Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% CPU Usage Trojan Virus


  • Please log in to reply
25 replies to this topic

#1 Cheddarjack

Cheddarjack

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 15 September 2014 - 12:58 PM

Hi i just booted up my computer the other day and it keeps saying that my computer is running at 100% usage ive run Malwarebytes and it keeps popping up in my Appdata and Roaming files. It all started after i downloaded a driver for my computer which was obviously fake. Ive tried to get rid of it but it multiplies every time i reboot my computer. Can someone please help me?

 

Thank you for your time!


Edited by hamluis, 15 September 2014 - 01:03 PM.
Moved from MRL to AII - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:09 AM

Posted 15 September 2014 - 03:54 PM

I don't know your Operating System,but have you tried a system restore to a date prior to this?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Cheddarjack

Cheddarjack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 15 September 2014 - 08:19 PM

ts Windows 7 64bit .Yeah i used the restore point and it didnt go away it just pops up in my processes and its under winupt.exe, and when i end process my cpu usage goes back to normal.


Edited by Cheddarjack, 15 September 2014 - 08:20 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:09 AM

Posted 16 September 2014 - 10:03 AM

Ok thanks,, please do these.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Cheddarjack

Cheddarjack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 September 2014 - 02:33 PM

Yes sir im on it.



#6 Cheddarjack

Cheddarjack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 September 2014 - 02:40 PM

Mini tool box 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Drew (administrator) on 16-09-2014 at 14:38:30
Running from "C:\Users\Drew\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : nooon-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-1D-BA-27-69-69
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-21-5D-05-40-E6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1ce3:6e93:f03c:ad3b%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.113(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, September 16, 2014 1:01:43 PM
   Lease Expires . . . . . . . . . . : Tuesday, September 23, 2014 1:01:43 PM
   Default Gateway . . . . . . . . . : fe80::1e7e:e5ff:fe30:8418%10
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{A143F514-AA20-4692-9304-BB298E9CCF7E}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1c59:92:cdf4:de46(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1c59:92:cdf4:de46%14(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4000:809::1004
 173.194.115.78
 173.194.115.71
 173.194.115.73
 173.194.115.68
 173.194.115.67
 173.194.115.69
 173.194.115.72
 173.194.115.64
 173.194.115.65
 173.194.115.70
 173.194.115.66
 
 
Pinging google.com [173.194.115.66] with 32 bytes of data:
Reply from 173.194.115.66: bytes=32 time=86ms TTL=55
Reply from 173.194.115.66: bytes=32 time=78ms TTL=55
 
Ping statistics for 173.194.115.66:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 78ms, Maximum = 86ms, Average = 82ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=116ms TTL=52
Reply from 98.139.183.24: bytes=32 time=116ms TTL=52
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 116ms, Maximum = 116ms, Average = 116ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 1d ba 27 69 69 ......Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
 10...00 21 5d 05 40 e6 ......Intel® WiFi Link 5100 AGN
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.113     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.113    286
    192.168.0.113  255.255.255.255         On-link     192.168.0.113    286
    192.168.0.255  255.255.255.255         On-link     192.168.0.113    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.113    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.113    286
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14     58 ::/0                     On-link
 10    286 ::/0                     fe80::1e7e:e5ff:fe30:8418
  1    306 ::1/128                  On-link
 14     58 2001::/32                On-link
 14    306 2001:0:9d38:6ab8:1c59:92:cdf4:de46/128
                                    On-link
 10    286 fe80::/64                On-link
 14    306 fe80::/64                On-link
 14    306 fe80::1c59:92:cdf4:de46/128
                                    On-link
 10    286 fe80::1ce3:6e93:f03c:ad3b/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    306 ff00::/8                 On-link
 10    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/15/2014 10:46:11 AM) (Source: Application Hang) (User: )
Description: The program ASC.exe version 7.4.0.474 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f68
 
Start Time: 01cfd0fb725b8123
 
Termination Time: 827
 
Application Path: C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
 
Report Id: 66393551-3cef-11e4-abfd-001dba276969
 
Error: (09/13/2014 08:01:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: nwmain.exe, version: 1.6.9.0, time stamp: 0x486cfadc
Faulting module name: nwmain.exe, version: 1.6.9.0, time stamp: 0x486cfadc
Exception code: 0xc0000005
Fault offset: 0x0008efeb
Faulting process id: 0x6a0
Faulting application start time: 0xnwmain.exe0
Faulting application path: nwmain.exe1
Faulting module path: nwmain.exe2
Report Id: nwmain.exe3
 
Error: (09/12/2014 02:44:30 PM) (Source: Application Hang) (User: )
Description: The program nwmain.exe version 1.6.9.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b68
 
Start Time: 01cfce8de7e4da68
 
Termination Time: 1404
 
Application Path: C:\Program Files (x86)\Neverwinter Nights Diamond\nwmain.exe
 
Report Id:
 
Error: (09/12/2014 11:14:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: winregis.exe, version: 0.0.0.0, time stamp: 0x53f1dc08
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003dd46
Faulting process id: 0xf6c
Faulting application start time: 0xwinregis.exe0
Faulting application path: winregis.exe1
Faulting module path: winregis.exe2
Report Id: winregis.exe3
 
Error: (09/10/2014 04:01:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: nwmain.exe, version: 1.6.9.0, time stamp: 0x486cfadc
Faulting module name: nwmain.exe, version: 1.6.9.0, time stamp: 0x486cfadc
Exception code: 0xc0000005
Fault offset: 0x001de6e4
Faulting process id: 0x498
Faulting application start time: 0xnwmain.exe0
Faulting application path: nwmain.exe1
Faulting module path: nwmain.exe2
Report Id: nwmain.exe3
 
Error: (09/10/2014 03:17:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x00000000027c0fd8
Faulting process id: 0x850
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (09/10/2014 03:17:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000027c0fd8
Faulting process id: 0x850
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (09/06/2014 06:04:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: nwmain.exe, version: 1.6.9.0, time stamp: 0x486cfadc
Faulting module name: nwmain.exe, version: 1.6.9.0, time stamp: 0x486cfadc
Exception code: 0xc0000005
Fault offset: 0x00402774
Faulting process id: 0xc78
Faulting application start time: 0xnwmain.exe0
Faulting application path: nwmain.exe1
Faulting module path: nwmain.exe2
Report Id: nwmain.exe3
 
Error: (09/06/2014 06:01:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: nwmain.exe, version: 1.6.9.0, time stamp: 0x486cfadc
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e41b
Faulting process id: 0xe04
Faulting application start time: 0xnwmain.exe0
Faulting application path: nwmain.exe1
Faulting module path: nwmain.exe2
Report Id: nwmain.exe3
 
Error: (09/06/2014 06:01:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: nwmain.exe, version: 1.6.9.0, time stamp: 0x486cfadc
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e41b
Faulting process id: 0xe04
Faulting application start time: 0xnwmain.exe0
Faulting application path: nwmain.exe1
Faulting module path: nwmain.exe2
Report Id: nwmain.exe3
 
 
System errors:
=============
Error: (09/16/2014 01:01:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
qknfd
 
Error: (09/16/2014 01:01:42 PM) (Source: Service Control Manager) (User: )
Description: The Motorola Device Manager Service service failed to start due to the following error: 
%%2
 
Error: (09/16/2014 01:01:34 PM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error: 
%%1053
 
Error: (09/16/2014 01:01:34 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Advanced SystemCare Service 7 service to connect.
 
Error: (09/15/2014 08:11:18 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
qknfd
 
Error: (09/15/2014 08:11:16 PM) (Source: Service Control Manager) (User: )
Description: The Motorola Device Manager Service service failed to start due to the following error: 
%%2
 
Error: (09/15/2014 08:11:06 PM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error: 
%%1053
 
Error: (09/15/2014 08:11:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Advanced SystemCare Service 7 service to connect.
 
Error: (09/15/2014 03:17:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
qknfd
 
Error: (09/15/2014 03:17:16 PM) (Source: Service Control Manager) (User: )
Description: The Motorola Device Manager Service service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (09/15/2014 10:46:11 AM) (Source: Application Hang)(User: )
Description: ASC.exe7.4.0.474f6801cfd0fb725b8123827C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe66393551-3cef-11e4-abfd-001dba276969
 
Error: (09/13/2014 08:01:58 PM) (Source: Application Error)(User: )
Description: nwmain.exe1.6.9.0486cfadcnwmain.exe1.6.9.0486cfadcc00000050008efeb6a001cfcfb644128d36C:\Program Files (x86)\Neverwinter Nights Diamond\nwmain.exeC:\Program Files (x86)\Neverwinter Nights Diamond\nwmain.exeb99014a9-3baa-11e4-b274-001dba276969
 
Error: (09/12/2014 02:44:30 PM) (Source: Application Hang)(User: )
Description: nwmain.exe1.6.9.0b6801cfce8de7e4da681404C:\Program Files (x86)\Neverwinter Nights Diamond\nwmain.exe
 
Error: (09/12/2014 11:14:46 AM) (Source: Application Error)(User: )
Description: winregis.exe0.0.0.053f1dc08ole32.dll6.1.7601.175144ce7b96fc00000050003dd46f6c01cfcea43bbcc376C:\Users\Drew\AppData\Roaming\winregis.exeC:\Windows\syswow64\ole32.dlle8e951e7-3a97-11e4-bfb3-001dba276969
 
Error: (09/10/2014 04:01:01 PM) (Source: Application Error)(User: )
Description: nwmain.exe1.6.9.0486cfadcnwmain.exe1.6.9.0486cfadcc0000005001de6e449801cfcd3a52c61322C:\Program Files (x86)\Neverwinter Nights Diamond\nwmain.exeC:\Program Files (x86)\Neverwinter Nights Diamond\nwmain.exe91824ce5-392d-11e4-b54c-001dba276969
 
Error: (09/10/2014 03:17:42 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175144ce7a144unknown0.0.0.000000000c000041d00000000027c0fd885001cfcd2ce17e8fdfC:\Windows\Explorer.EXEunknown8467df3b-3927-11e4-b182-001dba276969
 
Error: (09/10/2014 03:17:37 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175144ce7a144unknown0.0.0.000000000c000000500000000027c0fd885001cfcd2ce17e8fdfC:\Windows\Explorer.EXEunknown8126bd9b-3927-11e4-b182-001dba276969
 
Error: (09/06/2014 06:04:28 PM) (Source: Application Error)(User: )
Description: nwmain.exe1.6.9.0486cfadcnwmain.exe1.6.9.0486cfadcc000000500402774c7801cfca26a16cc831C:\Program Files (x86)\Neverwinter Nights Diamond\nwmain.exeC:\Program Files (x86)\Neverwinter Nights Diamond\nwmain.exe26888aec-361a-11e4-be7a-001dba276969
 
Error: (09/06/2014 06:01:49 PM) (Source: Application Error)(User: )
Description: nwmain.exe1.6.9.0486cfadcntdll.dll6.1.7601.18247521ea8e7c00000050002e41be0401cfca2682bb1ed6C:\Program Files (x86)\Neverwinter Nights Diamond\nwmain.exeC:\Windows\SysWOW64\ntdll.dllc815a6bd-3619-11e4-be7a-001dba276969
 
Error: (09/06/2014 06:01:46 PM) (Source: Application Error)(User: )
Description: nwmain.exe1.6.9.0486cfadcntdll.dll6.1.7601.18247521ea8e7c00000050002e41be0401cfca2682bb1ed6C:\Program Files (x86)\Neverwinter Nights Diamond\nwmain.exeC:\Windows\SysWOW64\ntdll.dllc611e74d-3619-11e4-be7a-001dba276969
 
 
 
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33080 - BitTorrent Inc.)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
BB FlashBack Express (HKLM-x32\...\BB FlashBack Express) (Version: 4.1.11.3266 - Blueberry)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
DriverToolkit version 8.3.5.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.3.5.0 - Megaify Software)
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Neverwinter Nights Diamond (HKLM-x32\...\Neverwinter Nights Diamond) (Version:  - GameStop)
Neverwinter Nights Hordes of the Underdark (HKLM-x32\...\Neverwinter Nights Hordes of the Underdark) (Version:  - GameStop)
Neverwinter Nights: Shadows of Undrentide (HKLM-x32\...\Neverwinter Nights: Shadows of Undrentide) (Version:  - GameStop)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 29%
Total physical RAM: 3935.03 MB
Available physical RAM: 2789.75 MB
Total Pagefile: 7868.24 MB
Available Pagefile: 6626.28 MB
Total Virtual: 4095.88 MB
Available Virtual: 3992.23 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:222.77 GB) (Free:127.91 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\NOOON-PC
 
Administrator            Drew                     Guest                    
 
 
**** End of log ****


#7 Cheddarjack

Cheddarjack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 September 2014 - 02:45 PM

Now Tdsskiller found 1 threat Malware high threat. Should i restore or quarantine? i know you said cure. So restore?



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:09 AM

Posted 16 September 2014 - 02:46 PM

Neverwinternights.. Is that a torrent download as it may be infected...Also do you NOT have an Antivirus?

Edited by boopme, 16 September 2014 - 02:47 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Cheddarjack

Cheddarjack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 September 2014 - 02:47 PM

No i downloaded it from a Gamestop website...



#10 Cheddarjack

Cheddarjack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 September 2014 - 02:49 PM

Those failed before the 10th cause i didnt have the proper driver installed. But i got the correct graphics driver from a gentleman on Intel website.



#11 Cheddarjack

Cheddarjack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 September 2014 - 02:50 PM

I know for a fact he was an actual member of Intel, but before that i tried looking for the driver myself and im pretty sure it was one of the 2 i downloaded...but i could be wrong.

What should i do with the Tdsskiller?


Edited by Cheddarjack, 16 September 2014 - 02:55 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:09 AM

Posted 16 September 2014 - 02:55 PM

Ok, proceed with the scans.

What did it find... can you copy and post the like..last 10 lines
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Cheddarjack

Cheddarjack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 September 2014 - 02:58 PM

Well Should i restore the or quarantine or skip the UDS:Dangerous Object.Multi Generic File C:\Users\drew\app data\roaming\winregis.exe Malware object high threat.

 

Malwarebytes says its Trojan.Downloader


Edited by Cheddarjack, 16 September 2014 - 02:59 PM.


#14 Cheddarjack

Cheddarjack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 16 September 2014 - 03:03 PM

14:44:57.0970 0x0788  Have new async UDS detects: 1
14:44:57.0972 0x0788  winregis - detected UDS:DangerousObject.Multi.Generic ( 0 )
14:44:58.0163 0x0788  winregis ( UDS:DangerousObject.Multi.Generic ) - infected
14:44:58.0163 0x0788  Force sending object to P2P due to detect: C:\Users\Drew\AppData\Roaming\winregis.exe
14:45:01.0489 0x0788  Object send P2P result: true
14:45:04.0822 0x0788  Win FW state via NFP2: enabled
14:45:07.0745 0x0788  ============================================================
14:45:07.0745 0x0788  Scan finished
14:45:07.0745 0x0788  ============================================================
14:45:07.0761 0x0eb4  Detected object count: 1
14:45:07.0761 0x0eb4  Actual detected object count: 1
15:03:57.0497 0x0eb4  winregis ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:03:57.0497 0x0eb4  winregis ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:09 AM

Posted 16 September 2014 - 03:09 PM

That's a skip as it's your CD drivers
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users