Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU time is stuck at 100%, also many svchost.exe


  • Please log in to reply
31 replies to this topic

#1 David...

David...

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 03 October 2013 - 09:39 PM

Good day,

 

Have found many issues already with Malwarebytes and ESET Online Scanner.

But unable to have my computer return to normal function.

Am worried due to the fact that the CPU temp is continuously above 65 deg C.

Even took apart the laptop to clean the fan / case and remove the dust to ensure proper air flow.

 

Any assistance would be appreciated.

Many thanks.

 

David



BC AdBot (Login to Remove)

 


#2 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 03 October 2013 - 10:42 PM

I will post the DDS as soon as the Disk Check completes.



#3 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 04 October 2013 - 12:12 AM

Experiencing constant search page confirmation pop-ups.
 
 

 

---====  DDS ====---
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.40.2
Run by Nadia at 0:58:17 on 2013-10-04
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.2814.1674 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bing.com/
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30D4988D-BFE8-4EBE-87A7-5F08F861C916} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30D4988D-BFE8-4EBE-87A7-5F08F861C916}\14D6075646F575962756C6563737 : DHCPNameServer = 192.168.1.240
TCP: Interfaces\{30D4988D-BFE8-4EBE-87A7-5F08F861C916}\E45445745414252343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30D4988D-BFE8-4EBE-87A7-5F08F861C916}\E4564777F627B6 : DHCPNameServer = 64.71.255.198
TCP: Interfaces\{30D4988D-BFE8-4EBE-87A7-5F08F861C916}\E4564777F627B6A5 : DHCPNameServer = 192.168.1.100
TCP: Interfaces\{30D4988D-BFE8-4EBE-87A7-5F08F861C916}\E4564777F627B6A7 : DHCPNameServer = 192.168.1.100
TCP: Interfaces\{C31C09BA-5793-4970-8909-16180ED18BE0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C31C09BA-5793-4970-8909-16180ED18BE0}\457796E60205F67756275646 : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\malwarebytes anti-exploit\mbae.sys [2013-9-29 44632]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-29 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 107392]
R2 WDBackup;WD Backup;c:\program files\western digital\wd smartware\WDBackupEngine.exe [2013-8-14 1042808]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2013-8-14 270704]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2013-3-21 508184]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2013-3-21 33832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-29 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2013-9-29 166912]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2011-4-19 1092160]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-8-29 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-8-29 8456]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-19 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-19 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-27 1343400]
.
=============== Created Last 30 ================
.
2013-10-04 03:29:15 -------- dc----w- c:\users\nadia\appdata\local\MigWiz
2013-10-04 02:47:36 7328304 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5b868d07-419b-4d52-a829-132488782267}\mpengine.dll
2013-10-04 02:33:58 -------- d-----w- c:\users\nadia\appdata\local\temp
2013-10-04 02:28:41 -------- d-sh--w- C:\$RECYCLE.BIN
2013-10-04 01:39:35 208896 ----a-w- c:\windows\MBR.exe
2013-10-04 01:39:34 98816 ----a-w- c:\windows\sed.exe
2013-10-04 01:39:34 256000 ----a-w- c:\windows\PEV.exe
2013-10-03 19:06:26 -------- d-----w- C:\FRST
2013-10-03 15:57:58 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-10-03 15:09:11 7328304 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-03 14:35:35 -------- d-----w- C:\0733434534faf9cdd09a6eab48725a61
2013-10-03 14:08:32 -------- d-----w- C:\c9287a3ab95b78fd576c
2013-10-03 13:26:57 -------- d-----w- C:\00b213cee110af437d
2013-10-03 12:30:27 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-03 12:30:10 -------- d-----w- C:\AdwCleaner
2013-10-03 05:17:48 -------- d-----w- c:\windows\system32\catroot2
2013-10-03 04:00:39 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-10-03 04:00:39 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-10-03 04:00:39 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-10-03 03:42:31 -------- d-----w- c:\programdata\DivX
2013-10-03 03:36:24 -------- d-----w- c:\users\nadia\appdata\local\Western_Digital_Technolog
2013-10-03 03:34:05 -------- d-----w- c:\program files\common files\Western Digital
2013-10-03 03:34:04 -------- d-----w- c:\program files\Western Digital
2013-10-03 03:30:33 -------- d-----w- c:\programdata\Package Cache
2013-10-02 19:01:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2013-10-02 18:46:52 -------- d-----w- c:\users\nadia\Samsung Link
2013-10-02 18:45:20 -------- d-----w- c:\users\nadia\.swt
2013-10-02 18:45:18 -------- d-----w- c:\users\nadia\appdata\local\SAMSUNG
2013-10-02 18:44:50 -------- d-----w- c:\programdata\SAMSUNG
2013-10-02 16:41:23 -------- d-----w- c:\programdata\Uniblue
2013-10-02 16:37:45 -------- d-----w- c:\users\nadia\appdata\roaming\WinPatrol
2013-10-02 16:37:27 -------- d-----w- c:\program files\BillP Studios
2013-10-01 18:44:52 -------- d-----w- c:\windows\system32\catroot2.bak
2013-10-01 15:31:31 -------- d-----w- c:\programdata\GlarySoft
2013-10-01 15:27:29 -------- d-----w- c:\users\nadia\appdata\roaming\GlarySoft
2013-10-01 14:31:46 -------- d-----w- c:\programdata\Auslogics
2013-09-30 03:28:12 -------- d-----w- c:\users\nadia\appdata\roaming\TweakNow RegCleaner 2012
2013-09-30 03:28:07 -------- d-----w- c:\users\nadia\appdata\roaming\TweakNow RegCleaner
2013-09-30 03:28:07 -------- d-----w- c:\program files\TweakNow RegCleaner
2013-09-30 03:05:24 -------- d-----w- c:\program files\Speccy
2013-09-30 03:03:46 1498960 ----a-w- c:\windows\system32\msvcr100d.dll
2013-09-30 03:03:45 743248 ----a-w- c:\windows\system32\msvcp100d.dll
2013-09-30 03:03:45 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2013-09-30 01:29:33 -------- d-----w- c:\windows\system32\sda
2013-09-30 01:28:24 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2013-09-30 01:28:24 266240 ----a-w- c:\windows\system32\RtsUStor.dll
2013-09-30 01:28:24 166912 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2013-09-30 01:28:24 -------- d-----w- c:\program files\Realtek
2013-09-30 01:17:41 15872 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2013-09-30 01:17:41 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2013-09-29 18:52:24 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-09-29 16:51:22 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-09-29 16:47:53 -------- d-----w- c:\programdata\Oracle
2013-09-29 16:46:34 -------- d-----w- c:\windows\system32\MRT
2013-09-29 16:44:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-29 16:44:27 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-29 16:43:46 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-29 16:43:39 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-09-29 16:43:39 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-09-29 16:43:38 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-09-29 16:43:37 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-09-29 16:43:26 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-09-29 16:43:18 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-09-29 16:43:08 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-29 16:43:06 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-09-29 16:43:05 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-09-29 16:42:49 903168 ----a-w- c:\windows\system32\certutil.exe
2013-09-29 16:42:47 43008 ----a-w- c:\windows\system32\certenc.dll
2013-09-29 16:41:27 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-09-29 16:40:55 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-09-29 16:39:46 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-09-29 16:39:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-09-29 16:39:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-09-29 16:39:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-09-29 16:39:37 509440 ----a-w- c:\windows\system32\qedit.dll
2013-09-29 16:39:37 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-09-29 16:39:23 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-29 16:37:22 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-09-29 16:37:13 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-29 16:36:16 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-29 16:19:05 718712 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a3d884e5-1a89-43f7-9dea-d47d93c801bc}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-09-29 16:44:11 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-29 16:44:11 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43:05 6144 ----a-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ----a-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ----a-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ----a-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-26 13:24:22 296112 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll.new
.
============= FINISH:  1:02:06.81 ===============

 

 

 

P.S.  I would have attached the Attach.zip, but was unsure how to attach a file to the post.



#4 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 04 October 2013 - 12:16 AM

DDS attach.txt
Attached File  attach.zip   2.76KB   1 downloads

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 27/08/2010 10:01:06 PM
System Uptime: 04/10/2013 12:53:35 AM (1 hours ago)
.
Motherboard: Wistron | | 303C
Processor: AMD Sempron™ SI-42 | Socket A | 2100/133mhz
.
==== Disk Partitions =========================
.
B: is FIXED (NTFS) - 52 GiB total, 51.951 GiB free.
C: is FIXED (NTFS) - 181 GiB total, 104.667 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0760&SUBSYS_360A103C&REV_A2\3&2411E6FE&1&50
Manufacturer: NVIDIA
Name: NVIDIA nForce 10/100/1000 Mbps Ethernet
PNP Device ID: PCI\VEN_10DE&DEV_0760&SUBSYS_360A103C&REV_A2\3&2411E6FE&1&50
Service: NVNET
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J4680 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J4680 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2094275F&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2094275F&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP433: 02/10/2013 11:30:19 PM - WD SmartWare Installer
RP434: 03/10/2013 12:12:06 AM - Windows Update
RP435: 03/10/2013 12:16:51 AM - Removed Internet Explorer Toolbar 4.9 by SweetPacks
RP436: 03/10/2013 12:47:18 AM - Windows Update
RP437: 03/10/2013 1:06:55 AM - Installed Microsoft Fix it 50202
RP438: 03/10/2013 2:15:27 AM - Windows Update
RP439: 03/10/2013 9:16:09 AM - Windows Update
RP440: 03/10/2013 10:07:46 AM - Windows Update
RP441: 03/10/2013 10:22:06 AM - Installed Microsoft Fix it 50123
RP442: 03/10/2013 10:25:25 AM - Installed Microsoft Fix it 50202
RP443: 03/10/2013 10:34:46 AM - Windows Update
RP444: 03/10/2013 11:03:35 AM - Windows Update
RP445: 03/10/2013 1:27:37 PM - Windows Update
RP447: 03/10/2013 9:25:51 PM - Revo Uninstaller's restore point - SUPERAntiSpyware
RP448: 03/10/2013 10:45:50 PM - Removed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Reader XI (11.0.02) MUI
Amazon Kindle
Any Video Converter Professional 3.5.7
bpd_scan
CCleaner
Conexant HD Audio
ConvertXtoDVD 4.1.19.365
D3DX10
DVDFab Ghosthunter release 5.2.3.2
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Java 7 Update 40
Java Auto Updater
K-Lite Codec Pack 9.3.0 (Basic)
Malwarebytes Anti-Exploit version 0.09.3.1000
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
NVIDIA Control Panel 311.00
NVIDIA Drivers
NVIDIA Install Application
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
Speccy
Synaptics Pointing Device Driver
Tweaking.com - Windows Repair (All in One)
TweakNow RegCleaner
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
WD Quick View
WD SmartWare
WD SmartWare Installer
WIDCOMM Bluetooth Software
WinRAR archiver
WinX DVD Ripper Platinum 7.0.0
.
==== Event Viewer Messages From Past Week ========
.
04/10/2013 12:55:22 AM, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: 11 Processor ID: 0 The details view of this entry contains further information.
04/10/2013 12:55:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
03/10/2013 11:15:08 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
03/10/2013 11:14:40 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
03/10/2013 11:14:22 PM, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) Locator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================

Edited by nasdaq, 07 October 2013 - 07:30 AM.
extra.txt posted.


#5 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 04 October 2013 - 08:11 AM

Question aside;

 

After viewing DDS's attach.txt file, I have noticed that I have many programs installed that are not located in my Control Panel --> "Programs and Features".

 

Example: Nvidia Control Panel Ver 311.00.

 

How do you remove missing programs from 'Programs and Features' but are found in the Program Files directory on the C drive?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 PM

Posted 05 October 2013 - 09:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#7 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 05 October 2013 - 08:20 PM

Thank you for your response.

Appreciate any assistance you can offer.

 

 

 

RogueKiller V8.7.1 [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating

System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Nadia [Admin rights]
Mode : Remove -- Date : 10/05/2013 20:22:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?s_pClassInfo@CCHScrollBar@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (C:\Windows\system32\mfc100.dll @ 0x6C3D8D17)
[Inline] EAT @explorer.exe (?s_pClassInfo@CheckBoxGlyph@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (C:\Windows\system32\mfc100.dll @ 0x6C3D8C45)
[Inline] EAT @explorer.exe (?s_pClassInfo@ScrollBar@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (C:\Windows\system32\mfc100.dll @ 0x6C3D86CC)
[Inline] EAT @explorer.exe (?s_pClassInfo@XBaby@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xDC3D8CD6)
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xCEF9333C)
[Inline] EAT @explorer.exe (?ms_GlobalPointersInitializationSemaphore@GCUtilDLL@@2VGCReentrantSemaphore@@A) : GrooveUtil.DLL -> HOOKED (Unknown @ 0x6DFCC905)
[Inline] EAT @explorer.exe (?_Clocptr@_Locimp@locale@std@@0PAV123@A) : MSVCP100.dll -> HOOKED (Unknown @ 0x6F94ABFF)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST9250320AS ATA Device +++++
--- User ---
[MBR] bbc31b57db8602ec7081475859493d20
[BSP] 8b95f87e5453cfd8a1366a7aeac232a7 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 53324 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 109209870 | Size: 185147 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10052013_202219.txt >>
RKreport[0]_S_10052013_194315.txt;RKreport[0]_S_10052013_202158.txt

 

 

 

 

 

 

# AdwCleaner v3.006 - Report created 03/10/2013 at 08:35:01
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Nadia - NADIA-PC
# Running from : C:\Users\Nadia\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Windows\system32\jmdp
File Deleted : C:\Windows\system32\ImhxxpComm.dll

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEDAF650-12B8-48f5-A843-BBA100716106}_is1

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

-\\ Google Chrome v30.0.1599.66

[ File : C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [1428 octets] - [03/10/2013 08:30:22]
AdwCleaner[S0].txt - [1379 octets] - [03/10/2013 08:35:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1439 octets] ##########

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Ultimate x86
Ran by Nadia on 05/10/2013 at 20:55:14.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/10/2013 at 20:59:45.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

 

ComboFix 13-10-03.03 - Nadia 05/10/2013  20:37:57.4.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.1033.18.2814.1967 [GMT -4:00]
Running from: c:\users\Nadia\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-06 to 2013-10-06  )))))))))))))))))))))))))))))))
.
.
2013-10-06 00:46 . 2013-10-06 00:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-06 00:46 . 2013-10-06 00:46 -------- d-----w- c:\users\UpdatusUser.Nadia-PC\AppData\Local\temp
2013-10-06 00:46 . 2013-10-06 00:46 -------- d-----w- c:\users\UpdatusUser.Nadia-PC.000\AppData\Local\temp
2013-10-06 00:46 . 2013-10-06 00:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-06 00:46 . 2013-10-06 00:46 -------- d-----w- c:\users\Nadia\AppData\Local\temp
2013-10-06 00:46 . 2013-10-06 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-06 00:35 . 2013-10-06 00:35 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B5B5E78-296F-490F-A3EE-CAAC42AF84C5}\MpKsl53751b7e.sys
2013-10-06 00:24 . 2013-09-05 02:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B5B5E78-296F-490F-A3EE-CAAC42AF84C5}\mpengine.dll
2013-10-04 13:27 . 2013-09-05 02:02 7328304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-04 05:33 . 2013-10-04 05:33 -------- d-----w- c:\program files\ESET
2013-10-04 03:29 . 2013-10-04 03:29 -------- dc----w- c:\users\Nadia\AppData\Local\MigWiz
2013-10-03 19:06 . 2013-10-03 19:06 -------- d-----w- C:\FRST
2013-10-03 15:57 . 2013-10-03 15:57 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-10-03 15:07 . 2013-10-03 18:15 -------- d-----w- c:\program files\Microsoft Silverlight
2013-10-03 14:35 . 2013-10-03 14:38 -------- d-----w- C:\0733434534faf9cdd09a6eab48725a61
2013-10-03 14:08 . 2013-10-03 14:11 -------- d-----w- C:\c9287a3ab95b78fd576c
2013-10-03 13:26 . 2013-10-03 13:28 -------- d-----w- C:\00b213cee110af437d
2013-10-03 12:30 . 2013-10-04 11:10 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-03 12:30 . 2013-10-06 00:32 -------- d-----w- C:\AdwCleaner
2013-10-03 05:17 . 2013-10-03 06:16 -------- d-----w- c:\windows\system32\catroot2
2013-10-03 04:00 . 2013-09-09 08:54 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-10-03 04:00 . 2013-09-09 08:54 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-10-03 04:00 . 2013-09-09 08:54 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-10-03 03:42 . 2013-10-03 04:19 -------- d-----w- c:\programdata\DivX
2013-10-03 03:36 . 2013-10-03 03:36 -------- d-----w- c:\users\Nadia\AppData\Local\Western_Digital_Technolog
2013-10-03 02:34 . 2013-10-03 02:34 -------- d-----w- c:\users\Public\Samsung Link
2013-10-02 18:46 . 2013-10-02 18:46 -------- d-----w- c:\users\Nadia\Samsung Link
2013-10-02 18:45 . 2013-10-02 18:45 -------- d-----w- c:\users\Nadia\.swt
2013-10-02 18:45 . 2013-10-02 18:45 -------- d-----w- c:\users\Nadia\AppData\Local\SAMSUNG
2013-10-02 18:44 . 2013-10-02 18:45 -------- d-----w- c:\programdata\SAMSUNG
2013-10-02 16:41 . 2013-10-03 12:35 -------- d-----w- c:\programdata\Uniblue
2013-10-02 16:37 . 2013-10-02 16:37 -------- d-----w- c:\users\Nadia\AppData\Roaming\WinPatrol
2013-10-02 16:37 . 2013-10-02 16:37 -------- d-----w- c:\program files\BillP Studios
2013-10-02 14:53 . 2013-10-02 14:53 -------- d-----w- c:\program files\Reference Assemblies
2013-10-01 15:31 . 2013-10-04 02:45 -------- d-----w- c:\programdata\GlarySoft
2013-10-01 15:27 . 2013-10-04 02:45 -------- d-----w- c:\users\Nadia\AppData\Roaming\GlarySoft
2013-10-01 14:31 . 2013-10-01 14:31 -------- d-----w- c:\programdata\Auslogics
2013-09-30 03:28 . 2013-10-04 05:24 -------- d-----w- c:\users\Nadia\AppData\Roaming\TweakNow RegCleaner
2013-09-30 03:05 . 2013-09-30 03:05 -------- d-----w- c:\program files\Speccy
2013-09-30 03:03 . 2013-07-16 08:41 1498960 ----a-w- c:\windows\system32\msvcr100d.dll
2013-09-30 03:03 . 2013-10-04 01:09 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2013-09-30 03:03 . 2013-07-16 08:41 743248 ----a-w- c:\windows\system32\msvcp100d.dll
2013-09-30 01:29 . 2013-09-30 01:29 -------- d-----w- c:\windows\system32\sda
2013-09-30 01:28 . 2013-09-30 01:28 -------- d-----w- c:\program files\Realtek
2013-09-30 01:28 . 2009-06-04 20:45 166912 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2013-09-30 01:28 . 2009-05-06 13:46 266240 ----a-w- c:\windows\system32\RtsUStor.dll
2013-09-30 01:28 . 2009-02-02 22:27 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2013-09-30 01:17 . 2009-04-29 12:46 15872 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2013-09-30 01:17 . 2006-11-02 11:09 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2013-09-29 18:52 . 2013-09-29 18:52 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-09-29 16:51 . 2013-09-29 16:51 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-09-29 16:47 . 2013-09-29 16:50 -------- d-----w- c:\programdata\Oracle
2013-09-29 16:46 . 2013-09-29 16:55 -------- d-----w- c:\windows\system32\MRT
2013-09-29 16:44 . 2013-09-29 16:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-29 16:44 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-29 16:43 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-29 16:43 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-09-29 16:43 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-09-29 16:43 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-09-29 16:43 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-09-29 16:43 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-09-29 16:43 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-09-29 16:43 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-29 16:43 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-09-29 16:43 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-09-29 16:42 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-09-29 16:42 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-09-29 16:41 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-09-29 16:40 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-09-29 16:39 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-09-29 16:39 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-09-29 16:39 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-09-29 16:39 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-09-29 16:39 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-09-29 16:39 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-09-29 16:39 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-29 16:37 . 2013-08-08 01:03 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-09-29 16:37 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-29 16:36 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-29 16:19 . 2013-09-29 16:16 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3D884E5-1A89-43F7-9DEA-D47D93C801BC}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-03 18:55 . 2013-10-03 17:54 248380 ----a-w- C:\MGlogs.zip
2013-10-01 18:43 . 2013-05-02 16:51 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-09-29 16:44 . 2012-09-07 01:05 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-29 16:44 . 2012-09-07 01:05 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-26 13:24 . 2013-07-26 13:24 296112 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll.new
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-09-24 441408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0?????????I\0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NETGEARGenie"="c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AllShareAgent"=c:\program files\Samsung\AllShare\AllShareAgent.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 TfFsMon;TfFsMon; [x]
R0 TfSysMon;TfSysMon; [x]
R3 ADASPROT;SYSTWEAKASO; [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2011-04-19 1092160]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2013-03-21 508184]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2013-03-21 33832]
R3 clwvd;CyberLink WebCam Virtual Driver; [x]
R3 cpuz136;cpuz136;c:\temp\cpuz136\cpuz136_x32.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-19 107392]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-06-20 295376]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RtsUIR;Realtek IR Driver; [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TfNetMon;TfNetMon; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-28 1343400]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys [2013-08-01 44632]
S1 MpKsl53751b7e;MpKsl53751b7e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B5B5E78-296F-490F-A3EE-CAAC42AF84C5}\MpKsl53751b7e.sys [2013-10-06 40392]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 166912]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL53751B7E
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
HsfXAudioService REG_MULTI_SZ    HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-06 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2013-09-30 13:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.com/
mStart Page = hxxp://www.google.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(772)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
.
Completion time: 2013-10-05  20:49:30
ComboFix-quarantined-files.txt  2013-10-06 00:49
ComboFix2.txt  2013-10-04 13:23
ComboFix3.txt  2013-10-04 02:33
ComboFix4.txt  2013-10-04 01:52
.
Pre-Run: 112,393,269,248 bytes free
Post-Run: 112,318,525,440 bytes free
.
- - End Of File - - 06C50E3BE0F14C6BF25DA3E664363794
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 

 

Comments:

- Yes the problem is still present.

- Sometimes file MsMng.exe requires > 50% run time, not to mention a System file?

- There are popups that appear on the desktop, without the computer connected to the internet, asking for YES or NO verification.

- So folders that have < 1GB of data take sooo long to load the first time. I have run, disk checks, error checking, hard drive testing and everything comes back positive. I even emptied the drives. Any ideas?

-  I have programs installed that are not located in my Control Panel --> "Programs and Features". Any ideas?

 

Thanks again for your time



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 PM

Posted 06 October 2013 - 08:53 AM

Lets check the presence of this MsMng.exe file. It's not showing up in any of you logs.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:

    :filefind
    MsMng.exe

    :regfind
    MsMng
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.[/*
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#9 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 06 October 2013 - 09:02 AM

Thank you for the reply.
But I made a spelling error, the file name mentioned above is MsMpEng.exe not the other. Sorry.

I can perform the Lookup with the mentioned file if you wish.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 PM

Posted 06 October 2013 - 09:38 AM

It's related to Microsoft Windows Defender.

It's not required with the Microsoft Security Essentials

Go to your task manager and Disable the process MsMpEng.exe

Restart the compupter normally.
===


If the issue is persisting, run the following in the SystemLook search.


:filefind
MsMpEng.exe
:regfind
MsMpEng


Post the log.

#11 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 06 October 2013 - 12:13 PM

Looked up the Windows Defender in Services.msc.

I found it set to AUTOMATIC.

Should be set to 'disable'?

 

It also shows that the 'service status' is stopped but MsMpEng.exe is still running.

 

I will try what you mentioned above,

but just unensure when you mentioned disable...

 

Can that be performed in task manager? I only know of it in Services.msc.



#12 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 06 October 2013 - 12:31 PM

Here are the results of the Lookup.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 13:24 on 06/10/2013 by Nadia
Administrator - Elevation successful

========== filefind ==========

Searching for "MsMpEng.exe"
C:\Program Files\Microsoft Security Client\MsMpEng.exe --a---- 22208 bytes [22:05 20/06/2013] [22:05 20/06/2013] 37F77AEBFF23A99D1BFB4F34CD2D07F2

========== regfind ==========

Searching for "MsMpEng"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Services]
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"="10/02/2013 12:37 AM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\MsMpEng.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF374A3F802F8614DA7AEB27861167E9]
"BB8DD09375BB24940A92D219E3E4D947"="c:\Program Files\Microsoft Security Client\MsMpEng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF374A3F802F8614DA7AEB27861167E9]
"F32BDAD36E49D4E4FA8E51ED34598E3F"="c:\Program Files\Microsoft Security Client\MsMpEng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF374A3F802F8614DA7AEB27861167E9\BB8DD09375BB24940A92D219E3E4D947]
"File"="Antimalware_MsMpEng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF374A3F802F8614DA7AEB27861167E9\F32BDAD36E49D4E4FA8E51ED34598E3F]
"File"="Antimalware_MsMpEng.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpSvc]
"ImagePath"=""c:\Program Files\Microsoft Security Client\MsMpEng.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MsMpSvc]
"ImagePath"=""c:\Program Files\Microsoft Security Client\MsMpEng.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsMpSvc]
"ImagePath"=""c:\Program Files\Microsoft Security Client\MsMpEng.exe""
[HKEY_USERS\S-1-5-21-1798075149-85950911-1678157633-1001\Software\BillP Studios\Detected\Services]
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"="10/02/2013 12:37 AM"

-= EOF =-

 

 

 

-- As I mentioned above MsMpEng.exe was "disabled" in Services.msc and the computer was restarted, but now it is as busy as ever.

-- WinPatrol has even produced a different icon, it is completely yellow and when and move the cursor over it, it displays the following:

 

"Scotty is checking to see if your default pages have been hijacked"

 

 

Please help.

 

I am stumped.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 PM

Posted 06 October 2013 - 01:29 PM

There is some conflict between Winpatrol and Windows Defender.

Can you disable Winpatrol and see if the problem persists.
Make sure also that Windows Defender is also disable.

This will leave only Microsoft Essentials running.

Is the problem persisting?

#14 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 06 October 2013 - 01:58 PM

How to disable WinPatrol...??

It is not found anywhere..

 

Programs and features, Services.msc

 

I am going to keep looking but my other computer has it located in Programs and Features.

 

That was one of my original questions:

How to remove (uninstall) prorams that are located in the 'Programs and Features'?

 

I am stumped. Again.

Please help.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 PM

Posted 07 October 2013 - 07:57 AM

Remove Winpatrol using their uninstaller.
http://www.winpatrol.com/download.html
WinPatrol Removal Program (589 KB) New
This is a single program WinPatrolRemove.exe which will remove all files and registry entries created by installing WinPatrol. After running this file it will be removed automatically the next time you reboot.
===
 

How to remove (uninstall) prorams that are located in the 'Programs and Features'?

I have seen that question. I was concentrating on the other issues.

If a program was deleted by delete the folder and files it's uninstaller was deleted and you will not be able to deleted using the Prorgrams and Features.
The name of the program however is still listed in the list.

This tool may help you to remove the dead entries.

MyUninstaller v1.74 - Alternative to the standard add / remove control panel module
Tutorial on the site: http://www.nirsoft.net/utils/myuninst.html

Go to the following link and download MyUninstaller Open the link and scroll down below "Feedback" to find access to the download. Also read all of the available information at the link, specifically the section marked "Removing an Uninstall entry"

http://www.nirsoft.net/utils/myuninst.html

When you have the download unzip to your Desktop. Right click on the application and select "Run as Administrator" the program is a standalone executable so will not install.

When the program runs wait and the main interface will populate with an Installed Programs list.

Check through the list until you see the entry you need. Below the menu bar are column headers, look under Obsolete and Uninstall If the word Yes is listed under Obsolete and not Uninstall against the entry it means we can safely delete that entry, or vice versa....
===

The steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users