1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Windows Explorer Is Not Responding

By AL Levendusky · 10 replies
Jun 16, 2013
  1. I am getting a recurring msg "Windows Explorer is not Responding" (close, restart, or wait? options). This happens almost immediately when booting and if I close or restart, then all goes back to normal at least for a few minutes. Seems like right clicking on programs causes this lock up as well.

    In addition, after "closing program" I get a msg: "There was a problem starting c:\Users\Charla~1\local\temp\stkttjm\sqelxci\wow.dll. A dynamic link library initialization routine failed."

    Per your rules, I downloaded/ran a malwarebytes program as well as DDS program so I have those logs if needed.

    Thank you,
    p.s. I do not know much about computers. Just trying to help my mom with hers as she knows even less than I do!

    P.S. I am using Windows 7 Home Premium.
  2. Jad Chaar

    Jad Chaar Elite Techno Geek Posts: 6,515   +974

    Did you run a full MB scan with updated definitions? If so, post the log.
  3. AL Levendusky

    AL Levendusky TS Rookie Topic Starter

    This was a quick scan report (recommended by techspot I thought. If you need the full scan, I can do that and send it later. I also have rpt from the DDS.com scan.

    Malwarebytes Anti-Malware (Trial)
    Database version: v2013.06.16.04
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16576
    Charla Rogers :: ROGERSHOME-PC [administrator]
    Protection: Enabled
    6/16/2013 10:20:13 PM
    mbam-log-2013-06-16 (22-20-13).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 299109
    Time elapsed: 15 minute(s), 21 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
  4. AL Levendusky

    AL Levendusky TS Rookie Topic Starter

    I just ran a full scan. I removed the Trojan files after saving this report which says I did not, fyi.

    Malwarebytes Anti-Malware (Trial)
    Database version: v2013.06.17.03
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16618
    Charla Rogers :: ROGERSHOME-PC [administrator]
    Protection: Enabled
    6/17/2013 2:03:53 PM
    MBAM-log-2013-06-17 (15-18-42).txt
    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 501096
    Time elapsed: 1 hour(s), 13 minute(s), 28 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 6
    C:\Toolbox\exe\caclsAllowAndDelete.exe (Trojan.Downloader) -> No action taken.
    C:\Toolbox\exe\caclsDenyAccess.exe (Trojan.Downloader) -> No action taken.
    C:\Toolbox\exe\hj7run.exe (Trojan.Downloader) -> No action taken.
    C:\Toolbox\exe\mbam post.exe (Trojan.Downloader) -> No action taken.
    C:\Toolbox\exe\mbam pre.exe (Trojan.Downloader) -> No action taken.
    C:\Toolbox\exe\regrandom.exe (Trojan.Downloader) -> No action taken.
  5. mailpup

    mailpup TS Special Forces Posts: 7,096   +418

    Moving to V & M forum.
  6. Broni

    Broni Malware Annihilator Posts: 53,784   +369

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    I still need DDS logs.
  7. AL Levendusky

    AL Levendusky TS Rookie Topic Starter

    There were two reports. I do not know how to zip them, so here they are:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16576
    Run by Charla Rogers at 22:38:36 on 2013-06-16
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1553 [GMT -5:00]
    AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    ============== Running Processes ===============
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\\ccSvcHst.exe
    C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\\ccSvcHst.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
    C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
    C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\syswow64\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\ytbb.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://suddenlink.net/
    uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\\IPS\IPSBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
    uRun: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    mRun: [Dell 968 AIO Printer] "C:\Program Files (x86)\Dell 968 AIO Printer\fm3032.exe" /s
    mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\CHARLA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: mcafee.com
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: NameServer =
    TCP: Interfaces\{F8FD2ED7-75AE-44E0-8F14-D016F357F31A} : DHCPNameServer =
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    x64-Run: [dldomon.exe] "C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe"
    x64-Run: [MemoryCardManager] "C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe"
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
    x64-Notify: igfxcui - igfxdev.dll
    ================= FIREFOX ===================
    FF - ProfilePath - C:\Users\Charla Rogers\AppData\Roaming\Mozilla\Firefox\Profiles\9e0fe7hc.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
    ============= SERVICES / DRIVERS ===============
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-29 55280]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1301010.003\SymDS64.sys [2012-5-14 451192]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1301010.003\SymEFA64.sys [2012-5-14 1084536]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]
    R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1301010.003\ccSetx64.sys [2012-5-14 167048]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130614.001_b38\IDSviA64.sys [2013-6-14 513184]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1301010.003\Ironx64.sys [2012-5-14 189560]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1301010.003\symnets.sys [2012-5-14 401016]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-30 92160]
    R2 dldo_device;dldo_device;C:\Windows\System32\dldocoms.exe -service --> C:\Windows\System32\dldocoms.exe -service [?]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-16 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-14 701512]
    R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\\ccSvcHst.exe [2012-5-14 138760]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-10-29 132504]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-29 656624]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-10-30 138752]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-5-14 25928]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 dldoCATSCustConnectService;dldoCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dldoserv.exe [2007-10-5 34032]
    S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]
    S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
    =============== File Associations ===============
    ShellExec: LightningViewer.exe: View="c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\LightningNavigator.exe" "-ViewDocument" "%1"
    =============== Created Last 30 ================
    2013-06-17 03:10:22 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\Programs
    2013-06-17 00:56:42 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{8F8487AF-D058-4C6E-8A02-138E4CA65034}
    2013-06-16 21:53:15 -------- d-----w- C:\Windows\pss
    2013-06-15 22:06:49 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{337FDB45-223E-4EE8-B127-B64E10A1E071}
    2013-06-14 21:29:07 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{B6E739AF-6B0E-452C-9655-2A01A12DD9B5}
    2013-06-14 01:42:14 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{CCE313C9-1851-438C-BA78-8D4963ECB3A2}
    2013-06-13 13:33:25 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{3671CBA9-291A-40CB-BC8D-586F7944DD4F}
    2013-06-12 17:58:04 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{EA0E880C-0555-4BB9-825E-B23B015925B6}
    2013-06-12 03:24:07 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{486B1431-8215-4ECE-B5CE-6D3BD88F0360}
    2013-06-11 13:53:32 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{1D46C7D6-FD9A-4468-9D60-FF8D3F8FBAA9}
    2013-06-10 16:19:58 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{405BBBAF-B748-446E-B5E6-238B2FC9752E}
    2013-06-10 03:19:02 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{0F13CF60-D38F-417A-B63B-CFDC743A126C}
    2013-06-09 02:29:00 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{5465848C-6C96-4156-A2FB-849E32A9096C}
    2013-06-08 13:01:46 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{84A3DE09-8797-400E-9111-83CE1FE68439}
    2013-06-07 16:58:09 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{2FF90606-F473-40DF-BF13-2AEA5941664D}
    2013-06-06 15:10:48 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{19204A52-76E2-4532-B2A6-85A255F23205}
    2013-06-06 15:07:35 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{5E51FBFC-9356-4F74-B3BE-C82D417B6DBC}
    2013-06-06 14:50:28 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{0E459121-E41B-4C90-8A69-ECD155C826A8}
    2013-06-06 02:10:05 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{8B86978C-7AC3-4FE8-8A79-EC2748654FF0}
    2013-06-05 13:22:32 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{4DAE0137-0C36-43C1-912C-C2E4AD3C521D}
    2013-06-04 17:50:26 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{E4A20FDD-3F4C-40FC-AAED-59FD95FBFAAA}
    2013-06-04 02:56:05 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{E75C9EC4-7BFF-4ED9-8BE1-04AEE85929AB}
    2013-06-03 03:25:16 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{376A3F51-247A-40CA-9D8E-23B16E8F8FBE}
    2013-06-02 11:34:51 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{21B01EB2-AA36-4EEC-A965-35AE455BA020}
    2013-06-01 14:17:00 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{4AB48F86-AC1E-4F1B-B875-2D9294C0F538}
    2013-05-31 17:08:08 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{E46B3572-85E5-49BC-8FFB-013BB0B8A263}
    2013-05-31 03:15:05 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{E512F140-773B-44B6-9D61-062D368A2C54}
    2013-05-30 15:04:05 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{DA12A325-9C64-49F8-B229-0F187846197A}
    2013-05-30 03:03:30 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{0390ED4C-7D3C-4BC5-AF64-435D4181CE72}
    2013-05-29 13:33:04 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{B626955C-F996-4A3A-9E68-4F961F146C35}
    2013-05-29 01:07:58 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{FD97EB76-DD69-4BAC-B805-84F9821ACD7E}
    2013-05-28 12:35:48 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{1ECF9EBB-4A7D-459B-A4A5-34CA800B00AD}
    2013-05-27 20:09:37 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{D5811285-63EE-413B-9115-CF37AE4B7190}
    2013-05-27 19:25:23 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{AF7CC177-0DFA-4ADF-829E-13C24A0B2A56}
    2013-05-27 02:55:45 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{5E27992D-2EBD-45AC-B5A1-59373859D8D3}
    2013-05-26 13:00:09 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{FA7F7CDD-CD65-4EB5-9FFE-B6E3880D6911}
    2013-05-25 15:20:37 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{A3262C41-EE48-421D-85EA-9C09658DEFB8}
    2013-05-25 00:04:00 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{F64F48CC-956E-42BA-9EF6-4CD589029EE4}
    2013-05-24 10:53:08 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{AB267A73-382E-402F-A443-F169890217D5}
    2013-05-23 17:26:05 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{A581FF16-20AA-4B1D-9011-0FDA9E72A80A}
    2013-05-23 14:59:25 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{A9296057-D466-4CEB-A5A4-F20CD6BAD839}
    2013-05-23 02:22:09 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{4218A6AE-AEB4-4FA4-97DA-8E37381CFB2E}
    2013-05-22 14:19:08 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{C91C98DB-30CD-4C39-A053-BBD8B5106F7C}
    2013-05-21 23:10:22 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
    2013-05-21 23:10:01 -------- d-----w- C:\Program Files\My Dell
    2013-05-21 22:37:15 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{D64C60B4-EBB9-4690-8DB0-3A70A151D1F9}
    2013-05-21 02:27:19 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{055C8DC4-BC1C-46BB-BF61-DE927A1C3003}
    2013-05-20 13:59:14 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{583C8436-36E5-4632-A577-01F03778FD93}
    2013-05-19 23:05:38 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{B8F1C890-4A12-4D3B-A27F-D3FF6965800B}
    2013-05-19 03:05:16 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{FA2E343E-9F8C-4BA6-81D0-304254626380}
    2013-05-18 13:07:57 -------- d-----w- C:\Users\Charla Rogers\AppData\Local\{31F395AA-57AF-428F-915E-2CE662D6FD8C}
    ==================== Find3M ====================
    2013-06-17 02:26:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-17 02:26:17 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-06 12:38:05 1682 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2013-05-06 03:24:13 3177588 ----a-w- C:\ProgramData\SPL618A.tmp
    2013-05-03 16:44:04 1809244 ----a-w- C:\ProgramData\SPLEDAF.tmp
    2013-05-02 15:36:10 9038311 ----a-w- C:\ProgramData\SPLDAE3.tmp
    2013-05-02 15:29:21 9038310 ----a-w- C:\ProgramData\SPL1D01.tmp
    2013-05-02 14:39:54 5729392 ----a-w- C:\ProgramData\SPL6A1A.tmp
    2013-05-02 14:32:27 8919220 ----a-w- C:\ProgramData\SPL96B3.tmp
    2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
    2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
    2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
    2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    ============= FINISH: 22:40:06.03 ===============
  8. AL Levendusky

    AL Levendusky TS Rookie Topic Starter

    Second one...

    DDS (Ver_2012-11-20.01)
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/23/2009 4:12:51 PM
    System Uptime: 6/16/2013 9:00:40 PM (1 hours ago)
    Motherboard: Dell Inc. | | 0M017G
    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 1197/200mhz
    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 456 GiB total, 375.21 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    ==== Disabled Device Manager Items =============
    ==== System Restore Points ===================
    RP531: 6/9/2013 9:46:18 AM - Windows Update
    RP532: 6/9/2013 12:31:09 PM - Windows Update
    RP533: 6/9/2013 9:14:24 PM - Windows Update
    RP534: 6/9/2013 10:22:32 PM - Windows Update
    RP535: 6/10/2013 9:57:09 PM - Windows Update
    RP536: 6/10/2013 10:26:50 PM - Windows Update
    RP537: 6/11/2013 10:56:16 PM - Windows Update
    RP538: 6/12/2013 8:38:12 PM - Windows Update
    RP539: 6/13/2013 9:42:57 AM - Windows Update
    RP540: 6/13/2013 10:02:42 AM - Windows Update
    RP541: 6/13/2013 8:44:04 PM - Windows Update
    RP542: 6/14/2013 7:51:50 PM - Windows Update
    RP543: 6/15/2013 9:18:53 PM - Windows Update
    RP544: 6/16/2013 3:00:11 AM - Windows Update
    RP545: 6/16/2013 3:25:44 AM - Windows Update
    RP546: 6/16/2013 8:07:44 PM - Restore Operation
    RP547: 6/16/2013 8:20:47 PM - Windows Update
    ==== Installed Programs ======================
    ABBYY FineReader 6.0 Sprint
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.2
    Apple Software Update
    Bing Bar
    Compatibility Pack for the 2007 Office system
    Corel Snapfire muvee autoProducer add-on
    Corel Snapfire Plus
    Dell 968 AIO Printer
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Driver Detective
    Expert PDF 7 Reader
    Google Earth Plug-in
    Google Update Helper
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 14 (64-bit)
    Java(TM) 6 Update 29
    Junk Mail filter update
    LifeCam Video Messages gadget
    Malwarebytes Anti-Malware version
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Corporation
    Microsoft LifeCam
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 5.0
    My Dell
    Norton AntiVirus
    Norton PC Checkup
    Power BibleCD 5.2
    PowerDVD DX
    QualXServ Service Agreement
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio CinePlayer Decoder Pack
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator Premier
    Roxio Creator Premier 10
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Skype Click to Call
    Skype™ 6.3
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    WebEx Support Manager for Internet Explorer
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WordPerfect Lightning
    WordPerfect Lightning - EN
    WordPerfect Lightning - IPM
    WordPerfect Lightning - Messages
    WordPerfect Lightning - MSOM
    WordPerfect Office X4
    WordPerfect Office X4 - Common
    WordPerfect Office X4 - Content
    WordPerfect Office X4 - EN
    WordPerfect Office X4 - Filters
    WordPerfect Office X4 - Graphics
    WordPerfect Office X4 - ICA
    WordPerfect Office X4 - IPM
    WordPerfect Office X4 - IPM HSE EN
    WordPerfect Office X4 - Migration Manager
    WordPerfect Office X4 - PerfectExperts
    WordPerfect Office X4 - PR
    WordPerfect Office X4 - QP
    WordPerfect Office X4 - Skins
    WordPerfect Office X4 - System
    WordPerfect Office X4 - WP
    Yahoo! Software Update
    Yahoo! Toolbar
    ==== Event Viewer Messages From Past Week ========
    6/16/2013 9:01:27 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    6/16/2013 9:01:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldoCATSCustConnectService service to connect.
    6/16/2013 9:01:17 PM, Error: Service Control Manager [7000] - The dldoCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/16/2013 8:32:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2754670).
    6/16/2013 8:18:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    6/13/2013 2:06:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    6/13/2013 2:05:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
    6/13/2013 2:03:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    6/11/2013 3:50:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    ==== End Of File ===========================
  9. Broni

    Broni Malware Annihilator Posts: 53,784   +369

    If you read our preliminaries there is nothing about zipping.
    ALL logs have to be pasted.

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  10. AL Levendusky

    AL Levendusky TS Rookie Topic Starter

    I am sorry but I have to abandon this project. I was trying to help my mom's desktop but I am leaving the country so she will have to find other help. Thank you for your time and I'm sorry I could not finish this. I apologize for the inconvenience. Thanks again.
  11. Broni

    Broni Malware Annihilator Posts: 53,784   +369

    No problem. Thanks for letting me know :)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...