Gringo the computer God.........please help me!

[Gelfoam]

My computer is way messed up.

For the past 4 weeks I have been trying to fix it. I am not sure what is wrong with it.

I think I have malware, trojan, virus or what else I don't know.

I have been working with another computer self help .com and they haven't been able to fix me.

The computer started acting very slow, and generally fouled up, and I noticed alot of spam in my email junk folder.

So I tried looking at these forums and tried to figure out what was wrong with my computer.

I must have 20 different programs that I have downloaded and run to try and fix the computer.

Defogger

Crapcleaner

Roguekiller

tdsskiller

reservo

Essetmartin

Hijack this

Windows tweaking

aswmbr

panda

yorkexe

etc. just to name a few.

I have gone to windows forums and tried using the windows malware removal programs and no joy.

Nothing that I have done seems to help.

I seem to keep finding new infected files, and viruses with each scan that I run.

It seems that there is also an infected (root key?-hku key). And I can't seem to kill or cure that.

I tried going back to the time frame that I was having problems and removed the programs that could have been causing

the problem but still no joy.

I am not sure but am wondering if a windows update helped to screw things up.

I also notice that I have 98 processes running on my task manager (probably why it is so slow).

I have had blue screen crashes that I have gone around by pulling the battery and unplugging without logging off.

I have tried the windows repair, the windows update etc. no joy.

Por favor no puede ayudarme? Ugghhh, I am at my wits end.

I would like to not have to reformat the whole computer if possible.

ANY HELP would be greatly appreciated!

Gelfoam

[gringo_pr]

Hello Gelfoam

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Going by what you have explained and the tools you have run I doubt very much that it is malware.

by chance have you tried system restore to before you had this problem? IF not then try this now.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• 
  
• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

  [*]Please do not attach logs or use code boxes, just copy and paste the text.

  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
    

  [*]Please read every post completely before doing anything.

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
    

  [*]Please provide feedback about your experience as we go.

  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
  
  

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I need to get some reports to get a base to start from so I need you to run these programs first.

-Download DDS-

• Please download DDS from one of the links below and save it to your desktop:
  
  Download DDS and save it to your desktop
  

Link1
Link2
Link3

• Double-Click on dds.scr and a command window will appear. This is normal.
  
• Shortly after two logs will appear:
  
  • DDS.txt
    
  • Attach.txt
    

  [*]A window will open instructing you save & post the logs

  [*]Save the logs to a convenient place such as your desktop

  [*]Copy the contents of both logs & post in your next reply

Gringo

[Gelfoam]

Hi Gringo,

Firstly ...Thank you , Thank you, Thank you.

I have tried a system restore. Several times. Each time I have run tweaking windows program I do a restore point, and also when I have gotten the blue screen of doom I have tried to go in

and do a system restore using the f8 button on startup and going to system recovery. I have a program called reg servo that creates a restore point each time it does its thing which is daily, but I can't seem to find any of those restore points. I have noticed also that my security seems to be getting turned off and I didn't do it. Leading me to believe whatever mal-process is loaded on my computer is deleting things and changing things without me having done it.

I have noticed that something seems to be deleting my system recovery points OR I can't access them. (Possibly operator error in trying to find the restore points but I am not sure).

About the only files I would like to back up are photos and I don't have a disc to do that today but will get one.

Am going to do the dds thing now.

Again Gracias a Dios, and thank you so much for helping me.

Gelfoam

[Gelfoam]

Here are th DDs logs:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 3/20/2008 7:07:55 AM

System Uptime: 5/18/2013 7:38:33 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0XR148

Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 2001/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 174 GiB total, 126.014 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 5.325 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1835: 5/13/2013 6:38:19 AM - Removed Bing Desktop

RP1837: 5/16/2013 11:04:15 AM - REGSERVO Backup

RP1838: 5/16/2013 1:39:44 PM - Tweaking.com - Windows Repair

RP1839: 5/16/2013 7:46:04 PM - Tweaking.com - Windows Repair

RP1841: 5/16/2013 8:45:00 PM - REGSERVO Backup

RP1843: 5/16/2013 8:51:25 PM - REGSERVO Backup

RP1845: 5/16/2013 9:42:37 PM - Panda ZAcccess Cleanup

RP1846: 5/16/2013 10:03:36 PM - Windows Update

RP1847: 5/17/2013 8:21:13 AM - Removed Virgin Mobile Broadband Modem Drivers.

RP1848: 5/17/2013 8:21:50 AM - Removed Skype™ 5.10

RP1849: 5/17/2013 8:23:22 AM - Removed QuickTime

RP1850: 5/18/2013 5:00:55 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Acrobat.com

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7)

Advanced Audio FX Engine

Advanced Video FX Engine

Audio Signal Generator

avast! Free Antivirus

CCleaner

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Dell Touchpad

Dell Webcam Center

Dell Webcam Manager

Dell Wireless WLAN Card

ESET Online Scanner v3

Eusing Free Registry Cleaner

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Photo Printing Software

HP Share-to-Web

InstallVC90Support

Intel® Matrix Storage Manager

Java 7 Update 21

Java Auto Updater

Laptop Integrated Webcam Driver (1.04.01.1011)

LG USB Modem driver

Live! Cam Avatar Creator

Live! Cam Avatar v1.0

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Security Scan Plus

MediaDirect

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office File Validation Add-In

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Word 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Drivers

OutlookAddinSetup

Palm Desktop by ACCESS

PalmTether

QuickSet

REGSERVO

RivalGaming

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler

Roxio MyDVD DE

Roxio Update Manager

RTC Client API v1.2

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Sonic Activation Module

Spybot - Search & Destroy

SRWare Iron 10.0.650.0

SUPERAntiSpyware

TunnelBear 1.0.32

Tweaking.com - Windows Repair (All in One)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

User's Guides

USRobotics V.92 USB Modem

VZAccess Manager

.

==== Event Viewer Messages From Past Week ========

.

5/18/2013 7:41:57 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

5/18/2013 7:40:57 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/18/2013 7:39:54 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/18/2013 4:32:09 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/18/2013 4:24:24 AM, Error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

5/18/2013 4:08:31 AM, Error: Service Control Manager [7022] - The Task Scheduler service hung on starting.

5/18/2013 4:08:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.

5/18/2013 4:08:31 AM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/18/2013 3:44:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service RoxMediaDB9 with arguments "" in order to run the server: {5EFBB572-1CBD-47DA-8BBA-5BAB9CADD108}

5/18/2013 3:44:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the RoxMediaDB9 service to connect.

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2

Run by melba at 20:49:09 on 2013-05-18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1590 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\aestsrv.exe

C:\Windows\ehome\ehRecvr.exe

C:\Windows\ehome\ehsched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\PalmTether\TetherApp.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\PROGRA~1\PALMTE~1\PALMON~2.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\WmiPrvSE.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\Explorer.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\consent.exe

C:\Windows\system32\wbem\WmiPrvSE.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe

mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [PalmTether] "c:\program files\palmtether\TetherApp.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRunOnce: [Z1] cmd /c "c:\users\melba\downloads\mbar-1.05.0.1001\mbar\mbar.exe" /cleanup /s

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 8.8.8.8 4.2.2.2

TCP: Interfaces\{10E4D2BB-35FA-47FF-96BF-5C4E8CD23D5C} : DHCPNameServer = 8.8.8.8 4.2.2.2

TCP: Interfaces\{4617E196-DC28-4712-900F-6506D4B4629E} : DHCPNameServer = 192.168.3.1

TCP: Interfaces\{8ADB3B2D-E357-4615-8603-482EAE804AED} : DHCPNameServer = 198.224.166.135 198.224.167.135

TCP: Interfaces\{E352252E-E35C-4AEF-B093-BC023176EEE7} : DHCPNameServer = 8.8.8.8

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-6 49248]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-6 765736]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-4-6 368176]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]

R1 MpKsl27132bdd;MpKsl27132bdd;c:\programdata\microsoft\microsoft antimalware\definition updates\{64c654b1-998f-4e18-9118-c438b903ae8e}\MpKsl27132bdd.sys [2013-5-18 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-3-20 73728]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-4-6 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-6 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-4-6 45248]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-7 21504]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-7 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-7 701512]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-4-7 1153368]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-7 22856]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]

R3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [2007-9-20 9728]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-6 164736]

S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\USR_CD2.sys [2008-5-9 216064]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]

S3 VNHDPF;VNHDPF; [x]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 ZVCXJHVR;ZVCXJHVR; [x]

S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-3-20 209408]

.

=============== Created Last 30 ================

.

2013-05-19 03:32:00 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{64c654b1-998f-4e18-9118-c438b903ae8e}\MpKsl27132bdd.sys

2013-05-18 12:59:41 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{64c654b1-998f-4e18-9118-c438b903ae8e}\mpengine.dll

2013-05-18 11:35:47 -------- d-sh--w- C:\$RECYCLE.BIN

2013-05-18 05:55:05 -------- d-----w- C:\9d9d7aa93e65abc0838664111cfb

2013-05-17 05:17:53 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-05-17 03:06:04 -------- d-----w- c:\windows\system32\catroot2

2013-05-16 18:53:09 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2013-05-13 13:42:13 -------- d-----w- c:\users\melba\appdata\local\ElevatedDiagnostics

2013-05-13 13:01:04 -------- d-sh--w- c:\windows\system32\%APPDATA%

2013-05-12 06:02:08 98816 ----a-w- c:\windows\sed.exe

2013-05-12 06:02:08 256000 ----a-w- c:\windows\PEV.exe

2013-05-12 06:02:08 208896 ----a-w- c:\windows\MBR.exe

2013-05-10 07:57:26 187456 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2013-05-09 19:13:28 -------- d-----w- c:\users\melba\appdata\roaming\QuickScan

2013-05-09 18:41:00 -------- d-----w- c:\windows\system32\DBBK

2013-05-05 09:28:26 -------- d-----w- c:\users\melba\Doctor Web

2013-05-01 05:13:00 706640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{39115f19-2987-45de-9495-24ee9c9e4193}\gapaengine.dll

2013-05-01 04:40:02 -------- d-----w- c:\program files\Microsoft Security Client

2013-05-01 04:39:27 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2013-04-30 08:47:41 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{abccaf8f-6484-4c97-9c8b-5d0eaadfd69d}\mpengine.dll

2013-04-27 16:33:21 -------- d-----w- c:\windows\ERUNT

2013-04-27 16:18:40 -------- d-----w- C:\JRT

.

==================== Find3M ====================

.

2013-05-16 18:48:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-16 18:48:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-10 01:18:14 861088 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-04-10 01:18:13 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-04 12:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe

2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll

2013-03-08 03:52:22 2067968 ----a-w- c:\windows\system32\mstscax.dll

2013-03-06 22:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-03-06 22:33:24 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-03-06 22:33:24 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-03-06 22:33:23 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-03-06 22:32:51 41664 ----a-w- c:\windows\avastSS.scr

2013-03-05 01:40:56 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-03-03 19:07:52 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 20:50:35.37 ===============

[Gelfoam]

Also, I don't know if you need this info since you are a computer deity but,

I do not have a printer that is attatched to this laptop.

And I access the internet with my palm treo phone through a verizon program using my phone as the modem.

Or I connect via wifi when I am at work.

Thanks

Gelfoam

[Gelfoam]

I have also tried to do the microsoft updates but each time I go in to do it I hit start>microsoft update>click on that and it opens the update box.

When I hit check for updates it does and says that I need to do the update so I hit do update/restart computer and when I do it restarts the computer etc.

Then when I go in to check to see if there are updates it says the same thing again....meaning it didn't install the updates.

G

[gringo_pr]

Greetings

I have a program called reg servo that creates a restore point each time it does its thing which is daily - I think this is the main problem - Registry cleaners are never good news and pretty much the symptoms you are talking about seem to follow this program deleting things it should not have

as far as system restore points the oldest is from the 13th and that is not going back far enough

I have checked your topic over at Bleeping computer with Fireman and he has run most of the malware tools that need to be run without finding anything of note really - there was some minor things in the reports but nothing to cause what you are describing now, validating what I suspect and that is not malware but a corruption of the OS by the registry cleaner

We can rerun the tools that have already been run but I do not think it will do any good and you should consider backing up what you do not want to lose and just reinstall the OS.

Let me know if you want to try rerunning all the tools again

Gringo

[Gelfoam]

So basically what you are saying is you can't do anything more for me?

[Gelfoam]

Thanks for your time.

[gringo_pr]

What I am saying is I don't think it will do any good - if you want to try we can

gringo

[AdvancedSetup]

Using the resources of two different forums for the same issue is against forum policy.

[Gelfoam]

I guess I don't understand "Using the resources of two different forums for the same issue is against forum policy."

[Gelfoam]

Can someone perhaps explain to me how it is that I have "used the resources of two different forums"?

Are you refering to the bleepin computer forum and this forum also?

[Gelfoam]

I guess I would be happy to cease and desist in the Bleepin computer forum so I wouldn't be in violation of your forum policy.

But from the reply from Gringo it seems as though there is nothing you folks can do to help me.

So it is probably not necessary at this point to do anything but unplug the computer and put it away.

You can't imagine how depressing and frustrating it is to have tried so hard to help myself with no results, then

when I have asked for help I don't seem to be able to find anyone who can help me.

[AdvancedSetup]

That is correct. 2 Different forums, 2 different people, 1 computer. Wastes resources that are already very limited.

From reading the reply the help you need is not what you want to hear. You've been using a Registry Cleaning program that appears to have messed up your system.

The Registry is the brain of Windows. From this point on you'll always be limping along regardless of what is done to try and fix the damage already done.

The best option really is to backup all your data and then format the drive and reinstall Windows. Then restore your data.

[Gelfoam]

Thanks for all the help. I will close this thread.

[AdvancedSetup]

Okay I'll go ahead and close this topic. Its not that no one wants to help you, its that your computer really needs to have Windows reinstalled properly and then I would highly recommend that you do not use any other type of Registry Cleaning tools without guided assistance.

Sorry that things did not work out as planned for you.

Best Wishes