Inactive Windows Explorer Is Not Responding

[AL Levendusky]

I am getting a recurring msg "Windows Explorer is not Responding" (close, restart, or wait? options). This happens almost immediately when booting and if I close or restart, then all goes back to normal at least for a few minutes. Seems like right clicking on programs causes this lock up as well.

In addition, after "closing program" I get a msg: "There was a problem starting c:\Users\Charla~1\local\temp\stkttjm\sqelxci\wow.dll. A dynamic link library initialization routine failed."

Per your rules, I downloaded/ran a malwarebytes program as well as DDS program so I have those logs if needed.

Thank you,
Tim
p.s. I do not know much about computers. Just trying to help my mom with hers as she knows even less than I do!

P.S. I am using Windows 7 Home Premium.

 

[Jad Chaar]

Did you run a full MB scan with updated definitions? If so, post the log.

 

[AL Levendusky]

This was a quick scan report (recommended by techspot I thought. If you need the full scan, I can do that and send it later. I also have rpt from the DDS.com scan.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.16.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Charla Rogers :: ROGERSHOME-PC [administrator]
Protection: Enabled
6/16/2013 10:20:13 PM
mbam-log-2013-06-16 (22-20-13).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 299109
Time elapsed: 15 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[AL Levendusky]

I just ran a full scan. I removed the Trojan files after saving this report which says I did not, fyi.
Thanks.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.17.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Charla Rogers :: ROGERSHOME-PC [administrator]
Protection: Enabled
6/17/2013 2:03:53 PM
MBAM-log-2013-06-17 (15-18-42).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 501096
Time elapsed: 1 hour(s), 13 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\Toolbox\exe\caclsAllowAndDelete.exe (Trojan.Downloader) -> No action taken.
C:\Toolbox\exe\caclsDenyAccess.exe (Trojan.Downloader) -> No action taken.
C:\Toolbox\exe\hj7run.exe (Trojan.Downloader) -> No action taken.
C:\Toolbox\exe\mbam post.exe (Trojan.Downloader) -> No action taken.
C:\Toolbox\exe\mbam pre.exe (Trojan.Downloader) -> No action taken.
C:\Toolbox\exe\regrandom.exe (Trojan.Downloader) -> No action taken.
(end)

 

[mailpup]

Moving to V & M forum.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

I still need DDS logs.

 

[AL Levendusky]

There were two reports. I do not know how to zip them, so here they are:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by Charla Rogers at 22:38:36 on 2013-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1553 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dldocoms.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Windows\SysWOW64\PSIService.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\svchost.exe -k netsvcs
C:\Windows\System32\vds.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\ytbb.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Windows\Explorer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://suddenlink.net/
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\19.1.1.3\IPS\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
uRun: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
mRun: [Dell 968 AIO Printer] "C:\Program Files (x86)\Dell 968 AIO Printer\fm3032.exe" /s
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\CHARLA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{F8FD2ED7-75AE-44E0-8F14-D016F357F31A} : DHCPNameServer = 208.180.42.68 208.180.42.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
x64-Run: [dldomon.exe] "C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe"
x64-Run: [MemoryCardManager] "C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Charla Rogers\AppData\Roaming\Mozilla\Firefox\Profiles\9e0fe7hc.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-29 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1301010.003\SymDS64.sys [2012-5-14 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1301010.003\SymEFA64.sys [2012-5-14 1084536]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1301010.003\ccSetx64.sys [2012-5-14 167048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130614.001_b38\IDSviA64.sys [2013-6-14 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1301010.003\Ironx64.sys [2012-5-14 189560]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1301010.003\symnets.sys [2012-5-14 401016]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-30 92160]
R2 dldo_device;dldo_device;C:\Windows\System32\dldocoms.exe -service --> C:\Windows\System32\dldocoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-14 701512]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe [2012-5-14 138760]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-10-29 132504]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-29 656624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-10-30 138752]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-5-14 25928]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dldoserv.exe [2007-10-5 34032]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]
S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-06-17 03:10:22 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\Programs
2013-06-17 00:56:42 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{8F8487AF-D058-4C6E-8A02-138E4CA65034}
2013-06-16 21:53:15 -------- d-----w- C:\Windows\pss
2013-06-15 22:06:49 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{337FDB45-223E-4EE8-B127-B64E10A1E071}
2013-06-14 21:29:07 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{B6E739AF-6B0E-452C-9655-2A01A12DD9B5}
2013-06-14 01:42:14 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{CCE313C9-1851-438C-BA78-8D4963ECB3A2}
2013-06-13 13:33:25 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{3671CBA9-291A-40CB-BC8D-586F7944DD4F}
2013-06-12 17:58:04 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{EA0E880C-0555-4BB9-825E-B23B015925B6}
2013-06-12 03:24:07 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{486B1431-8215-4ECE-B5CE-6D3BD88F0360}
2013-06-11 13:53:32 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{1D46C7D6-FD9A-4468-9D60-FF8D3F8FBAA9}
2013-06-10 16:19:58 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{405BBBAF-B748-446E-B5E6-238B2FC9752E}
2013-06-10 03:19:02 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{0F13CF60-D38F-417A-B63B-CFDC743A126C}
2013-06-09 02:29:00 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{5465848C-6C96-4156-A2FB-849E32A9096C}
2013-06-08 13:01:46 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{84A3DE09-8797-400E-9111-83CE1FE68439}
2013-06-07 16:58:09 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{2FF90606-F473-40DF-BF13-2AEA5941664D}
2013-06-06 15:10:48 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{19204A52-76E2-4532-B2A6-85A255F23205}
2013-06-06 15:07:35 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{5E51FBFC-9356-4F74-B3BE-C82D417B6DBC}
2013-06-06 14:50:28 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{0E459121-E41B-4C90-8A69-ECD155C826A8}
2013-06-06 02:10:05 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{8B86978C-7AC3-4FE8-8A79-EC2748654FF0}
2013-06-05 13:22:32 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{4DAE0137-0C36-43C1-912C-C2E4AD3C521D}
2013-06-04 17:50:26 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{E4A20FDD-3F4C-40FC-AAED-59FD95FBFAAA}
2013-06-04 02:56:05 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{E75C9EC4-7BFF-4ED9-8BE1-04AEE85929AB}
2013-06-03 03:25:16 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{376A3F51-247A-40CA-9D8E-23B16E8F8FBE}
2013-06-02 11:34:51 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{21B01EB2-AA36-4EEC-A965-35AE455BA020}
2013-06-01 14:17:00 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{4AB48F86-AC1E-4F1B-B875-2D9294C0F538}
2013-05-31 17:08:08 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{E46B3572-85E5-49BC-8FFB-013BB0B8A263}
2013-05-31 03:15:05 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{E512F140-773B-44B6-9D61-062D368A2C54}
2013-05-30 15:04:05 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{DA12A325-9C64-49F8-B229-0F187846197A}
2013-05-30 03:03:30 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{0390ED4C-7D3C-4BC5-AF64-435D4181CE72}
2013-05-29 13:33:04 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{B626955C-F996-4A3A-9E68-4F961F146C35}
2013-05-29 01:07:58 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{FD97EB76-DD69-4BAC-B805-84F9821ACD7E}
2013-05-28 12:35:48 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{1ECF9EBB-4A7D-459B-A4A5-34CA800B00AD}
2013-05-27 20:09:37 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{D5811285-63EE-413B-9115-CF37AE4B7190}
2013-05-27 19:25:23 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{AF7CC177-0DFA-4ADF-829E-13C24A0B2A56}
2013-05-27 02:55:45 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{5E27992D-2EBD-45AC-B5A1-59373859D8D3}
2013-05-26 13:00:09 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{FA7F7CDD-CD65-4EB5-9FFE-B6E3880D6911}
2013-05-25 15:20:37 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{A3262C41-EE48-421D-85EA-9C09658DEFB8}
2013-05-25 00:04:00 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{F64F48CC-956E-42BA-9EF6-4CD589029EE4}
2013-05-24 10:53:08 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{AB267A73-382E-402F-A443-F169890217D5}
2013-05-23 17:26:05 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{A581FF16-20AA-4B1D-9011-0FDA9E72A80A}
2013-05-23 14:59:25 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{A9296057-D466-4CEB-A5A4-F20CD6BAD839}
2013-05-23 02:22:09 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{4218A6AE-AEB4-4FA4-97DA-8E37381CFB2E}
2013-05-22 14:19:08 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{C91C98DB-30CD-4C39-A053-BBD8B5106F7C}
2013-05-21 23:10:22 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2013-05-21 23:10:01 -------- d-----w- C:\Program Files\My Dell
2013-05-21 22:37:15 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{D64C60B4-EBB9-4690-8DB0-3A70A151D1F9}
2013-05-21 02:27:19 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{055C8DC4-BC1C-46BB-BF61-DE927A1C3003}
2013-05-20 13:59:14 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{583C8436-36E5-4632-A577-01F03778FD93}
2013-05-19 23:05:38 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{B8F1C890-4A12-4D3B-A27F-D3FF6965800B}
2013-05-19 03:05:16 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{FA2E343E-9F8C-4BA6-81D0-304254626380}
2013-05-18 13:07:57 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{31F395AA-57AF-428F-915E-2CE662D6FD8C}
.
==================== Find3M ====================
.
2013-06-17 02:26:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-17 02:26:17 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-06 12:38:05 1682 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-05-06 03:24:13 3177588 ----a-w- C:\ProgramData\SPL618A.tmp
2013-05-03 16:44:04 1809244 ----a-w- C:\ProgramData\SPLEDAF.tmp
2013-05-02 15:36:10 9038311 ----a-w- C:\ProgramData\SPLDAE3.tmp
2013-05-02 15:29:21 9038310 ----a-w- C:\ProgramData\SPL1D01.tmp
2013-05-02 14:39:54 5729392 ----a-w- C:\ProgramData\SPL6A1A.tmp
2013-05-02 14:32:27 8919220 ----a-w- C:\ProgramData\SPL96B3.tmp
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
.
============= FINISH: 22:40:06.03 ===============

 

[AL Levendusky]

Second one...

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/23/2009 4:12:51 PM
System Uptime: 6/16/2013 9:00:40 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0M017G
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 1197/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 375.21 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP531: 6/9/2013 9:46:18 AM - Windows Update
RP532: 6/9/2013 12:31:09 PM - Windows Update
RP533: 6/9/2013 9:14:24 PM - Windows Update
RP534: 6/9/2013 10:22:32 PM - Windows Update
RP535: 6/10/2013 9:57:09 PM - Windows Update
RP536: 6/10/2013 10:26:50 PM - Windows Update
RP537: 6/11/2013 10:56:16 PM - Windows Update
RP538: 6/12/2013 8:38:12 PM - Windows Update
RP539: 6/13/2013 9:42:57 AM - Windows Update
RP540: 6/13/2013 10:02:42 AM - Windows Update
RP541: 6/13/2013 8:44:04 PM - Windows Update
RP542: 6/14/2013 7:51:50 PM - Windows Update
RP543: 6/15/2013 9:18:53 PM - Windows Update
RP544: 6/16/2013 3:00:11 AM - Windows Update
RP545: 6/16/2013 3:25:44 AM - Windows Update
RP546: 6/16/2013 8:07:44 PM - Restore Operation
RP547: 6/16/2013 8:20:47 PM - Windows Update
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Apple Software Update
Bing Bar
Bonjour
Compatibility Pack for the 2007 Office system
Corel Snapfire muvee autoProducer add-on
Corel Snapfire Plus
D3DX10
Dell 968 AIO Printer
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
DirectXInstallService
Driver Detective
EMCGadgets64
Expert PDF 7 Reader
FaxRedist
Google Earth Plug-in
Google Update Helper
GoToAssist 8.0.0.514
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 14 (64-bit)
Java(TM) 6 Update 29
Junk Mail filter update
LifeCam Video Messages gadget
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
My Dell
Norton AntiVirus
Norton PC Checkup
Power BibleCD 5.2
PowerDVD DX
QualXServ Service Agreement
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Skype Click to Call
Skype™ 6.3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VD64Inst
WebEx Support Manager for Internet Explorer
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WordPerfect Lightning
WordPerfect Lightning - EN
WordPerfect Lightning - IPM
WordPerfect Lightning - Messages
WordPerfect Lightning - MSOM
WordPerfect Office X4
WordPerfect Office X4 - Common
WordPerfect Office X4 - Content
WordPerfect Office X4 - EN
WordPerfect Office X4 - Filters
WordPerfect Office X4 - Graphics
WordPerfect Office X4 - ICA
WordPerfect Office X4 - IPM
WordPerfect Office X4 - IPM HSE EN
WordPerfect Office X4 - Migration Manager
WordPerfect Office X4 - PerfectExperts
WordPerfect Office X4 - PR
WordPerfect Office X4 - QP
WordPerfect Office X4 - Skins
WordPerfect Office X4 - System
WordPerfect Office X4 - WP
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/16/2013 9:01:27 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/16/2013 9:01:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldoCATSCustConnectService service to connect.
6/16/2013 9:01:17 PM, Error: Service Control Manager [7000] - The dldoCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/16/2013 8:32:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2754670).
6/16/2013 8:18:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
6/13/2013 2:06:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
6/13/2013 2:05:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
6/13/2013 2:03:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
6/11/2013 3:50:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

 

[Broni]

If you read our preliminaries there is nothing about zipping.
ALL logs have to be pasted.

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[AL Levendusky]

I am sorry but I have to abandon this project. I was trying to help my mom's desktop but I am leaving the country so she will have to find other help. Thank you for your time and I'm sorry I could not finish this. I apologize for the inconvenience. Thanks again.

 

[Broni]

No problem. Thanks for letting me know