Solved reminderhelper.exe - Cannot remove

[Resolved] reminderhelper.exe - Cannot remove

Hello to all . I have not posted here in some time and read the conditions for posting and will keep it short . I believe I picked this flea up when I installed the free opener program which I realized was a mistake as it was happening and tried to stop unsuccessfully . I opened up my task mgr yesterday and saw it and knew it was something new . I discovered that it lives in the prefetch folder and deleted it manually but there it was again today in processes . It comes from we-care.com . In reading the must read before posting thread I saw to check my firewall . I certainly would never turn it off but there it was off . I'm not sure how or why this would happen so maybe this is why I ended up with this .exe file . TIA for any ideas !

 

Continuance of : reminderhelper.exe - Cannot remove

I hope I did this all correctly! Thanks again

My MBAM report:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.16.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Douglas :: JAMES-9468BDB9A [administrator]

1/15/2013 9:35:06 PM
mbam-log-2013-01-15 (21-35-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278873
Time elapsed: 13 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
----------------------------------------------
MBR check:

-----------------------------
21:38:16.532 OS Version: Windows 5.1.2600 Service Pack 3
21:38:16.532 Number of processors: 2 586 0x407
21:38:16.532 ComputerName: JAMES-9498BDB6A
21:38:17.985 Initialize success
21:39:14.714 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:39:14.714 Disk 0 Vendor: SAMSUNG_ VT10 Size: 238418MB BusType: 3
21:39:14.729 Disk 0 MBR read successfully
21:39:14.729 Disk 0 MBR scan
21:39:14.729 Disk 0 Windows XP default MBR code
21:39:14.729 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
21:39:14.729 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 233326 MB offset 112455
21:39:14.760 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 5028 MB offset 477965880
21:39:14.760 Disk 0 scanning sectors +488263545
21:39:14.854 Disk 0 scanning C:\WINDOWS\system32\drivers
21:39:46.007 Service scanning
21:39:46.210 Service .mrxsmb \* **LOCKED** 123
21:40:00.740 Modules scanning
21:40:15.238 Disk 0 trace - called modules:
21:40:15.269 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:40:15.269 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4e7ab8]
21:40:15.269 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a4ed030]
21:40:15.269 Scan finished successfully
08:09:44.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Douglas\Desktop\MBR.dat "
08:09:44.000 The log file has been saved successfully to "C:\Documents and Settings\Douglas\Desktop\aswMBR.txt "

---------------------------------------------------
Attach :

DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/20/2009 2:07:07 PM
System Uptime: 1/16/2013 5:16:51 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0FJ030
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 228 GiB total, 182.275 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01D11028&REV_01\3&172E68DD&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01D11028&REV_01\3&172E68DD&0&FB
Service:
.
Class GUID:
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:
.
==== System Restore Points ===================
.
RP780: 10/14/2012 1:22:03 PM - System Checkpoint
RP781: 10/17/2012 6:14:46 PM - System Checkpoint
RP782: 10/19/2012 5:20:22 PM - System Checkpoint
RP783: 10/21/2012 5:35:38 PM - System Checkpoint
RP784: 10/27/2012 11:37:34 AM - System Checkpoint
RP785: 10/28/2012 9:41:47 PM - System Checkpoint
RP786: 11/1/2012 7:20:19 PM - System Checkpoint
RP787: 11/5/2012 8:04:53 AM - System Checkpoint
RP788: 11/6/2012 7:07:58 PM - System Checkpoint
RP789: 11/13/2012 8:21:46 PM - System Checkpoint
RP790: 11/14/2012 8:57:34 PM - System Checkpoint
RP791: 11/16/2012 8:09:09 AM - Software Distribution Service 3.0
RP792: 11/20/2012 1:32:24 PM - System Checkpoint
RP793: 11/22/2012 9:36:27 PM - System Checkpoint
RP794: 12/2/2012 10:23:59 AM - System Checkpoint
RP795: 12/4/2012 9:45:22 AM - System Checkpoint
RP796: 12/5/2012 7:52:45 PM - System Checkpoint
RP797: 12/12/2012 7:01:12 AM - System Checkpoint
RP798: 12/13/2012 7:42:47 AM - Software Distribution Service 3.0
RP799: 12/15/2012 7:34:02 AM - System Checkpoint
RP800: 12/17/2012 9:29:56 PM - System Checkpoint
RP801: 12/21/2012 6:55:19 AM - Software Distribution Service 3.0
RP802: 12/22/2012 8:02:06 AM - System Checkpoint
RP803: 12/23/2012 10:52:30 AM - System Checkpoint
RP804: 12/27/2012 8:31:49 AM - avast! Free Antivirus Setup
RP805: 12/27/2012 8:42:10 AM - Installed AVG 2013
RP806: 12/27/2012 8:42:57 AM - Installed AVG 2013
RP807: 12/27/2012 7:32:24 PM - Installed OpenOffice.org 3.4.1
RP808: 12/29/2012 9:28:35 AM - Software Distribution Service 3.0
RP809: 12/31/2012 5:35:35 PM - System Checkpoint
RP810: 1/4/2013 9:41:38 AM - Software Distribution Service 3.0
RP811: 1/8/2013 5:12:54 PM - System Checkpoint
RP812: 1/9/2013 6:54:44 PM - System Checkpoint
RP813: 1/10/2013 3:00:18 AM - Software Distribution Service 3.0
RP814: 1/10/2013 8:01:31 PM - Software Distribution Service 3.0
RP815: 1/15/2013 10:01:37 PM - System Checkpoint
RP816: 1/16/2013 7:52:35 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Apple Application Support
Apple Software Update
ASPCA Reminder by We-Care.com v4.1.21.1
ATI Display Driver
Avanquest update
AVG 2013
Bonjour
Brother MFL-Pro Suite MFC-490CW
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Dell Driver Download Manager
Google Earth
Google SketchUp 8
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer3
Intel(R) PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 17
K-Lite Codec Pack 7.0.0 (Standard)
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WinUsb 1.0
Microsoft Works
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.4.1
Paint.NET v3.5.10
PaperPort Image Printer
QuickTime
Safari
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic Encoders
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Works Upgrade
.
==== Event Viewer Messages From Past Week ========
.
1/9/2013 9:02:49 PM, error: ati2mtag [45062] - CRT invalid display type
1/9/2013 8:41:58 AM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).
1/9/2013 8:41:58 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
1/9/2013 8:41:58 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
1/9/2013 8:41:58 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
1/9/2013 8:40:37 AM, error: Workstation [5727] - Could not load RDR device driver.
1/9/2013 8:25:12 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
1/9/2013 6:20:29 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/15/2013 9:26:10 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The system cannot find the file specified.
1/11/2013 1:51:22 PM, error: iastor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
1/10/2013 8:53:01 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
1/10/2013 7:33:46 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
1/10/2013 3:06:09 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2742596).
1/10/2013 3:05:43 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2756918).
1/10/2013 3:05:10 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2687499).
1/10/2013 3:05:03 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2736416).
1/10/2013 3:02:40 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597).
.
==== End Of File ===========================
DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17
Run by Douglas at 7:53:12 on 2013-01-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2303 [GMT -6:00]
.
AV: AVG update module *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\EDX8YC3S\aswMBR[1].exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\34e066ed95c1982b2564a07910fb791f\update\update.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_17\bin\ssv.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini "
mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFU3SEctWUxVVlUtRVMyRUctUUY3WEMtVkxDOVctUTRMWkc "& "inst=NzctNzQyNzIwNzEzLUtWMys3LUJBKzEtWEwrMS1UNC1GUDkrNi1UQjkrMi1GTCs5LVhPMzYrMS1GOU03Qys1LUY5TTEwQisxLUY5TTIrMS1GTDEwKzEtWE8xMCsxMS1ERFQrNDQxMzYtREQxMEYrMS1TVDEwRkFQUCsxLUwxME0rMi1GMTBNMTJBVCszLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLVNUMTJGT0krMS1GMTBNMTJBVSsx "& "prod=90 "& "ver=2012.0.1809 "& "mid=dde701e48ef877dbaa069dcde92949fe-9b0afbff3d1d63dd8a127604e2e5553cb60dacc0
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\douglas\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_17\bin\ssv.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341600538609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341620942531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
TCP: Interfaces\{3642A5AF-48B8-4C19-BFCA-D3BCF503F257} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\douglas\application data\mozilla\firefox\profiles\5tgpb8et.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110929&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 21:21; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-20 64512]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [2009-4-3 32840]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open= "c:\program files\microsoft digital image 2006\pi.exe" "%1 "
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-22 19:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-20 12:02:44 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-20 12:02:43 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 7:55:15.62 ===============

 

Yes I am Broni but sometimes when I click in here such as to respond my computer is locking up or saying it cannot display the page . When I clicked your HERE link again to look over your instructions again it also locked up . I guess I'm confused as to your instructions somehow . This is what is clearly stated in step 4

STEP 4.

Start a new topic in our Malware and Virus Removal forum and provide following logs:

It doesn't matter I suppose - I just thought I was supposed to start a new thread
It seems that ever since downloading malware bytes it's been performing terribly . I'm going to follow your next instructions now . Thanks

 

I just ran roguekiller and it found the file of concern but I couldn't get past the eula . It froze up and I had to use task mgr to get out of it . I ran it again and it froze my system . I had to do a forced shut down . I'm going to try to run it one more time right now . System is very glitchy and slow .

 

I had to do it in safe mode . Funny thing is that it worked once without doing so but I forgot the delete step and could never get it past the download the driver step. One thing I noticed is that in safe mode it did not find the reminderhelper file like before but it still found two other ones that it found previously so not sure what to think there . Thanks for your patience

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Douglas [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/22/2013 20:19:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 19 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 2993 / Fail 0
My documents: Success 309 / Fail 309
My favorites: Success 9 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 245 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\CdRom1 -- 0x5 --> Skipped

 

reminderhelper was there again after restart in normal mode . Running the antiroot program now . I decided to run roguekiller again and it found this file again even after running the antiroot kit . It keeps saying the driver isn't loaded . I'll try it again in safe mode tomorrow .
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.23.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Douglas :: JAMES-9468BDB9A [administrator]

1/22/2013 8:58:30 PM
mbar-log-2013-01-22 (20-58-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27289
Time elapsed: 26 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
c:\windows\$ntuninstallkb61006$\1943313818 (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb61006$\1943313818\l (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb61006$\1943313818\u (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb61006$\384746612 (Backdoor.0Access) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)



---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 3219222528, free: 2650058752

------------ Kernel report ------------
01/22/2013 20:30:32
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys

 

It doesn't seem to find reminderhelper in safe mode . Am I wrong on this Broni? Thanks
Here's report number 7 from safe mode .

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Douglas [Admin rights]
Mode : Remove -- Date : 01/22/2013 21:07:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : Z1 (cmd /c "C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\J3F02GCB\mbar-1.01.0.1016[1]\mbar\mbar.exe" /cleanup /s) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2504C +++++
--- User ---
[MBR] b0d460c0239474d85f00448bdfeb1c6a
[BSP] 0865dbc3033a5b0d1557ae0b87d99f0b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 233326 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 477965880 | Size: 5028 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[7]_D_01222013_02d2107.txt >>
RKreport[1]_S_01222013_02d1949.txt ; RKreport[2]_S_01222013_02d2015.txt ; RKreport[3]_D_01222013_02d2015.txt ; RKreport[4]_D_01222013_02d2016.txt ; RKreport[5]_SC_01222013_02d2019.txt ;
RKreport[6]_S_01222013_02d2107.txt ; RKreport[7]_D_01222013_02d2107.txt

 

Yup , still here ! Way too much work right now with Superbowl and Mardi Gras coming to town! I posted the whole log that it showed for that scan . I'll try again . Thanks for your persistence

 

I don't seem to be getting anywhere . When I run in safe mode it finds something else but never the reminder malware . I deleted it but there it is again . This time it opened up another webpage to roguekiller but I couldn't hear it . Now it looks like my audio is missing as well as my printer . I have a feeling I've done all I can here unless you have some other idea .

 

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : Douglas [Admin rights]
Mode : ProxyFix -- Date : 01/28/2013 18:49:52
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

Finished : << RKreport[11]_PR_01282013_02d1849.txt >>
RKreport[10]_DN_01282013_02d1849.txt ; RKreport[11]_PR_01282013_02d1849.txt ; RKreport[7]_D_01222013_02d2107.txt ; RKreport[8]_S_01282013_02d1839.txt ; RKreport[9]_D_01282013_02d1847.txt

I "m running mbar.exe in safe mode now . It would not load some kind of driver in regular mode which it did not do before . I'm beginning to think this malware is working around everything I'm doing at this point .

 

Ok , I just ran TDSSKiller and it said no threats found . I also ran the mbar in safe mode but could not seem to find a current report on desktop . The aswMBR I have shows a run date of 1/15 . Maybe I should have deleted that one first ? Going to run it again now .