Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware and Boot Up issues!!


  • Please log in to reply
11 replies to this topic

#1 Wingedliond

Wingedliond

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 03 July 2013 - 09:32 PM

Hello, Over the past weekend I noticed my laptop running super sluggish on the internet and I also noticed the CPU usage was 100%. To combat the issue I ran a "Disk cleanup", a "Disk defragmenter" and a Norton Antivirus scan (clean). I removed any programs that I didn't use any more and lastly went to the startup folder to disable some programs that might get the CPU usage down. None of that worked as my usage still went up when I opened any programs and especially when on the internet. Searching on google and several posts mentioned that it might be malware. Several post also mentioned that "Malwarebytes" was very good at finding and removing malware. I downloaded it in safe mode and ran a full system scan. After 1hr and 20mins it found a suspicious file that was quarantined and deleted. When I tried to restart my laptop normally everything locks up/ freezes when the Desktop tries to load. I had to put the laptop back in safe mode and do a system restore to get it to work when normally booted. Of course parts of Malwarebytes are uninstalled because of the restore point time and the suspected malware is put back where he was! I tried once more in safe mode with "RKILL", "TDSSKiller" and Malwarebytes but got the same result. I appreciate any help with this problem! Hopefully I will not have to buy a new laptop.

 

OS Name Microsoft® Windows Vista™ Home Premium
Version 6.0.6002 Service Pack 2 Build 6002
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name SHELDON-PC
System Manufacturer Acer, inc.
System Model Aspire 6530G
System Type x64-based PC
Processor AMD Turion™ X2 Dual-Core Mobile RM-72, 2100 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date Acer v0.3216, 9/8/2008
SMBIOS Version 2.5
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "6.0.6002.18005"
User Name Sheldon-PC\Sheldon
Time Zone Eastern Daylight Time
Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 4.00 GB
Available Physical Memory 2.14 GB
Total Virtual Memory 8.19 GB
Available Virtual Memory 6.09 GB
Page File Space 4.29 GB
Page File C:\pagefile.sys


BC AdBot (Login to Remove)

 


#2 GR the computer guy

GR the computer guy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 03 July 2013 - 10:06 PM

Before you buy a new laptop, I'd reformat the HDD and reload Vista..assuming there is nothing irreplaceable on the hard drive!  If R-Kill and Malwarebytes/Cameleon didn't get it, it's going to be tough to remove.  By the way, have you tried Spybot S&D?  It works very well on oddball spyware as well as many viruses and trojans.  Worth a shot if you haven't used it!  Good luck!



#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:08 AM

Posted 04 July 2013 - 06:16 AM

I suggest that you await some assistance from BC Staff or other knowledgeable members who frequently assist in this forum...before doing anything or drawing conclusions about your next course of action.'

 

Louis



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:08 AM

Posted 07 July 2013 - 08:40 PM

Hello Wingedliond,
Can you run these next.

If needed to complete the scans use Safe Mode with Networking as a boot option.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Wingedliond

Wingedliond
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 07 July 2013 - 09:32 PM

I completed the MiniToolBox scan in normal bootup. Result are

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Sheldon (administrator) on 07-07-2013 at 22:25:44
Running from "C:\Users\Sheldon\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
::1             localhost
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Atheros AR5B91 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Sheldon-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.pa.comcast.net.
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 00-22-69-D3-4E-07
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : hsd1.pa.comcast.net.
   Description . . . . . . . . . . . : Atheros AR5B91 Wireless Network Adapter
   Physical Address. . . . . . . . . : 00-23-4D-B1-39-4A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3c7a:e4ef:23b5:fb97%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, July 05, 2013 8:37:13 AM
   Lease Expires . . . . . . . . . . : Monday, July 08, 2013 8:52:27 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 318776141
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-19-89-BE-00-1E-68-F9-04-2D
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
   Physical Address. . . . . . . . . : 00-1E-68-F9-04-2D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 7:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{3ECD9AD9-AB94-42F0-8A4C-5877DABA3B67}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 13:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.hsd1.pa.comcast.net.
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Name:    google.com
Addresses:  2607:f8b0:4006:801::1003
 74.125.226.199
 74.125.226.193
 74.125.226.196
 74.125.226.198
 74.125.226.206
 74.125.226.197
 74.125.226.194
 74.125.226.201
 74.125.226.200
 74.125.226.195
 74.125.226.192
 
 
 
Pinging google.com [74.125.226.193] with 32 bytes of data:
 
Reply from 74.125.226.193: bytes=32 time=16ms TTL=55
 
Reply from 74.125.226.193: bytes=32 time=16ms TTL=55
 
 
 
Ping statistics for 74.125.226.193:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 16ms, Maximum = 16ms, Average = 16ms
 
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
Reply from 206.190.36.45: bytes=32 time=90ms TTL=49
 
Reply from 206.190.36.45: bytes=32 time=95ms TTL=49
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 90ms, Maximum = 95ms, Average = 92ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
 16 ...00 22 69 d3 4e 07 ...... Bluetooth Device (Personal Area Network)
 11 ...00 23 4d b1 39 4a ...... Atheros AR5B91 Wireless Network Adapter
 10 ...00 1e 68 f9 04 2d ...... Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
  1 ........................... Software Loopback Interface 1
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 13 ...00 00 00 00 00 00 00 e0  isatap.{3ECD9AD9-AB94-42F0-8A4C-5877DABA3B67}
 17 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #2
 14 ...00 00 00 00 00 00 00 e0  isatap.hsd1.pa.comcast.net.
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    281
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::3c7a:e4ef:23b5:fb97/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [44032] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/06/2013 08:50:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31555071
 
Error: (07/06/2013 08:50:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31555071
 
Error: (07/06/2013 08:50:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/06/2013 08:50:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31553105
 
Error: (07/06/2013 08:50:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31553105
 
Error: (07/06/2013 08:50:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/06/2013 08:50:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31540469
 
Error: (07/06/2013 08:50:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31540469
 
Error: (07/06/2013 08:50:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/06/2013 08:50:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31536631
 
 
System errors:
=============
Error: (07/06/2013 08:50:24 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (07/05/2013 07:27:29 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (07/03/2013 09:01:35 PM) (Source: Service Control Manager) (User: )
Description: BHDrvx64
 
Error: (07/03/2013 08:42:29 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (07/03/2013 08:41:49 PM) (Source: Service Control Manager) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068
 
Error: (07/03/2013 08:40:47 PM) (Source: Service Control Manager) (User: )
Description: BHDrvx64
ccSet_NIS
eeCtrl
IDSVia64
spldr
SRTSPX
SymIRON
SYMTDIv
Wanarpv6
 
Error: (07/03/2013 08:40:47 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Center Extender ServiceFunction Discovery Provider Host%%1068
 
Error: (07/03/2013 08:40:47 PM) (Source: Service Control Manager) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068
 
Error: (07/03/2013 08:40:47 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068
 
Error: (07/03/2013 08:40:33 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-03 09:00:08.877
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-03 09:00:08.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-03 09:00:08.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-03 09:00:07.582
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-03 09:00:07.177
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-03 09:00:06.740
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-03 09:00:06.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-03 09:00:05.788
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-03 09:00:05.383
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-03 09:00:04.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Agere Systems HDA Modem
Apple Mobile Device Support (Version: 6.1.0.13)
ATI Catalyst Install Manager (Version: 3.0.685.0)
Bonjour (Version: 3.0.0.10)
ccc-utility64 (Version: 2008.0829.1729.29517)
EPSON NX300 Series Printer Uninstall
Google Chrome (Version: 27.0.1453.116)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
iCloud (Version: 2.1.1.3)
iTunes (Version: 11.0.4.4)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Mikogo 4 (Version: 4.4)
SPBA 5.8 (Version: 5.8.2.4218)
Synaptics Pointing Device Driver (Version: 11.1.4.0)
Unity Web Player (Version: )
WIDCOMM Bluetooth Software 6.0.1.6300 (Version: 6.0.1.6300)
Yahoo! BrowserPlus 2.9.8
 
========================= Memory info: ===================================
 
Percentage of memory in use: 58%
Total physical RAM: 4093.43 MB
Available physical RAM: 1680.21 MB
Total Pagefile: 8393.36 MB
Available Pagefile: 5930.32 MB
Total Virtual: 4095.88 MB
Available Virtual: 3984.66 MB
 
========================= Partitions: =====================================
 
1 Drive c: (ACER) (Fixed) (Total:142.54 GB) (Free:66.75 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:139 GB) (Free:138.91 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\SHELDON-PC
 
Administrator            Guest                    Mcx1                     
Mcx2                     Mcx3                     Sheldon                  
 
 
**** End of log ****
 

Now I will do the TDSSkiller scan



#6 Wingedliond

Wingedliond
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 07 July 2013 - 09:51 PM

HAVING REALLY HARD TIME COPYING AND PASTING TDSSkiller REPORT!! I can see the report but can't copy it but the summary is

 

scan duration 44seconds

0 threats found

0 threats neutralized

0 threats quarantined

 

Now performing "AdwCleaner" program


Edited by Wingedliond, 07 July 2013 - 09:58 PM.


#7 Wingedliond

Wingedliond
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 07 July 2013 - 10:13 PM

# AdwCleaner v2.304 - Logfile created 07/07/2013 at 23:01:32
# Updated 03/07/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Sheldon - SHELDON-PC
# Boot Mode : Normal
# Running from : C:\Users\Sheldon\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16490
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [2568 octets] - [07/07/2013 23:01:32]
 
########## EOF - C:\AdwCleaner[S1].txt - [2628 octets] ##########
 

Now running "ESET"



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:08 AM

Posted 08 July 2013 - 09:44 PM

Ok, well that was the important part of TDSS.

If ESET is clean then you may have a hard or software issue.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Wingedliond

Wingedliond
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 09 July 2013 - 06:13 AM

Unfortunately I could not export the Eset scan results?!! I did exactly as instructed but my computer did not save the exported file to my desktop. The ESet scan did find 1 malware threat. I even ran the scan again so that I could post results but the scan didn't find an infection the second time so it didn't create a log like you said it might do. 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:08 AM

Posted 09 July 2013 - 01:00 PM

OK, then it appears clean.. You will have to repost in the Operating system forum so they can look at other things.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Wingedliond

Wingedliond
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 10 July 2013 - 09:03 AM

Thank you for all of your help! I really appreciate it. :clapping:



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:08 AM

Posted 10 July 2013 - 08:19 PM

My pleasure!!


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users