Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7ultHTPC intermittent:hangs,TVrecErrors,slowActions,NowWindows...reinstalled


  • This topic is locked This topic is locked
35 replies to this topic

#1 Jeagle

Jeagle

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 28 March 2014 - 08:46 PM

Hello helpers,

  May I say Thanks to all who invest their time and energy to help all us frustrated and confused people running attacked computers!

  Now for me I've been mostly helped by reading all your solutions posted You'd think since I have been building and working on computers since 1980 plus with all your help I'd be much better off. NOT this time however I'm stumped. BTW, I fell off my roof 2+ years ago and am inflicted with TBI. I'm sure there are some funny acronyms for this, but basically it's a brain injury. Takes longer to find things in my memory, slower response times, and may need some new activation.

                     Wait sounds alot like a computer problem!

  I'm running a win7 Ult. HTPC first built with the RC1 ver. then upped to Ult. when available. Till lately it's been a semi bumpy ride.

  This latest plague started with slow responses to mouse commands in MCE. I Ran MSE and found nothing so I ran MBAM and some online scanners; Fsecure, Panda cloud scan,Emsisoft malaware scan, ESET, Hitman Pro 3.7+ will try to include results. (See end or attached?)

Nothing alarming found and I cleaned what was. 

  Things seemed better nothing bad found We have company and the Int.slowness/hangs does not reflect well on my skills. So here I am thought I did good, but probably NOT!

  So I continued my search for similar issues didn't find much will try to share if I remember. Then........ today I found... Windows Activation window saying "Windows must be reinstalled An unauthorized change was made to windows Windows must be reinstalled to activate . Insert the Windows installation DVD or CD into your computer to begin the reinstallation process. How do I reinstall windows?" link   

  So here I am Please help??? Oh sorry my name is Jerry.

 

Add. Notes

 

When the scans were done I have 6 hard drives from 1-2 tb HD3 disappears sometimes during or after scans  and I don't see it on the logs from DDS scan. I believe HD3 is a 2 tb and volumes T: and U: are about 1tb each. Also G: and H: are in the new HD5? and are about 1 tb each  HD5 is a shift drive that i am loading saved older TV shows on and G: (first volume formatted) disappeared before all this started Iit was originally on a USB Case but I hooked it up directly in place of BluRayRec I then made h: and G: disappeared and I rebooted but when it rebooted there it was minus the Recorded TV folder,  I ran chkdsk, it found no errors Now at the beginning of this epidemic I had loaded .5tb on H: and next time I wanted to move some WTVs, the recorded TV folder was gone and I haven't been able to get it back. Drive info shows its over half filled but no Recorded TV folder again! (Where all the WTVs are) G:\recorded TV however, reappeared. Yeah! I ran it again and H:\Recorded TV folder never came back. This HD5 G: is nearly filled and I hesitate to add more storage with present circumstances.

  So the latest problems are even longer lagging actions; last night I waited 5-10 minutes for mouse commands to be executed. I couldn't get Media center to close or the task manager to open during prime time recording, to check for limited recording space. I finally cut power, hard rebooted and didn't look at it again till this morning and saw the Windows Activation warning and MC was asking to be restarted. Ive checked most all the hardware and have replacements for most but I'm sure its software related. At least as sure as a TBI person could be. So thanks to whomever takes this on and I hope they have patience as I attempt to do all the time now.

  Sorry for the length but it said state all that could be helpful I'm attaching the scan logs I have.

  I'll have to attach pics later as they don't want to fit on this upload.

  Have a great weekend!!!

 

Here's the DDS log

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.13.2
Run by JMA7 at 13:20:30 on 2014-03-28
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2036.296 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ef7356bc77a65e9e\STacSV.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\DVRMSToolbox\DTBFWService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\JMA7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV1P84C8\M4-
 
Service.exe
C:\Program Files\ASUS Bluetooth Suite\BtvStack.exe
C:\Users\JMA7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV1P84C8\M4-
 
Capture.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
C:\Program Files\SAMSUNG\Kies\Kies.exe
C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\JMA7\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\JMA7\AppData\Local\NDS\PCShow\NDSPCShowServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\WMC Recording Storage Pooler\WMCRecordingStoragePooler.exe
C:\Program Files\Common Files\X10\Common\X10nets.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe
C:\Windows\ehome\ehVid.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\slui.exe
C:\Windows\system32\mspaint.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\JMA7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith
 
\snagit 10\SnagitBHO.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe 
 
Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common 
 
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java
 
\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files
 
\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program 
 
files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files
 
\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 
 
8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 
 
8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe 
 
Contribute CS3/contributeieplugin.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 
 
10\SnagitIEAddin.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 
 
8.0\acrobat\AcroIEFavClient.dll
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.EXE
uRun: [Google Update] "c:\users\jma7\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [PCShowServer] c:\users\jma7\appdata\local\nds\pcshow\PCShowServerPMWrapper.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default 
 
manager\DefMgr.exe" -resume
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" 
 
/startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
mRun: [AtherosBtStack] c:\program files\asus bluetooth suite\BtvStack.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
StartupFolder: c:\users\jma7\appdata\roaming\micros~1\windows\startm~1\programs\startup
 
\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\biterScripting ™ 
 
Startup.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 
 
2010\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat
 
\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat
 
\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat
 
\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat
 
\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat
 
\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat
 
\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat
 
\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat
 
\AcroIEFavClient.dll/AcroIECapture.html
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program 
 
files\windows live\writer\WriterBrowserExtension.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - 
 
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - 
 
hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.ma-
 
config.com/plugins/MaConfig_4_0_2_0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33
 
-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22
 
-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33
 
-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33
 
-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://seagate-
 
events.webex.com/client/T27LB/event/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - 
 
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - 
 
hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0FE39FD6-E980-40AF-AC37-5DC6C8EB1BAC} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F343A415-1280-4B61-9293-B4C0DB5097D1} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F343A415-1280-4B61-9293-B4C0DB5097D1}\4656661657C647 : DHCPNameServer = 
 
68.105.28.12 68.105.29.12
TCP: Interfaces\{F343A415-1280-4B61-9293-B4C0DB5097D1}\9437E647F6B6 : DHCPNameServer = 
 
192.168.1.1
TCP: Interfaces\{F343A415-1280-4B61-9293-B4C0DB5097D1}\A4D41435D434 : DHCPNameServer = 
 
192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo 
 
gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jma7\appdata\roaming\mozilla\firefox\profiles\24llxvky.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q= 
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jma7\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\jma7\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\jma7\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\jma7\appdata\roaming\mozilla\firefox\profiles\24llxvky.default\extensions
 
\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - ExtSQL: !HIDDEN! 2010-03-01 18:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows
 
\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9
 
-27 214696]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys 
 
[2014-3-23 22056]
R1 SASDIFSV;SASDIFSV;c:\users\jma7\appdata\local\temp\sas_selfextract\sasdifsv.sys [2010-2-17 
 
12872]
R1 SASKUTIL;SASKUTIL;c:\users\jma7\appdata\local\temp\sas_selfextract\saskutil.sys [2010-5-10 
 
67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files\emsisoft anti-malware
 
\a2service.exe [2014-3-23 4163584]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-11-29 12672]
R2 DTBService;DTBService;c:\program files\dvrmstoolbox\DTBFWService.exe [2010-1-12 8192]
R2 M4-Service;M4-Service;c:\users\jma7\appdata\local\microsoft\windows\temporary internet files
 
\content.ie5\pv1p84c8\M4-Service.exe [2012-4-17 1007472]
R2 ShowAnalyzerMaster;ShowAnalyzerMaster;c:\program files\dragon global\showanalyzersuite
 
\ShowAnalyzerMaster.exe [2010-2-8 2074112]
R2 WMCRecordingStoragePooler;Windows Media Center Recording Storage Pooler;c:\program files\wmc 
 
recording storage pooler\WMCRecordingStoragePooler.exe [2010-8-14 54784]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2009-10-
 
21 33280]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2009-9-3 1150464]
R3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\drivers\AVerBas.sys [2009-6-11 
 
57216]
R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys 
 
[2009-6-11 366720]
R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [2009-6-11 
 
165120]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2009-10-23 
 
282112]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2009-10-20 20480]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2009-10-22 
 
205312]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2009-10-21 117760]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2009-10-22 49152]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows
 
\system32\drivers\RTL8192su.sys [2011-1-4 603240]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys 
 
[2012-4-21 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys 
 
[2012-4-21 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys 
 
[2012-4-21 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys 
 
[2012-4-21 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys 
 
[2012-4-21 25704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows
 
\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2014-3-23 57944]
S3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2009-7-25 38272]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers
 
\b57nd60x.sys [2009-7-13 229888]
S3 cleanhlp;cleanhlp;c:\program files\emsisoft anti-malware\cleanhlp32.sys [2014-3-23 50200]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-1-15 20328]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files
 
\google\google desktop search\GoogleDesktop.exe [2010-8-8 30192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows
 
\system32\ieetwcollector.exe [2013-12-11 108032]
S3 MCEBuddy;MCEBuddy Service;c:\program files\tyrell\mcebuddy\MCEBuddySvc.exe [2010-1-24 20480]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2011-5-
 
24 22891]
S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [2011-5-24 49024]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-
 
20 104768]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe 
 
[2013-10-23 280288]
S3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2014-3-23 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers
 
\rdpvideominiport.sys [2013-5-4 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-5-4 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe 
 
[2010-3-16 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh
 
\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", 
 
"%1"
.
=============== Created Last 30 ================
.
2014-03-28 06:24:00 7969936 ----a-w- c:\programdata\microsoft\microsoft antimalware
 
\definition updates\{895bfa4c-d811-4a22-b9b5-7f51dcf6eb50}\mpengine.dll
2014-03-26 21:59:11 -------- d-----w- c:\program files\COMODO
2014-03-26 20:58:34 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-26 19:47:30 131744 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2014-03-26 19:47:29 290376 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-03-26 06:51:27 7969936 ----a-w- c:\programdata\microsoft\microsoft antimalware
 
\definition updates\backup\mpengine.dll
2014-03-25 06:03:02 765968 ------w- c:\programdata\microsoft\microsoft antimalware
 
\definition updates\{0562a6b7-383d-42cf-847e-805276545680}\gapaengine.dll
2014-03-24 00:36:45 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2014-03-23 22:38:09 -------- d-----w- c:\program files\HitmanPro
2014-03-23 22:35:45 -------- d-----w- c:\programdata\HitmanPro
2014-03-23 22:16:03 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2014-03-23 22:15:51 -------- d-----w- c:\program files\Panda Security
.
==================== Find3M  ====================
.
2014-03-12 02:54:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 02:54:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:22:11.29 ===============
 

 



BC AdBot (Login to Remove)

 


#2 Jeagle

Jeagle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 29 March 2014 - 03:42 AM

TWIMC, 

Update

  Some new info My HTPC (JMA7) is now taking a long time to boot hovers at windows is starting for at least 45 minutes on one restart One start to safe mode command prompt hung for an hour I finally restarted and running again didn't record any shows last night and wouldn't play all the shows I chose to view some just hung in blackness and a couple were pixelated int. and some just froze on a still for 2 -15 minutes. still lagging/hanging in actions from mouse  gestures. I await your input. Jer



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 02 April 2014 - 08:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/529169 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Jeagle

Jeagle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 11 April 2014 - 06:06 PM

Hello, again,
JMA7 my HTPC has not recorded anything since the 4th at least it seems that way yet still it once to run for the times that the recording this are supposed to be going and if I shut it off it will hibernated it will wake itself back up anyway am has a record anything and it's taking a long time to start we have waited for four well its been an hour anyway hold on it just woke up ...... False alarm screen came up with recorded TV library window and I tried to move the mouse out of the window and from say I got couple inches from the bottom of the window anyway I am Back waiting for Hang to end since about 10 minutes man… why Perstarr windows T this show the desktop and all the monster moving and got it to flip out of the record TV screen and opened up Chrome however chrome is gray and black and I guess I'll check hey TaskManager see if I can reopen it maybe I'll try Firefox anyway I assume you wanted me to download it DDS again said he is in the one that I dirty downloaded I don't know why but if I can't download it again I'll just use one arty done I guess sorry to be so long-winded IL I'm all something mood recorder failure oh I said it was recording her experienced a failure is unable to start three okay froze again purses all on the right side by 3 inches away right the recorder feel you still up Google Chrome's cover the bottom of it so I can't read what it says is please restart the computer and I can't read it can't move without awake some outside moving Presque windows D twice to get the desktop back and escape to pray for you so whatever is going on and I'm just waiting it's like 312 and last time or restart the computer it it I think it took after an hour 45 minutes and I was going lose on my recording side probably try and just restoring image but I Freyd the middle of recordings also I put some stuff on their programs that can't remember if I got I probably got all the bottomless reschedule the recording now I've got the windows thing is open whatchamacallits frozen and AC thermolysis those little mouse food was so frozen Indian restaurant mouseclick was it 315

#5 Jeagle

Jeagle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 11 April 2014 - 06:32 PM

please forgive last post tried to use wifes i pad air  and have it transcribe so i wouldn't get such a headache typing with two fingers

 

Heres the new DDS 04-11-04

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.13.2
Run by JMA7 at 15:54:27 on 2014-04-11
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2036.700 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ef7356bc77a65e9e\STacSV.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DVRMSToolbox\DTBFWService.exe
C:\Users\JMA7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV1P84C8\M4-Service.exe
C:\Program Files\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
C:\Users\JMA7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV1P84C8\M4-Capture.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ASUS Bluetooth Suite\BtvStack.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
C:\Program Files\SAMSUNG\Kies\Kies.exe
C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\JMA7\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\WMC Recording Storage Pooler\WMCRecordingStoragePooler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\X10\Common\X10nets.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\mmc.exe
C:\Windows\System32\vds.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe
C:\Windows\ehome\ehVid.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskhost.exe
C:\Users\JMA7\AppData\Local\NDS\PCShow\NDSPCShowServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRec.exe
C:\Windows\eHome\EhTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.EXE
uRun: [Google Update] "c:\users\jma7\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [PCShowServer] c:\users\jma7\appdata\local\nds\pcshow\PCShowServerPMWrapper.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
mRun: [AtherosBtStack] c:\program files\asus bluetooth suite\BtvStack.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
StartupFolder: c:\users\jma7\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\biterScripting ™ Startup.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.ma-config.com/plugins/MaConfig_4_0_2_0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://seagate-events.webex.com/client/T27LB/event/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0FE39FD6-E980-40AF-AC37-5DC6C8EB1BAC} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F343A415-1280-4B61-9293-B4C0DB5097D1} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F343A415-1280-4B61-9293-B4C0DB5097D1}\4656661657C647 : DHCPNameServer = 68.105.28.12 68.105.29.12
TCP: Interfaces\{F343A415-1280-4B61-9293-B4C0DB5097D1}\9437E647F6B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F343A415-1280-4B61-9293-B4C0DB5097D1}\A4D41435D434 : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jma7\appdata\roaming\mozilla\firefox\profiles\24llxvky.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q= 
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jma7\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\users\jma7\appdata\local\nds\pcshow\npPlayerPlugin.dll
FF - plugin: c:\users\jma7\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\jma7\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\jma7\appdata\roaming\mozilla\firefox\profiles\24llxvky.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - ExtSQL: !HIDDEN! 2010-03-01 18:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2014-3-23 22056]
R1 SASDIFSV;SASDIFSV;c:\users\jma7\appdata\local\temp\sas_selfextract\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\users\jma7\appdata\local\temp\sas_selfextract\saskutil.sys [2010-5-10 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2014-3-23 4163584]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-11-29 12672]
R2 DTBService;DTBService;c:\program files\dvrmstoolbox\DTBFWService.exe [2010-1-12 8192]
R2 M4-Service;M4-Service;c:\users\jma7\appdata\local\microsoft\windows\temporary internet files\content.ie5\pv1p84c8\M4-Service.exe [2012-4-17 1007472]
R2 ShowAnalyzerMaster;ShowAnalyzerMaster;c:\program files\dragon global\showanalyzersuite\ShowAnalyzerMaster.exe [2010-2-8 2074112]
R2 WMCRecordingStoragePooler;Windows Media Center Recording Storage Pooler;c:\program files\wmc recording storage pooler\WMCRecordingStoragePooler.exe [2010-8-14 54784]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2009-9-3 1150464]
R3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\drivers\AVerBas.sys [2009-6-11 57216]
R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [2009-6-11 366720]
R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [2009-6-11 165120]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2009-10-20 20480]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-1-4 603240]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-4-21 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-4-21 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-4-21 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-4-21 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-4-21 25704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2014-3-23 57944]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2009-10-21 33280]
S3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2009-7-25 38272]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2009-10-23 282112]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2009-10-22 205312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2009-10-21 117760]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2009-10-22 49152]
S3 cleanhlp;cleanhlp;c:\program files\emsisoft anti-malware\cleanhlp32.sys [2014-3-23 50200]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-1-15 20328]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-8-8 30192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-11 108032]
S3 MCEBuddy;MCEBuddy Service;c:\program files\tyrell\mcebuddy\MCEBuddySvc.exe [2010-1-24 20480]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2011-5-24 22891]
S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [2011-5-24 49024]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104768]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2014-3-23 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-5-4 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-5-4 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-16 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-04-11 22:28:10 7969936 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a84c505b-d985-4dd6-bee8-6532266fca1c}\mpengine.dll
2014-04-10 22:02:54 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{72cc52d2-4ea2-4240-a1f1-5d887413411c}\gapaengine.dll
2014-04-10 22:02:38 7969936 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-03-26 21:59:11 -------- d-----w- c:\program files\COMODO
2014-03-26 20:58:34 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-26 19:47:30 131744 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2014-03-26 19:47:29 290376 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-03-25 06:03:02 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0562a6b7-383d-42cf-847e-805276545680}\gapaengine.dll
2014-03-24 00:36:45 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2014-03-23 22:38:09 -------- d-----w- c:\program files\HitmanPro
2014-03-23 22:35:45 -------- d-----w- c:\programdata\HitmanPro
2014-03-23 22:16:03 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2014-03-23 22:15:51 -------- d-----w- c:\program files\Panda Security
.
==================== Find3M  ====================
.
2014-03-12 02:54:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 02:54:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 15:55:59.55 ===============
 
ok I await instructions


#6 Jeagle

Jeagle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 11 April 2014 - 06:39 PM

sorry forgot to attach file

jer

Attached Files



#7 Jeagle

Jeagle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 13 April 2014 - 04:20 PM

I could really use some assistance. If you need more info please let me know I don't know what else to do?

#8 Jeagle

Jeagle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 16 April 2014 - 10:16 PM

I wonder why my post just sits with only my replies? I await for help
Jer

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:56 AM

Posted 17 April 2014 - 01:28 PM

Hi, sorry for the delay. My name is Elise and I'll assist you with this issue.

 

It may sound trivial, but first of all, have you tried using another mouse to rule out hardware failure? A mouse can easily break and cause all kind of erratic behavior.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Jeagle

Jeagle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 21 April 2014 - 03:29 AM

Hello my name is Jer Hhow are you? ThanksI welcome anyway please I have tried different hardware i.e. I use up all three mice at three things I use a wireless keyboard and joystick and A red Explorer mouse and a MS trackball. So what would your next suggestion the highway your reply Jerry thanks

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:56 AM

Posted 21 April 2014 - 03:52 AM

Is the mouse you use now wired or wireless?

 

[b]Let's have a look at what TDSSKiller has previously removed:[/b]


  • Please download TDSS Qlook and save it to your desktop.
  • Double-click the program and run it.
  • Type the letter A and press ENTER.
  • A logfile will open (TDSSQ.txt), please copy and paste the contents of that logfile into your next reply.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Jeagle

Jeagle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 21 April 2014 - 05:31 AM

Hello Lee smile mouse is wired the Explorer mouse and the trackball mouse are both wire but my keyboard is wireless along with a joystick on the keyboard then I have a wired keyboard to as far as the rest of the stuff I'm headed to bed I'm going to have to do that tomorrow and downloading stuff and it's going to take probably an hour from dang computer to Boot up anyway. So I'll get back to you later
,Jer
Ps thanks so much for your help

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,931 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:56 AM

Posted 21 April 2014 - 07:09 AM

Okay, post when ready.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Jeagle

Jeagle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 22 April 2014 - 12:17 PM

Elise,

hello :bounce:  Happy Earth Day! hope your day is wonderful. Doesn't look too good :apple:

I await!

 

Here is the copied TDSSQ scan log:

 

TDSSKiller Quarantine Information log
TDSS Qlook Version 1.0.0.5 - JMA7 - Tue 04/22/2014 - 10:05:39.10.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 
***** START SCAN Tue 04/22/2014 10:05:39.99 *****
 
---------- TDSSKiller logs ----------
 
TDSSKiller.3.0.0.26_26.03.2014_13.05.13_log.txt
TDSSKiller.3.0.0.26_26.03.2014_13.10.01_log.txt
 
---------- TDSSStarter logs ----------
 
 
---------- DIR LIST ----------
 
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0001
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0000
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0000\object.ini
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0000\svc0000
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0001\object.ini
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0001\svc0000
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0001\svc0000\tsk0000.ini
 
---------- INI FILES ----------
 
=== C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0000\object.ini
 
[InfectedObject]
Verdict: UnsignedFile.Multi.Generic
 
 
=== C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0000\svc0000\object.ini
 
[InfectedObject]
Type: Service
Name: MEITUNER
Type: Kernel driver (0x1)
Start: Demand (0x3)
ImagePath: system32\DRIVERS\meistb.sys
 
 
=== C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0000\svc0000\tsk0000.ini
 
[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\DRIVERS\meistb.sys
md5: 1968AA72F5C23C5010A126B5EE0C3539
sha256: 94E719C44852286F177831CF80F54A1F3675A6A742132B9FE35510C09F98AE28
 
 
=== C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0001\object.ini
 
[InfectedObject]
Verdict: UnsignedFile.Multi.Generic
 
 
=== C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0001\svc0000\object.ini
 
[InfectedObject]
Type: Service
Name: MSPANEL
Type: Kernel driver (0x1)
Start: Demand (0x3)
ImagePath: system32\DRIVERS\mstapeo.sys
 
 
=== C:\TDSSKiller_Quarantine\26.03.2014_13.10.02\susp0001\svc0000\tsk0000.ini
 
[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\DRIVERS\mstapeo.sys
md5: AD4609A1523656F740C70178E67FD5D2
sha256: 49E68DAE078362037C079FFAD05DC6A57B21829B6EE73FF73CA592031A04EB3F
 
 
***** END SCAN Tue 04/22/2014 10:05:40.47 *****
 



#15 Jeagle

Jeagle
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 22 April 2014 - 12:26 PM

Elise ,

Took awhile too boot up looks like the unwelcome resident has moved to boot areas first boot said no boot files?

powered down to flush and reboot hung on first blank screen with cursor upprrt corner then hung on 5A of intels bootup process then hung on starting windows full boot in <>30minutes.

thanks ,

jer

PS it also hung before starting windows with shutdown error screen asking if we wanted to start in safe mode






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users