Inactive-A Malwarebytes Access Denied -- Tried Some Stuff, Need Help from Expert

Status
Not open for further replies.
B

begonia

Posts: 20   +0
.
Hi,
I have an issue like this one: https://www.techspot.com/community/topics/virus-cant-install-malwarebytes-access-is-denied.163660/
My Win7 Pro Thinkpad SP1 computer was randomly rebooting, so I tried to install MBAM but it said access was denied -- it couldn't write the file in the temp directory. So I googled and ran:
Combofix
MBAM Clean
[FONT=Helvetica Neue]RKill[/FONT]
[FONT=Helvetica Neue][FONT=helvetica]TDSSkiller[/FONT][/FONT]
[FONT=helvetica]aswMBR[/FONT]
[FONT=helvetica]ESET online scanner[/FONT]
[FONT=helvetica]adware cleaner[/FONT]
[FONT=helvetica]FSS[/FONT]
Unhide

Ran all of these; still access denied when trying to install MBAM. I don't know much about the logs. Would you be willing to help?
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by Barbara at 23:46:16 on 2013-05-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3892.563 [GMT -4:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Prey\platform\windows\cron.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AffixaHandlerLib.BHO: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
uRun: [087BFA070BC68B68EF72E800FF7EF859CE1EC0E9._service_run] "C:\Users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [Prey Laptop Tracker] C:\Program Files\Prey\platform\windows\cron.exe --log
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
mRun: [AffixaPersonalSettings] "C:\Program Files (x86)\Affixa\AffixaHandler.exe" /APPLYPERSONAL
mRun: [ACWLIcon] C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Users\Barbara\AppData\Local\Apps\2.0\X2XRTH5L.08D\71V3PPR9.7Q5\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
StartupFolder: C:\Users\Barbara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\37475607863736F6265616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\45F475E4F6663484D275966496 : DHCPNameServer = 101.104.178.1
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\54467716274637 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\64C6563786F584F6573756 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097}\7457164756D616C616E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DABEC673-63C3-4275-8501-8392D7D9F517} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: PFW - <no file>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.easwaran.org/thoughts-for-the-day-quotes.html
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2010-6-7 29512]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2010-6-7 163072]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-6-7 292864]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-6-7 294064]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-7 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-6-7 151936]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-6-7 244736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-19 102368]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-13 03:40:16--------d-----w-C:\ProgramData\SUPERAntiSpyware.com
2013-05-13 03:40:16--------d-----w-C:\Program Files\SUPERAntiSpyware
2013-05-13 03:39:41--------d-----w-C:\ProgramData\SUPERSetup
2013-05-13 02:10:45174----a-w-C:\Windows\DeleteOnReboot.bat
2013-05-13 01:41:55--------d-----w-C:\Program Files (x86)\ESET
2013-05-13 00:07:20--------d-sh--w-C:\$RECYCLE.BIN
2013-05-12 23:51:3098816----a-w-C:\Windows\sed.exe
2013-05-12 23:51:30256000----a-w-C:\Windows\PEV.exe
2013-05-12 23:51:30208896----a-w-C:\Windows\MBR.exe
2013-05-03 17:58:29--------d-----w-C:\Program Files (x86)\Canon
2013-05-03 17:58:2815872----a-w-C:\Windows\SysWow64\CNHMCA.dll
2013-05-03 17:58:27320000----a-w-C:\Windows\SysWow64\CNC_BBL.dll
2013-05-03 17:58:27103424----a-w-C:\Windows\SysWow64\CNC_BBU.dll
2013-05-03 17:55:4030208----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNMPDBB.DLL
2013-05-03 17:55:40100352----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNMPPBB.DLL
2013-05-03 17:55:33363520----a-w-C:\Windows\System32\CNC_BBL.dll
2013-05-03 17:55:33287744----a-w-C:\Windows\System32\CNC_BBC.dll
2013-05-03 17:55:3317920----a-w-C:\Windows\System32\CNHMCA6.dll
2013-05-03 17:55:33106496----a-w-C:\Windows\System32\CNC_BBI.dll
2013-05-03 17:55:22389120----a-w-C:\Windows\System32\CNMLMBB.DLL
2013-04-28 03:48:33--------d-----w-C:\Users\Barbara\Cloud Drive
2013-04-28 03:47:32--------d-----w-C:\Users\Barbara\AppData\Local\Amazon Cloud Drive
2013-04-28 03:42:42--------d-----w-C:\Users\Barbara\AppData\Local\Apps
2013-04-28 03:42:41--------d-----w-C:\Users\Barbara\AppData\Local\Deployment
2013-04-24 11:41:0995648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 00:09:001656680----a-w-C:\Windows\System32\drivers\ntfs.sys
2013-04-20 00:24:27--------d-----w-C:\Users\Barbara\.android
2013-04-20 00:24:10--------d-----w-C:\Users\Barbara\workspace
2013-04-20 00:10:15--------d-----w-C:\New Folder
2013-04-19 16:38:13708168----a-w-C:\Windows\System32\WinUSBCoInstaller.dll
2013-04-19 16:38:131490656----a-w-C:\Windows\System32\WdfCoInstaller01007.dll
2013-04-19 16:38:12203104----a-w-C:\Windows\System32\drivers\ssudmdm.sys
2013-04-19 16:38:12102368----a-w-C:\Windows\System32\drivers\ssudbus.sys
2013-04-19 16:36:10--------d-----w-C:\Verizon_Android
2013-04-19 16:35:44--------d-----w-C:\ProgramData\Samsung
.
==================== Find3M ====================
.
2013-03-19 06:04:065550424----a-w-C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:5643520----a-w-C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33112640----a-w-C:\Windows\System32\smss.exe
2013-03-10 00:51:44861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-03-10 00:51:44782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-03-01 03:36:043153408----a-w-C:\Windows\System32\win32k.sys
2013-02-21 10:30:161766912----a-w-C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:392877440----a-w-C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:3761440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:072240512----a-w-C:\Windows\System32\wininet.dll
2013-02-21 10:14:093958784----a-w-C:\Windows\System32\jscript9.dll
2013-02-21 10:14:0567072----a-w-C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05136704----a-w-C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:032706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:142706432----a-w-C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:5371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:1889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-15 06:08:4044032----a-w-C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:113717632----a-w-C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26158720----a-w-C:\Windows\System32\aaclient.dll
2013-02-15 04:37:103217408----a-w-C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10131584----a-w-C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:5136864----a-w-C:\Windows\SysWow64\tsgqec.dll
2013-02-13 13:53:480----a-w-C:\Windows\SysWow64\sho2F08.tmp
2013-02-12 05:45:24135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31474112----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:262176512----a-w-C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:0519968----a-w-C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 23:49:30.06 ===============
***************************************************************************************************



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/18/2010 3:11:55 AM
System Uptime: 5/12/2013 10:12:38 PM (1 hours ago)
.
Motherboard: LENOVO | | 2516CTO
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | None | 2400/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 213.232 GiB free.
Q: is FIXED (NTFS) - 10 GiB total, 0.004 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: PC Tools Data Store
Device ID: ROOT\LEGACY_PCTDS\0000
Manufacturer:
Name: PC Tools Data Store
PNP Device ID: ROOT\LEGACY_PCTDS\0000
Service: pctDS
.
==== System Restore Points ===================
.
RP375: 4/24/2013 3:00:27 AM - Windows Update
RP376: 4/24/2013 7:39:48 AM - Installed Java 7 Update 21
RP377: 4/26/2013 9:20:52 PM - Windows Update
RP378: 4/30/2013 3:00:15 AM - Windows Update
RP379: 5/1/2013 3:00:35 AM - Windows Update
RP380: 5/10/2013 7:53:10 AM - Scheduled Checkpoint
RP381: 5/12/2013 7:51:38 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Sansa Media Converter
Update for Microsoft Office 2007 (KB2508958)
µTorrent
3ivx D4 4.5.1 Decoder (remove only)
ABBYY FineReader for ScanSnap (TM) 4.0
Access Help
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Premiere Pro 2.0
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Adobe Stock Photos 1.0
Affixa
Affixa 3.2012.12.22
Amazon Cloud Drive
Amazon Kindle
Amazon MP3 Downloader 1.0.17
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bamboo
Bamboo Dock
Bamboo Dock 3.3
Blackboard IM 4.1.0-C
Bonjour
Browser Guard 4.0
Burn.Now 4.5
Canon IJ Scan Utility
Canon MG5400 series MP Drivers
Canon MP530
CardMinder
CardMinder V4.0
Conexant 20585 SmartAudio HD
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Create Recovery Media
Direct DiscRecorder
ESET Online Scanner v3
Evernote v. 4.6.3
Fastest Free YouTube Downloader to MP3 Converter
GIMP 2.6.11
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
Human Design Life Chart
Integrated Camera Driver Installer Package Ver.1.1.0.19
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Turbo Boost Technology Monitor
InterVideo WinDVD 8
IP Camera
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 31
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo Warranty Information
Lenovo Welcome
LG SP USB Driver
LG USB WML Modem Driver
Message Center Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mini-stream Ripper 3.1.2.1.2010.03.30
Mobile Broadband
Mozilla Firefox (3.6.12)
Mozilla Firefox 14.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NirSoft VideoCacheView
NTI Backup Now EZ
Pam Call Recorder 4.8
PC Tools Spyware Doctor with AntiVirus 9.0
Power Manager
Quicken 2011
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Rescue and Recovery
Rosetta Stone Homeschool
Samsung Mobile phone USB driver Drive Software
Samsung PC Studio 3
SAMSUNG USB Driver for Mobile Phones
Sansa Updater
ScanSnap
ScanSnap Manager
ScanSnap Organizer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
Suite Specific
SUPERAntiSpyware
swMSM
System Update
ThinkPad FullScreen Magnifier
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Communications Utility
TurboTax 2009
TurboTax 2009 WinBizFedFormset
TurboTax 2009 WinBizReleaseEngine
TurboTax 2009 WinBizTaxSupport
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnciper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnciper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnciper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnciper
TurboTax 2012 wrapper
TurboTax Business 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebTablet IE Plugin
WebTablet Netscape Plugin
WinASO Registry Optimizer 4.8.2
Windows Driver Package - Intel (e1kexpress) Net (12/10/2009 11.5.10.0)
Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
Windows Driver Package - Synaptics (SynTP) Mouse (04/22/2010 15.0.18.0)
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows XP Mode
WinRAR archiver
Wisdom Quest
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
5/9/2013 8:15:49 PM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/8/2013 9:56:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
5/8/2013 2:18:06 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
5/7/2013 5:36:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/7/2013 5:34:16 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/7/2013 5:28:18 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{0A6ACF33-1ABB-43B2-87D2-BE0D2B42B097} because another computer on the network has the same name. The server could not start.
5/12/2013 8:05:06 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/12/2013 8:04:04 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/12/2013 10:13:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
5/12/2013 10:12:50 PM, Error: Ntfs [137] - The default transaction resource manager on volume Q: encountered a non-retryable error and could not start. The data contains the error code.
5/12/2013 10:12:47 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/11/2013 1:48:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
.
==== End Of File ===========================

Can't run MBAM, but here are the results from AdwCleaner:
# AdwCleaner v2.300 - Logfile created 05/12/2013 at 22:09:17
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Barbara - BARBARA-THINK
# Boot Mode : Normal
# Running from : C:\Users\Barbara\Favorites\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
Folder Deleted : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
Folder Deleted : C:\Users\Barbara\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Deleted : HKCU\Software\Google\Chrome\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ef32f59633787dd828adf56352222c0f-795373474
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0 (en-US)

File : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\prefs.js

Deleted : user_pref("CT3078318_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2817 octets] - [12/05/2013 22:08:23]
AdwCleaner[S1].txt - [2619 octets] - [12/05/2013 22:09:17]

########## EOF - C:\AdwCleaner[S1].txt - [2679 octets] ##########
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Barbara [Admin rights]
Mode : Remove -- Date : 05/13/2013 08:41:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] e8278e7452cdb958e47982cd2b67024c
[BSP] 472610cc88767ce53d6069fc8b9dfd91 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465738 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05132013_02d0841.txt >>
RKreport[1]_S_05132013_02d0839.txt ; RKreport[2]_D_05132013_02d0841.txt



**************************************************************************
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Barbara :: BARBARA-THINK [administrator]

5/13/2013 8:58:18 AM
mbar-log-2013-05-13 (08-58-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31614
Time elapsed: 11 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Thanks for the reply. While it was running ESET last night, it shut down again -- and it shuts down, doesn't reboot as I said in the original post. I figured the shutting down meant it was time to hit the sack, but I'm up now (EST) and can work with you on and off all day.
mbam-setup-1.75.0.1300.exe still gives "Setup was unable to create the directory c:\uses\barbara\appdata\local\temp\is-xxxxx.tmp Error 5: Access is Denied"
 
redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 13-05-12.01 - Barbara 05/13/2013 20:31:14.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3892.1923 [GMT -4:00]
Running from: c:\users\Barbara\Favorites\Downloads\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-04-14 to 2013-05-14 )))))))))))))))))))))))))))))))
.
.
2013-05-14 00:39 . 2013-05-14 00:39--------d-----w-c:\users\GuestUser\AppData\Local\temp
2013-05-14 00:39 . 2013-05-14 00:39--------d-----w-c:\users\Default\AppData\Local\temp
2013-05-14 00:39 . 2013-05-14 00:39--------d-----w-c:\users\Betsy\AppData\Local\temp
2013-05-13 12:45 . 2013-05-13 12:45--------d-----w-c:\programdata\Malwarebytes
2013-05-13 03:40 . 2013-05-13 03:40--------d-----w-c:\program files\SUPERAntiSpyware
2013-05-13 03:40 . 2013-05-13 03:40--------d-----w-c:\programdata\SUPERAntiSpyware.com
2013-05-13 03:39 . 2013-05-13 03:40--------d-----w-c:\programdata\SUPERSetup
2013-05-13 02:10 . 2013-05-13 02:11174----a-w-c:\windows\DeleteOnReboot.bat
2013-05-13 01:41 . 2013-05-13 01:41--------d-----w-c:\program files (x86)\ESET
2013-05-03 17:58 . 2013-05-03 17:58--------d-----w-c:\program files (x86)\Canon
2013-05-03 17:58 . 2008-08-25 22:0215872----a-w-c:\windows\SysWow64\CNHMCA.dll
2013-05-03 17:58 . 2012-02-08 20:34320000----a-w-c:\windows\SysWow64\CNC_BBL.dll
2013-05-03 17:58 . 2012-01-16 18:21103424----a-w-c:\windows\SysWow64\CNC_BBU.dll
2013-05-03 17:55 . 2012-04-16 09:0030208----a-w-c:\windows\system32\Spool\prtprocs\x64\CNMPDBB.DLL
2013-05-03 17:55 . 2012-04-16 09:00100352----a-w-c:\windows\system32\Spool\prtprocs\x64\CNMPPBB.DLL
2013-05-03 17:55 . 2012-02-08 20:36363520----a-w-c:\windows\system32\CNC_BBL.dll
2013-05-03 17:55 . 2012-01-16 18:21287744----a-w-c:\windows\system32\CNC_BBC.dll
2013-05-03 17:55 . 2012-01-16 18:20106496----a-w-c:\windows\system32\CNC_BBI.dll
2013-05-03 17:55 . 2008-08-25 22:0217920----a-w-c:\windows\system32\CNHMCA6.dll
2013-05-03 17:55 . 2012-04-16 09:00389120----a-w-c:\windows\system32\CNMLMBB.DLL
2013-04-28 03:48 . 2013-04-28 03:52--------d-----w-c:\users\Barbara\Cloud Drive
2013-04-28 03:47 . 2013-04-28 03:47--------d-----w-c:\users\Barbara\AppData\Local\Amazon Cloud Drive
2013-04-28 03:42 . 2013-04-28 03:42--------d-----w-c:\users\Barbara\AppData\Local\Apps
2013-04-28 03:42 . 2013-04-28 21:06--------d-----w-c:\users\Barbara\AppData\Local\Deployment
2013-04-24 11:56 . 2013-04-24 11:56--------d-----w-c:\program files (x86)\Common Files\Java
2013-04-24 11:41 . 2013-04-04 09:3595648----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 00:09 . 2013-04-12 14:451656680----a-w-c:\windows\system32\drivers\ntfs.sys
2013-04-20 00:24 . 2013-04-20 00:27--------d-----w-c:\users\Barbara\.android
2013-04-20 00:24 . 2013-04-20 00:24--------d-----w-c:\users\Barbara\workspace
2013-04-20 00:10 . 2013-04-20 00:10--------d-----w-C:\New Folder
2013-04-19 16:38 . 2012-06-27 08:37708168----a-w-c:\windows\system32\WinUSBCoInstaller.dll
2013-04-19 16:38 . 2012-06-27 08:371490656----a-w-c:\windows\system32\WdfCoInstaller01007.dll
2013-04-19 16:38 . 2012-08-29 06:24203104----a-w-c:\windows\system32\drivers\ssudmdm.sys
2013-04-19 16:38 . 2012-08-29 06:24102368----a-w-c:\windows\system32\drivers\ssudbus.sys
2013-04-19 16:36 . 2013-04-20 00:12--------d-----w-C:\Verizon_Android
2013-04-19 16:35 . 2013-04-19 16:35--------d-----w-c:\programdata\Samsung
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 07:02 . 2010-08-29 18:2272702784----a-w-c:\windows\system32\MRT.exe
2013-03-19 06:04 . 2013-04-10 16:255550424----a-w-c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 16:2543520----a-w-c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 16:253968856----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 16:253913560----a-w-c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 16:256656----a-w-c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 16:25112640----a-w-c:\windows\system32\smss.exe
2013-03-10 00:51 . 2013-02-07 02:08861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
2013-03-10 00:51 . 2011-09-12 22:15782240----a-w-c:\windows\SysWow64\deployJava1.dll
2013-03-01 03:36 . 2013-04-10 16:263153408----a-w-c:\windows\system32\win32k.sys
2013-02-15 06:08 . 2013-04-10 16:2644032----a-w-c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 16:263717632----a-w-c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 16:26158720----a-w-c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 16:263217408----a-w-c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 16:26131584----a-w-c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 16:2636864----a-w-c:\windows\SysWow64\tsgqec.dll
2013-02-13 13:53 . 2013-02-13 13:530----a-w-c:\windows\SysWow64\sho2F08.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208------w-c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208------w-c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208------w-c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"087BFA070BC68B68EF72E800FF7EF859CE1EC0E9._service_run"="c:\users\Barbara\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-09-24 5998144]
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" [2012-06-22 2673624]
"Prey Laptop Tracker"="c:\program files\Prey\platform\windows\cron.exe" [2011-02-15 216635]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"BackupNowEZtray"="c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" [2011-09-24 580632]
"AffixaPersonalSettings"="c:\program files (x86)\Affixa\AffixaHandler.exe" [2012-12-22 282848]
"ACWLIcon"="c:\program files (x86)\Lenovo\Access Connections\ACWLIcon.exe" [2010-04-22 181608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Barbara\Favorites\Downloads\mbar-1.05.0.1001\mbar\mbar.exe" [2013-03-23 1398856]
.
c:\users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Amazon Cloud Drive.lnk - c:\users\Barbara\AppData\Local\Apps\2.0\X2XRTH5L.08D\71V3PPR9.7Q5\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe [N/A]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-3-2 1086816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-08-29 102368]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-09-24 320576]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-06-08 31152]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-09-24 1666112]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-09-24 1665088]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-08-29 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 18288]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-29 1255736]
R4 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
R4 PCToolsFixToolInjDrv;PCToolsFixToolInjDrv;c:\program files (x86)\PC Tools Security\pcttFixTool64.sys [2011-05-24 55624]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-09-24 29512]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-10-09 23592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-07 143088]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-04-20 50536]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-04-20 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [2011-09-24 45592]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 12728]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-25 2320920]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-12-15 163072]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-12-10 294064]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-26 244736]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 16:29]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-24 16:29]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1281610388-98583384-2208228445-1001Core.job
- c:\users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 15:36]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1281610388-98583384-2208228445-1001UA.job
- c:\users\Barbara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 15:36]
.
2013-05-13 c:\windows\Tasks\ReclaimerUpdateFiles_Barbara.job
- c:\users\Barbara\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-24 21:51]
.
2013-05-13 c:\windows\Tasks\ReclaimerUpdateXML_Barbara.job
- c:\users\Barbara\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-24 21:51]
.
2013-05-13 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Barbara.job
- c:\users\Barbara\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-24 21:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 20:10776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 20:10776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 20:10776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 20:10776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2009-12-11 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-17 307768]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-08 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-08 410136]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\r9wplwpo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.easwaran.org/thoughts-for-the-day-quotes.html
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-13 20:42:50
ComboFix-quarantined-files.txt 2013-05-14 00:42
ComboFix2.txt 2013-05-13 00:13
.
Pre-Run: 229,565,648,896 bytes free
Post-Run: 229,959,024,640 bytes free
.
- - End Of File - - 5ED5A8D851D917CD5073BD455ACB1886
 
Just ran (expired since April) PC Tools - found Trojan.generic Application.NirCmd Trackware,TrakingCookies!rem Application.TrackingCookies Adware.Advertising
 
I don't see anything malicious there.

It looks like permissions issue.

For x86 bit systems please download GrantPerms.zip and save it to your desktop.
For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

Code: 
C:\

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.

When done restart computer and see if MBAM will install.
 
I'll do this, but Trojan.generic showed up as 572 infections. I've had this software active for 2 years, and it's never shown a trojan before that I remember.
Trojan.generic (572 infections)
Application.NirCmd (6 infections)
Trackware,TrakingCookies!rem (7 infections)
Application.TrackingCookies (29 infectiosn)
Adware.Advertising (21 infections)

The last three show up often, but the first two it's the first I've seen
 
Go ahead with my previous reply and then...

Just ran (expired since April) PC Tools
Click to expand...
That's not safe to keep outdated AV program.
When done with sorting MBAM issue...

Uninstall PC Tools and...

Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Update, run full scan, report on any findings.
 
but Trojan.generic showed up as 572 infections. I've had this software active for 2 years, and it's never shown a trojan before that I remember.
Click to expand...
One thing a t a time.
 
GrantPerms by Farbar
Ran by Barbara (administrator) at 2013-05-13 22:21:23

===============================================
WARNING: The parameter <c:" -ot file -actn list -lst F:tab;W:O,d;I:y > contains a double quotation mark ("). Did you unintentionally escape a double quote? Hint: use <"C:\\"> instead of <"C:\">.
ERROR: The object path was not specified.


================ End Of List ================


I definitely typed c:\ and it popped u p"operation unlock completed"
 
Yes, sorry, PC Tools runs on its own and pops up reminding me of infections and that my subscription is expired. They aren't supporting it anymore after 5/18, so should I buy a different one or just use one of the ones you recommended?
 
Aw, man, I was like, "finally a program that runs quickly," but now it's taking 20min this time. Also installed MSEssentials
 
It'll take time.
It's not a good idea to do other things like installing programs at the same time.
Leave GrantPerms alone.
 
GrantPerms by Farbar
Ran by Barbara (administrator) at 2013-05-13 23:16:29

===============================================
\\?\c:\

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)



================ End Of List ================
 
"Setup was unable to create the directory c:\uses\barbara\appdata\local\temp\is-xxxxx.tmp Error 5: Access is Denied" This time SUD6E was for xxxxx but it changes each time. Running mbam-setup-1.75.0.1300 downloaded three different times
 
Ran the cleaner program and got same thing again, still won't install. I forgot it on my list -- ran this yesterday too because I used to have a MBAM copy on this computer.

Also, quick scan MSE came up clean -- want me to do a full?
 
Witching hour draws near, goodnight and thank you. I'll catch your advice in the morning and do it then. Tonight I'll let full scan run
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back