Strange Processes Slowing Me Down

As I said in your other post, you have some unknown processes running. Please follow the instructions in the Read and Run First sticky at the top of the forum and once done, attach the requested logs.

 

First, remove everything that was found in ADW. Next, open task manager and end these processes:

lscdpnb.exe
exibrgo.exe

Do not reboot!

Try to rerun RogueKiller and Hitman.

 

Please attach the RogueKiller log and if you can, copy and paste into notepad the results from Hitman.

 

I am still worried about some processes. Please do the following:

Please do the below so that we can boot to System Recovery Options to run a scan. There will be two options to choose from.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Option1: Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

Option2: Enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

 

Hello, Merkava

The reasoning behind using Notepad is after opening a Command Prompt window, you are only using Notepad to see what drive letter your machine has assigned to the flash drive containing frst... nothing else - just "File/Open", look for the flash drive letter, close Notepad, now command your machine to run frst which is located in drive (assigned drive letter). <--- That's done by (assigned drive letter):\frst64

 

Humm....let's try running this:
Please download Zemana Malware Removal to your desktop and run it please. It should produce a log for you. At the top right it will give you a report.

 

If Farbar completed properly, you should have on your flash drive a file > FRST.txt. Do you have it?

 

The only thing found by the logs was PunkBuster. Use windows explorer to find and delete > (see image as my forward slash is not working LOL) Just remove the entire PunkBuster Folder.

Otherwise, looking at your screenshots and what did run, there is no malware that could be accounting for your issues. Could you do a system restore to a date before these issues started?

 

It's the only file that came up in the scans as a trojan. Usually it is benign, but your copy could be infected. However, it is usually benign. However, considering your issues, I can only suggest a restore or:

http://www.majorgeeks.com/files/details/tweaking_com_windows_repair.html

 

I can't force you to uninstall Punkbuster, but I have never known Roguekiller to give a false positive. It is very possible that where you downloaded it from, the program was embedded with a trojan, which could account for the scans not running and the other issues you are having.

 

Your latest screenshot of task manager did not show any unusual processes. Your plan sounds reasonable. Let me know how it goes.

 

Is described as a Windows Process Manager .... the other is only listed as Client Service. Not sure about that last one.

Perhaps you should try running:

eSet Online Scan.

 

Are they .exe? I need to know the full path to the files, please.

 

Let's see if we can figure out what is going on with this.

• Download TDSSKiller from Kaspersky directly onto your Desktop
• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7,8 and 10, do not double click on it but rather, right click and select Run As Administrartor. )
• If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).

• If you do not see the file extension, please refer to: How to view hidden, system files & folders!
• You may see a window similar to the below appear

• Click on Run to allow the application to run properly.
• If you see any popup warnings from your antivirus or firewall about it trying to access the nework or similar, make sure that you allow it to run/have access.
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.

You will then see the below window

• Click on the Start scan button to begin the scan and wait for it to finish. When it finishes, you will see a window similar to below accept you may have one indicating infections were found.

• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should already be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )
• Reboot and the infection should hopefully be removed.

TDSSkiller - How to run

 

Good idea.

 

Nothing found. Please do the TDDSKiller scan. I need it to double check.

 

Don't worry about it. Both report the same.

 

Did you reboot after running TDSSKiller? If not, do so now.

Once back in normal mode:

Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message.

 

TDSSKiller took care of those, and to be sure, the fixlist for FRST will double check it.

 

OK. When we are done, we will have to talk about the lack of space on your hard drive.

 

Fixlog is garbage for some reason. Try to rerun RogueKiller and Hitman.

 

If RougueKiller can not remove them, we can try different ways. Just upload the log when you are ready.

 

Yes. You can make a log as directed in post #12. And also rerun TDSSKiller and attach that new log, please.

 

What about TDSSKiller?

 

Try to remove them all including the suspicious one. Afterward, reboot and rerun it and attach the new log.