Jump to content

Recommended Posts

Hi. I'm not to sure how this works but im willing to follow instructions. I'm so fed up with this. My computer is about 3 years old now. It has been running like crap for @ least the past 6 months. I keep getting messages saying high cpu usage. One in particular has me thinking its a virus. High CPU Usage Winsch something or other. Based on what ive read and discovered I need HELP. Here are my logs as requested:

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by William R. Tirado at 17:33:00 on 2012-12-18

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.869 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Users\William R. Tirado\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe

C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe

C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe

\\.\globalroot\systemroot\svchost.exe -netsvcs

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9

mURLSearchHooks: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll

mWinlogon: Userinit = userinit.exe

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

BHO: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ips\ipsbho.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1127.2\NativeBHO.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

TB: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll

uRun: [DriverUpdaterPro] C:\Program Files (x86)\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

uRun: [spotify Web Helper] "C:\Users\William R. Tirado\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\WILLIA~1.TIR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab

TCP: NameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{81FA3B82-BFFE-4941-9DED-B8CDD393541A} : NameServer = 75.75.75.75,75.75.76.76

TCP: Interfaces\{81FA3B82-BFFE-4941-9DED-B8CDD393541A} : DHCPNameServer = 75.75.76.76 75.75.75.75

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

AppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL

SSODL: WebCheck - <orphaned>

IFEO: bb2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: blackhawk2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: bobthebuilder zoo-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: chuzzle-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: diner dash-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

x64-IFEO: bb2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: blackhawk2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: bobthebuilder zoo-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: chuzzle-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: diner dash-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

.

Note: multiple IFEO entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-10 82560]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-10 42624]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1402000.013\symds64.sys [2012-12-16 493216]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1402000.013\symefa64.sys [2012-12-16 1133216]

R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2012-12-16 45880]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-30 1384608]

R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1402000.013\ccsetx64.sys [2012-12-16 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20121215.001\IDSviA64.sys [2012-12-17 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1402000.013\ironx64.sys [2012-12-16 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1402000.013\symnets.sys [2012-12-16 432800]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-16 46136]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-18 138912]

R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-10-15 175928]

R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2012-12-16 25336]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-18 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-4 239616]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-9-18 11880]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-12-16 56448]

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]

S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-12-16 15712]

.

=============== Created Last 30 ================

.

2012-12-18 21:51:03 -------- d-----w- C:\Users\William R. Tirado\AppData\Roaming\Malwarebytes

2012-12-18 21:50:51 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-18 21:50:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-18 21:50:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-18 13:59:55 53248 ----a-r- C:\Users\William R. Tirado\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-12-18 13:59:40 -------- d-----w- C:\Users\William R. Tirado\AppData\Local\Logishrd

2012-12-17 23:41:54 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2012-12-17 23:41:10 -------- d-----w- C:\Users\William R. Tirado\AppData\Local\Microsoft Help

2012-12-17 23:12:37 -------- d-----w- C:\Users\William R. Tirado\AppData\Local\MicrosoftStore

2012-12-17 00:59:01 -------- d-----w- C:\ProgramData\AMD

2012-12-17 00:53:23 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-12-17 00:53:16 56448 ----a-w- C:\Windows\System32\drivers\usbfilter.sys

2012-12-17 00:49:51 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys

2012-12-17 00:49:46 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-12-17 00:45:56 -------- d-----w- C:\Program Files\ATI Technologies

2012-12-17 00:35:33 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-12-17 00:33:31 -------- d-----w- C:\Users\William R. Tirado\AppData\Roaming\Logishrd

2012-12-17 00:02:53 -------- d-----w- C:\Program Files (x86)\DriverTuner

2012-12-16 23:53:26 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys

2012-12-16 23:53:21 -------- d-----w- C:\Users\William R. Tirado\AppData\Local\SlimWare Utilities Inc

2012-12-16 23:53:04 -------- d-----w- C:\Program Files (x86)\DriverUpdate

2012-12-16 22:01:56 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2012-12-16 22:01:56 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2012-12-16 21:43:23 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-12-16 21:43:23 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-12-16 21:43:23 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-12-16 21:43:23 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-12-16 21:42:50 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2012-12-16 21:22:28 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-12-16 21:22:28 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-12-16 21:22:27 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-12-16 21:22:27 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-12-16 21:22:26 744448 ----a-w- C:\Windows\System32\WUDFx.dll

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/3/2012 9:29:15 PM

System Uptime: 12/18/2012 3:13:16 PM (2 hours ago)

.

Motherboard: Hewlett-Packard | | Capirona

Processor: AMD Athlon™ X2 Dual Core Processor 3250e | Socket S1G2 | 1500/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 288 GiB total, 223.776 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 1.535 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Qualcomm Atheros AR5007EG Wireless Network Adapter

Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_2A97103C&REV_01\4&18BC40B5&0&0020

Manufacturer: Qualcomm Atheros Communications Inc.

Name: Qualcomm Atheros AR5007EG Wireless Network Adapter

PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_2A97103C&REV_01\4&18BC40B5&0&0020

Service: athr

.

==== System Restore Points ===================

.

RP26: 12/16/2012 11:36:15 PM - Windows Update

RP27: 12/17/2012 6:39:39 PM - Installed Microsoft Office Home and Student 2010 Trial

RP28: 12/17/2012 11:43:48 PM - Windows Update

RP29: 12/17/2012 11:57:28 PM - Windows Update

RP30: 12/18/2012 8:50:25 AM - Device Driver Package Install: Qualcomm Atheros Communications Inc. Network adapters

RP31: 12/18/2012 11:56:31 AM - Windows Update

RP32: 12/18/2012 2:38:14 PM - Windows Update

RP33: 12/18/2012 3:02:35 PM - Windows Update

.

==== Image File Execution Options =============

.

IFEO: bb2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: blackhawk2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: bobthebuilder zoo-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: chuzzle-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: diner dash-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: dora-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: familyfeud3-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: fate-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: ghscrabble-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: golf-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: highestavailable.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: hpmediasmartwebcam.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: hpsf.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: hptcs.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: jqsolitaire2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: labelprint.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: lightscribecontrolpanel.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: lslauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: mahjong2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: monopolypb-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: mysterypinewyork-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: nobuactivation.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: onplay.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: pegglenights-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: penguins-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: picturemover.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: plantsvszombies-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: poker3-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: polar-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: power2go.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: provider.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: ps.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: smartmenu.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: the game of life by hasbro-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: totem tribe-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: virtual families-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: virtual villagers - the secret city-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: wheel of fortune-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: winbej2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: yahtzee-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO: zuma-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: bb2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: blackhawk2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: bobthebuilder zoo-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: chuzzle-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: diner dash-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: dora-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: familyfeud3-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: fate-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: ghscrabble-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: golf-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: highestavailable.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: hpmediasmartwebcam.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: hpsf.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: hptcs.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: jqsolitaire2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: labelprint.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: lightscribecontrolpanel.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: lslauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: mahjong2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: monopolypb-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: mysterypinewyork-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: nobuactivation.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: onplay.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: pegglenights-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: penguins-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: picturemover.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: plantsvszombies-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: poker3-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: polar-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: power2go.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: provider.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: ps.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: smartmenu.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: the game of life by hasbro-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: totem tribe-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: virtual families-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: virtual villagers - the secret city-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: wheel of fortune-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: winbej2-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: yahtzee-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

x64-IFEO: zuma-wt.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

.

==== Installed Programs ======================

.

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader XI

AirportMadness4

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD USB Filter Driver

AMD VISION Engine Control Center

AntiLogger SDK version 1.1.6.143

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Compatibility Pack for the 2007 Office system

Constant Guard Protection Suite

CyberLink DVD Suite Deluxe

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DirectX for Managed Code Update (Summer 2004)

Driver Updater Pro

DriverTuner 3.1.0.0

DriverUpdate

DVD Menu Pack for HP MediaSmart Video

eReg

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hardware Diagnostic Tools

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart SmartMenu

HP MediaSmart Webcam

HP MediaSmart/TouchSmart Netflix

HP Odometer

HP Product Detection

HP Remote Solution

HP Setup

HP Support Assistant

HP Support Information

HP Update

HPAsset component for HP Active Support Library

Junk Mail filter update

LabelPrint

LightScribe System Software

Logitech SetPoint 6.32

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Live Search Toolbar

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Movie Theme Pack for HP MediaSmart Video

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton Online Backup

Norton PC Checkup

Norton Security Suite

PictureMover

PlayReady PC Runtime amd64

Power2Go

PowerDirector

Realtek High Definition Audio Driver

Recovery Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Spotify

TuneUp Utilities 2013

TuneUp Utilities Language Pack (en-US)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Windows Driver Package - Advanced Micro Devices, Inc System (03/16/2011 5.12.0.0015)

Windows Driver Package - AMD USB (03/30/2010 1.0.0.5)

Windows Driver Package - JMicron Technology Corp. (JMCR) MTD (10/15/2012 1.0.73.0)

Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (11/08/2012 10.0.0.218)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/27/2012 6.0.1.6602)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinZip Driver Updater

World of Tanks

Yahoo! Axis

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

12/18/2012 5:02:16 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

12/18/2012 5:02:16 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

12/18/2012 3:14:28 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

12/18/2012 3:14:25 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/18/2012 3:13:54 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

12/18/2012 3:13:54 PM, Error: atikmdag [43029] - Display is not active

.

==== End Of File ===========================

I am running a HP Pavillion All-In-One Desktop PC. Follow link for specific details of my model if needed.

attach.txt

dds.txt

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

I waited an hour n a half for Security Check but it got hung up on "Detecting Hareware" or something or other. Other 2 reports as requested:

AdwCleaner:

# AdwCleaner v2.101 - Logfile created 12/19/2012 at 10:29:27

# Updated 16/12/2012 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : William R. Tirado - WILLIAMS

# Boot Mode : Normal

# Running from : C:\Users\William R. Tirado\Desktop\adwcleaner.exe

# Option [Delete]

 

***** [services] *****

 

 

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\William R. Tirado\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [845 octets] - [19/12/2012 10:29:27]

########## EOF - C:\AdwCleaner[s1].txt - [904 octets] ##########

RogueKiller:

RogueKiller V8.4.0 [Dec 18 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : William R. Tirado [Admin rights]

Mode : Remove -- Date : 12/19/2012 10:37:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST332041 8AS SATA Disk Device +++++

--- User ---

[MBR] 35be0534c5a69129c7ba545134c19a0c

[bSP] 3ea469f5caafedfd6743dd4740cd9fc8 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 294468 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 603277312 | Size: 10675 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 88e42e907aec80f2e3f36dffeac43632

[bSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code

Partition table:

Finished : << RKreport[2]_D_12192012_02d1037.txt >>

RKreport[1]_S_12192012_02d1037.txt ; RKreport[2]_D_12192012_02d1037.txt

Havent really Had a chance to see how its running. Ill give you an update on that in next reply. Thanks again for the help.

Link to post
Share on other sites

I dont want to bumb my topic and i wish i had the option 2 edit my last post but anyways my after 2hrs and 45 min the security check poped up:

Results of screen317's Security Check version 0.99.56

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Security Suite

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

TuneUp Utilities 2013

TuneUp Utilities Language Pack (en-US)

TuneUp Utilities 2013

Adobe Reader XI

Google Chrome 22.0.1229.95

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

Google Chrome CommonDotNET.dll..

Google Chrome IdVaultCore.dll..

Google Chrome IdVaultCore.XmlSerializers.dll.

Google Chrome Microsoft.mshtml.dll.

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 44% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Cant get it to work. Ive completly shut off norton and disabled my windows firewall. tried to run Combofix and I still get the same message:

Windows Security

! The Files Cant be opened

Your internet security settings prevented one or more applications from being opened.

C;\Users\William R. Tirado\Destop\ComboFix.exe

Like I said I have tried disableing norton. firewall, norton online protection, and norton antivirus. I even went as far as trying to uninstall norton. Tried 3 times to no avail. every time I got blue screened into physical memory dump.

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

I keep getting a pop-up. Security Warning: Your Current Security Settings do not allow you to download this file. I get that on both of them. I'm not comp savy but heres my core problems:

1. For some reason I cant install the vital Windows SP updates. I think i'm only getting stuck on a couple of them, but for some reason when these fail to install so do the others.

2. I have a dual core proc and 4 GB of RAM. This comp used to be fast. Why is this happening??

Why isn't there a way to detect all malware and delete it all @ once??

Link to post
Share on other sites

  • Staff

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737

Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE

Gringo

Link to post
Share on other sites

Sry took so long. Did what you said in previous post i can download once again. Dont know what happened. Anyways took so long cause i did TDS. This report waas too long to post so I had to attach it, sry.

asw report:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-20 19:44:01

-----------------------------

19:44:01.097 OS Version: Windows x64 6.1.7600

19:44:01.097 Number of processors: 2 586 0x6B02

19:44:01.113 ComputerName: WILLIAMS UserName:

19:44:08.086 Initialize success

19:45:06.590 AVAST engine defs: 12122001

19:45:12.097 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052

19:45:12.097 Disk 0 Vendor: ST332041 HP34 Size: 305245MB BusType: 11

19:45:12.112 Disk 0 MBR read successfully

19:45:12.112 Disk 0 MBR scan

19:45:12.112 Disk 0 unknown MBR code

19:45:12.128 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

19:45:12.144 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294468 MB offset 206848

19:45:12.175 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10675 MB offset 603277312

19:45:12.206 Disk 0 scanning C:\Windows\system32\drivers

19:45:29.148 Service scanning

19:45:51.877 Modules scanning

19:45:51.877 Disk 0 trace - called modules:

19:45:51.893 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys

19:45:51.908 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004219470]

19:45:51.924 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80041a4780]

19:45:51.924 5 amdxata.sys[fffff880011947a8] -> nt!IofCallDriver -> [0xfffffa80041a4e40]

19:45:51.939 7 ACPI.sys[fffff88000ef0781] -> nt!IofCallDriver -> \Device\00000052[0xfffffa80041a0540]

19:45:57.056 AVAST engine scan C:\Windows

19:46:01.143 AVAST engine scan C:\Windows\system32

19:50:39.776 AVAST engine scan C:\Windows\system32\drivers

19:50:50.275 AVAST engine scan C:\Users\William R. Tirado

19:51:36.107 Disk 0 MBR has been saved successfully to "C:\Users\William R. Tirado\Desktop\MBR.dat"

19:51:36.107 The log file has been saved successfully to "C:\Users\William R. Tirado\Desktop\aswMBR.txt"

TDSSKiller.2.8.15.0_20.12.2012_19.30.16_log.txt

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

AVG right now is very hard to shut down long enough to run our scans and is actively going after some of our tools - for this reason we are going to have to remove it until we are finished

I would like you to uninstall AVG and run their AVG removal tool - 32 bit

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.