Virus? Can't find files and can't uninstall or reinstall anything!

[REDACTED]

Ok.  I used the restore point I said I would use.  I'm back up now.  Looks like I won't have to completely redo everything I've done today.  Here's what I have at this moment log wise:

MBAM is still here so I'll go back and remove and reinstall as you said.  I'll reply with results and then leave my computer alone until I hear from you again.

Thank you again for your help!!  You've been great to work with!

[essexboy]

OK once MBAM is re-installed run a fresh FRST scan and I will pick that up after my breakfast tomorrow

[REDACTED]

Sounds great!!  Thank you!!  Have a good night!

[essexboy]

Night night

[REDACTED]

Here are the requested logs:

And now I won't touch it until tomorrow.

[essexboy]

OK I have just found out there was a bad Malwarebytes update yesterday.. Do not run it until I have seen what the ramifications are

Posted Yesterday, 07:05 PM

Hello, I have the same or very similar issue. Not sure if it was the entire system32 but parts of it (one I remember was called mpr.dll). Naively let it quarantine and am now my computer is in startup repair vainly attempting system restores and such to no avail. Help would be appreciated, thanks!

[essexboy]

Could you let me know how the computer is behaving at the moment

[REDACTED]

Well that's no good.  Those are the logs after running MBAM, but I won't run it again.  I wouldn't have suspected that, I thought deleting the SmartWebPrinting or the avast! reinstall was what screwed me up.  I need to find a way to fully get rid of the SWP.  I'll reinstall avast and send you a fresh FRST.  Computer seems a bit slower than yesterday but at least it's running!!

[REDACTED]

My Windows is showing 3 virusus this morning though.

Exploit:Win32/APSB08-11.gen!A
Trojan:Win32/Bamital!dat
Exploit:Win32/Pdfjsc.RF

They were cleaned or removed by the system.

FRST scan coming right up!

[REDACTED]

Fresh logs:

First two are after removing those 3 viruses.  Last one is after a reboot.  I don't know if it makes a difference, but just in case.  I like to be thorough.

[essexboy]

Evidently the bad update was released about the time you reinstalled MBAM three hours later or one hour earlier and there would have been no problem.  I think that comes under sods law
The restore brought back the broken version of MBAM so that can now be uninstalled using Control panel and the MBAM clean file http://www.malwarebytes.org/mbam-clean.exe whether you want to re-install it is your choice

This run will clear the smartweb printing problem and clear your temporary files using FRST

The viruses reported were again probably returned via system restore... But, we can sort that

Once the system is clean you will need to uninstall all of your old Java's...  But, there is a nifty programme for that 

Anyhoo onwards and upwards

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} ->  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - No Name - {2787EA8E-8D87-48AF-88AD-B30246C917AB} -  No File
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Facebook Desktop) - C:\Users\KP Drafting & Design\AppData\Local\Facebook\Messenger\2.1.4554.0\npFbDesktopPlugin.dll No File
2014-07-02 21:59 - 2014-07-02 21:59 - 00000000 ____D () C:\Program Files\Coupons
2014-07-02 21:58 - 2014-07-02 21:58 - 02027336 _____ (Coupons.com Incorporated) C:\Users\KP Drafting & Design\Downloads\CouponPrinter (1).exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Use a fresh updated copy, just delete the current one on your desktop

 Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[REDACTED]

I'm on it!  Will send logs within the hour!  Thank you!

[REDACTED]

Alrighty, all done.  Here are the logs:

Still running well.  SWP is still on here though.  I get the feeling this is a deeply rooted program that's not going to be easy to be rid of.

[essexboy]

It is part of the "HP this is a programme you must have thing"

Looking around about it you are not the only one annoyed.  I have a few more things to check before I can give a definitive answer

Download Javara from here http://singularlabs.com/software/javara/javara-download/ to your desktop
Using control panel uninstall all instances of Java
Run the Javara programme
Select remove Java JRE this will uninstall all elements from the system
If you need Java then install the latest version from here https://java.com/en/download/index.jsp


Back soon

[REDACTED]

On it!

It probably wouldn't be so bad but every program I try to open, even my Control Panel, SWP needs to configure it but can't so I get the series of error messages I listed in my first post.  No worries!  Take your time!