAM Clean
    RKill
    TDSSkiller
    aswMBR
    ESET online scanner
    adware cleaner
    FSS
    Unhide

    plus RogueKiller at some point
     
  14. begonia

    begonia TS Rookie Topic Starter Posts: 20

    Yes, sorry, PC Tools runs on its own and pops up reminding me of infections and that my subscription is expired. They aren't supporting it anymore after 5/18, so should I buy a different one or just use one of the ones you recommended?
     
  15. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    My fault.
    It should read:
    C:\\
    instead of:
    C:\

    Sorry about it.
     
  16. begonia

    begonia TS Rookie Topic Starter Posts: 20

    Aw, man, I was like, "finally a program that runs quickly," but now it's taking 20min this time. Also installed MSEssentials
     
  17. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    It'll take time.
    It's not a good idea to do other things like installing programs at the same time.
    Leave GrantPerms alone.
     
  18. begonia

    begonia TS Rookie Topic Starter Posts: 20

    GrantPerms by Farbar
    Ran by Barbara (administrator) at 2013-05-13 23:16:29

    ===============================================
    \\?\c:\

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (CI)(OI)
    NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
    BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)



    ================ End Of List ================
     
  19. begonia

    begonia TS Rookie Topic Starter Posts: 20

    Rebooted and still same MBAM issue :(
    But I do have all files visible. Can/should I change it back?
     
  20. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    What's the exact message?
     
  21. begonia

    begonia TS Rookie Topic Starter Posts: 20

    "Setup was unable to create the directory c:\uses\barbara\appdata\local\temp\is-xxxxx.tmp Error 5: Access is Denied" This time SUD6E was for xxxxx but it changes each time. Running mbam-setup-1.75.0.1300 downloaded three different times
     
  22. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Download and run this utility.
    It will ask to restart your computer (please allow it to).
    Try to install MBAM again.
     
  23. begonia

    begonia TS Rookie Topic Starter Posts: 20

    Ran the cleaner program and got same thing again, still won't install. I forgot it on my list -- ran this yesterday too because I used to have a MBAM copy on this computer.

    Also, quick scan MSE came up clean -- want me to do a full?
     
  24. begonia

    begonia TS Rookie Topic Starter Posts: 20

    Witching hour draws near, goodnight and thank you. I'll catch your advice in the morning and do it then. Tonight I'll let full scan run
     
  25. Broni

    Broni Malware Annihilator Posts: 47,704   +268

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.