My husband's Asus laptop sounds like it's playing a radio

Evenshade · April 03, 2014, 04:29:34 AM

Well, I don't have any reports that say RKreport[1] but I have 3 that say RKreport[0] and one that says "RK Quara...." I'll post all 3 of the RKreport[0] and hope that's what you need. :)

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Pam [Admin rights]
Mode : Remove -- Date : 04/03/2014 00:20:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[Root.Zekos][File] rpcss.dll : C:\Windows\System32\rpcss.dll [-] --> REPLACED AT REBOOT -> (C:\Windows\SoftwareDistribution\Download\9f1a5f9195e441d8246d35b540275b01\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll)

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Root.Zekos ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] c14eb9ee2300b6a5a72ebee763c869b9
[BSP] ba7218981e13a587b0937e6cd93cfb0a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30715904 | Size: 238472 MB
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 519108345 | Size: 223466 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_04032014_002007.txt >>
RKreport[0]_S_04022014_223644.txt;RKreport[0]_S_04032014_001606.txt

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Pam [Admin rights]
Mode : Scan -- Date : 04/03/2014 00:16:06
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[Root.Zekos][File] rpcss.dll : C:\Windows\System32\rpcss.dll [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Root.Zekos ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] c14eb9ee2300b6a5a72ebee763c869b9
[BSP] ba7218981e13a587b0937e6cd93cfb0a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30715904 | Size: 238472 MB
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 519108345 | Size: 223466 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04032014_001606.txt >>
RKreport[0]_S_04022014_223644.txt

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Pam [Admin rights]
Mode : Scan -- Date : 04/02/2014 22:36:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[Root.Zekos][File] rpcss.dll : C:\Windows\System32\rpcss.dll [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Root.Zekos ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] c14eb9ee2300b6a5a72ebee763c869b9
[BSP] ba7218981e13a587b0937e6cd93cfb0a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30715904 | Size: 238472 MB
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 519108345 | Size: 223466 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04022014_223644.txt >>

DonnaB · April 03, 2014, 12:02:15 PM

Looking good!! :thumbsup:

Couple questions, if I may:

Did the computer reboot after the scan? How's the computer behaving now? Better? Any more "ghost" audio's to speak of?

Let's verify that the main infection was annihilated. This time I'm going to request 4 scans (5 logs). I hate to toss so many at you at once, though you seem to be pretty good at this, and I have to head off to work here shortly. This will save us some time. If for some reason you have questions or concerns the other members will be more than happy to help in my absence.

We'll do them in steps to make it easier:

Step 1:

If you don't already have Malwarebytes' Anti-Malware installed, please download it from >>here< to your desktop. Choose the free version and make sure to look for and uncheck the opportunity to try the Pro version as you proceed to install the software.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware and
Launch Malwarebytes' Anti-Malware
Click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, be sure Quick scan is selected, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2:

Please download Junkware Removal Tool to your desktop.

Disable your protection software now to avoid potential conflicts.
Run the tool by double-clicking on XP. Or right click and select Run as Administrator Vista/Win7 and above.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3:

Please download AdwCleaner by Xplode and save to your Desktop.

Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
Click the Scan button.
AdwCleaner will begin. Be patient as the scan may take some time to complete.
The contents of the scan results may be confusing. If you see a program name that you know should not be removed, uncheck the results and please let me know about it.
Click the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Step 4:

And last but not least, if all goes well, we'll run an online scan and check for outdated software.

I'd like to see if we can get an OTL scan now. This scan will produce 2 logs. Go ahead and right on the OTL icon that is on your desktop and choose delete. Then....

Please download OTL to your Desktop

Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox
and
Check the option for All under the Extra Registry section
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.

Please post the contents of both OTL.txt and Extras.txt files in your next reply.

So, in your next reply please post the following logs. If needed, you may post the logs in separate posts. Not sure if so many will fit in one post.

Logs needed to review:

1st:MBAM.txt
2nd:JRT.txt
3rd:AdwCleaner[S0].txt
4th:OTL.txt
5th:Extras.txt

Thank you kindly!
Donna :)

Evenshade · April 03, 2014, 03:07:57 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.03.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Pam :: PAM-PC [administrator]

4/3/2014 8:55:53 AM
mbam-log-2014-04-03 (08-55-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225154
Time elapsed: 8 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Pam on Thu 04/03/2014 at 10:46:17.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Pam\AppData\Roaming\mozilla\firefox\profiles\1c82cdue.default\minidumps [574 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/03/2014 at 10:52:56.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hi Donna,
Here are the first 3 scans you asked for. It appears that this little laptop does not like OTL at all! I tried twice. The first time it hung up and stopped responding and a driver and the second time it stopped responding at exactly the same place as I posted last night.

Continued thanks for your help!
Pam

# AdwCleaner v3.023 - Report created 03/04/2014 at 10:57:09
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Pam - PAM-PC
# Running from : C:\Users\Pam\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\1c82cdue.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.netvibes.com/privatepage/1#Forums_and_Blogs|hxxps://mail.google.com/mail/u/0/#inbox|hxxps://www.facebook.com/|hxxp://www.aol.com/|hxxp://classic.wunde[...]

*************************

AdwCleaner[R0].txt - [1395 octets] - [01/04/2014 20:26:24]
AdwCleaner[R1].txt - [993 octets] - [01/04/2014 20:33:09]
AdwCleaner[R2].txt - [1208 octets] - [03/04/2014 10:55:50]
AdwCleaner[S0].txt - [1415 octets] - [01/04/2014 20:30:05]
AdwCleaner[S1].txt - [1053 octets] - [01/04/2014 20:34:33]
AdwCleaner[S2].txt - [1132 octets] - [03/04/2014 10:57:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1192 octets] ##########

Evenshade · April 03, 2014, 03:26:30 PM

This little note ended up NOT at the top of my last reply. :) I wanted to be sure you saw it.

Hi Donna,
Here are the first 3 scans you asked for. It appears that this little laptop does not like OTL at all! I tried twice. The first time it hung up and stopped responding and a driver and the second time it stopped responding at exactly the same place as I posted last night.

Continued thanks for your help!
Pam

DonnaB · April 03, 2014, 11:45:43 PM

Hi Pam,

Those logs look great! :thumbsup:

QuoteIt appears that this little laptop does not like OTL at all!

I wonder if that has anything to do with SP1 not being installed? Let's run that online scan to see if any residual files are lurking in the background.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go >>HERE<< then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.
Now click on:
(Selecting Uninstall application on close if you so wish)

Evenshade · April 04, 2014, 01:45:46 AM

Here's what was at C\Program Files\ESET\EsetOnlineScanner\log.txt, Donna.......
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

It was at 49% forever then jumped to completion. I do remember seeing 8 "threats" listed but they all had to do with Win32 something.

DonnaB · April 04, 2014, 11:57:53 AM

Good morning Pam,

I'm not quite sure why a log of those threats was not saved. I'm going to ask you to run the scan again.

Please note that I made some changes to the instructions after the scan has finished.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go >>HERE<< then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When the scan is completed, click on List of found threats.
Next, click on Copy to clipboard > Export to text file... (a copy should also be located at C:\Program Files\ESET\EsetOnlineScanner\log.txt)
Click the <<Back button, then the Finish button and close the program.
Copy and paste that log as a reply to this topic.
Now click on:
(Selecting Uninstall application on close if you so wish)

Evenshade · April 04, 2014, 01:33:03 PM

Good morning, Donna,
I think I found the problem and it is me. < s > I had turned off real time protection for MSE before running the scan last night, but it's telling me that I have Panda anti-virus installed. It's not listed in Programs and Features for an uninstall. It *is* listed as an entry in my Control Panel along with all the other computer settings....between Notification Area Icons and Parental Controls and I also see the files PandaCloudAntivirus(1).exe, PandaCloudAntivirus.exe, attach.txt and dds.txt when I click START and type "panda" into the search field. When I click to open it, it says "application not found". How is the best way to get rid of it so I can properly run the scan?

DonnaB · April 04, 2014, 11:36:39 PM

Oh my goodness! Looking back at the uninstall list that DDS provided, I see that Panda Cloud Antivirus is listed there. I was relying on getting that OTL scan and totally overlooked the installed programs after moving on to plan "B". My apologies Pam.

Due to the application not found error, it appears at one time Panda was uninstalled from the Control Panel though it was a botched uninstall. Let's remove the residual Panda files with the Panda removal tool:

Download and save the UNINSTALLER.EXE file to the Windows Desktop.
Double-click the UNINSTALLER.EXE file.
Click Yes when a window showing the following message is displayed:

Do you want to run this uninstaller?
WARNING: It will reboot at the end to ensure a clean uninstall.
Even if the window is not displayed, reboot your computer once the uninstallation process is completed.

Then proceed with the latest ESET instructions above. :)

Evenshade · April 05, 2014, 01:58:31 PM

Donna, I really do feel I should have remembered that I uninstalled Panda a long time ago (and obviously never gave it another thought!). Thanks for the unistnaller. Now, I have a dumb question. I have restarted the ESET scan twice and the laptop keeps going to a blank screen (goes to sleep? hibernates?) and the scan stops. If I try to keep a visible screen by using mouse/keyboard (against the instructions, but I don't know what else to do), it stops and says "stopped by user". How can I see what the scan is doing when I can't keep it visible on the screen?

Thank you...you are such a patient person. Do you have a pillow next to your computer that you scream into? < s >

Evenshade · April 05, 2014, 02:02:05 PM

Oh wait! I did end up with a log. Here it is...tell me if it's helpful. Thanks!
Pam

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0292fa3db9702b4b8a48d2e0a1faf41c
# engine=17763
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-05 01:30:32
# local_time=2014-04-04 09:30:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 4807159 148204882 0 0
# scanned=108906
# found=5
# cleaned=0
# scan_time=3551
sh=F91E422A1957748E2459D0F06EA177AFC3840E52 ft=1 fh=7cc70ecb4dbc4f60 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2197473533-1832051902-499653901-1001\$RGFD99X\PandaSecurityTb.exe"
sh=723B506A8D8B7F55446677162E457AF762609DF8 ft=1 fh=ff74453c97060a1a vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2197473533-1832051902-499653901-1001\$RJRKVNB\PandaSecurityTb.exe"
sh=626A8BFDE566A47CF8E844A0E43552BE7789EB6B ft=1 fh=92a716713397c90b vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Users\Pam\AppData\Local\Temp\mia1\hstart.exe"
sh=626A8BFDE566A47CF8E844A0E43552BE7789EB6B ft=1 fh=92a716713397c90b vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Users\Pam\AppData\Local\Temp\mia2\hstart.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Pam\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0292fa3db9702b4b8a48d2e0a1faf41c
# engine=17763
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-05 01:53:43
# local_time=2014-04-05 09:53:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 4851750 148249473 0 0
# scanned=152558
# found=0
# cleaned=0
# scan_time=44459

DonnaB · April 05, 2014, 11:04:07 PM

Hi Pam,

QuoteThank you...you are such a patient person. Do you have a pillow next to your computer that you scream into?

You're welcome! :azn: I was thinking the same thing about you!! Oh how I wish I could retire so I could sit and help people all day on the computer. Work ....... it's all about the money! :rolleyes:

Thanks for the ESET log. I'm sure you did uninstall Panda, though residual files can linger and cause issues later down the road. I had Panda a few years ago and the same thing happened to me.

Couple questions if I may;

Do you still hear background sounds? It appears that we got the infection nipped in the bud.

How about your screen? Are you sill having issues with it going blank on you?
Check the power settings in Start > Control Panel > Power Options. Specifically Sleep and or Hibernation settings.

Evenshade · April 06, 2014, 12:56:27 AM

Donna,
I think we're good! No, we don't hear any more sounds out of it. I think the screen going blank was the laptop just trying to hibernate or go to sleep. I will check the settings as you suggest.

I do have one more question. I had seen an error message on it that had to do with DCOM...saying something like "DCOM must now restart because the server has terminated unexpectedly". I had gone in (before I contacted Landzdown) and disabled DCOM. Do I need to do anything else or leave well enough alone. < s >

I am very grateful for all of you who volunteer to help us who need you. A big Thank You!
Pam

Evenshade · April 06, 2014, 01:04:55 AM

One more question....
How do I uninstall all the "stuff" that we installed. :)
Pam

DonnaB · April 06, 2014, 04:28:51 AM

Hi Pam,

The ESET log is clean! :thumbsup:

We can clean up our tools now. We still need to get your software up to date, especially Service Pack 1.

QuoteI had gone in (before I contacted Landzdown) and disabled DCOM. Do I need to do anything else or leave well enough alone.

First, yes! Please re-enable DCOM at this time. Let me know if you get any more errors.

To uninstall OTL, please do as follows:

OTL Clean-Up

Right click on the

icon on your desktop and choose Run as administrator to open the main window.

Next click on the

button.

Once clean up is complete you will be prompted to reboot your computer. Please do so.

This should remove DDS, RoguKiller and OTL itself.

To uninstall AdwCleaner:

Right-click on AdwCleaner.exe and choose Run as administrator to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.

To uninstall Junkware Removal Tool (JRT), just right click and choose Delete

If you find any logs on your computer, you can delete them now.

Let's create a new Restore Point and clean out the old ones.

First create a new clean restore point. Instructions found here, if needed.

Next:

Clear out the old Restore Points

Go Start > All Programs > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

The above will flush out all the restore points except the last one you just created.

Let me know when you are finished with the above, then all we'll need to work on is updating software.

Donna :)