Solved more holes than swiss cheese

[wireplus3]

Win7.64 .Family messed with it so bad I tried reinstalling wows to no avail. Still lost admin rights, creator owner rights set up (not by us), can't edit registry... Nothing found with Norton scan, nothing with malwarebytes, tried chameleon and it started by itself and has been on the boot log "Loaded: \Windows\system32 \DRIVERS\Atipcie64.sys for an hour with the active disk light a solid orange.

Do I wait for a miracle or shut it of and use it as a desk weight?

Thanks for any help

 

[Fiery]

Hi and welcome to MalwareTips! Are you having malware-related issues? To let us see what is wrong, please follow the instructions to run Farbar Recovery Scan Tool so we can diagnose your system.

http://malwaretips.com/Thread-VIIRUS-REMOVAL-PLEASE-HELP?pid=111281#pid111281

 

[wireplus3]

Hi and welcome to MalwareTips! Are you having malware-related issues? To let us see what is wrong, please follow the instructions to run Farbar Recovery Scan Tool so we can diagnose your system.

http://malwaretips.com/Thread-VIIRUS-REMOVAL-PLEASE-HELP?pid=111281#pid111281

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 15 days old)
Ran by 9A.WIRE at 28-03-2013 00:01:55

I have attached, thank you so much Fiery!!

 

[wireplus3]

Sorry...I ran on infected computer....then saw the directions below the download... I am following directions correctly now...and I will slow down....:angel:

 

[wireplus3]

Sorry...I ran on infected computer....then saw the directions below the download... I am following directions correctly now...and I will slow down....:angel: Farbar is erroring "error_Winapi_readfile..... only 0 bytes read ....OK" IS it okay to click?

 

[wireplus3]

DONE! logs are attached. Odd -- when i scanned from usb port, I was working with drive G, it changed to K:\ after getting back into the computer.... K is the disappearing drive that caught my attention in the first place...

 

[Fiery]

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

 

[wireplus3]

Thanks Fiery!

Here is the reports you asked for.
AdwCleaner = [attachment=4090]
//////////////////////////////////////////////////
RK gave me two reports -- here is the first:
[attachment=4091]
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : 9A.WIRE [Admin rights]
Mode : Scan -- Date : 03/28/2013 23:17:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 2bc4024b941d5a0bd88bb05211dfa37c
[BSP] 51054e9745dcbc29197b90f0fc1e67ff : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206911 | Size: 941493 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1928386560 | Size: 12273 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03282013_02d2317.txt >>
RKreport[1]_S_03282013_02d2317.txt

//////////////////////////////////////////////

and here is the second:
[attachment=4092]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : 9A.WIRE [Admin rights]
Mode : Remove -- Date : 03/28/2013 23:18:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 2bc4024b941d5a0bd88bb05211dfa37c
[BSP] 51054e9745dcbc29197b90f0fc1e67ff : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206911 | Size: 941493 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1928386560 | Size: 12273 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03282013_02d2318.txt >>
RKreport[1]_S_03282013_02d2317.txt ; RKreport[2]_D_03282013_02d2318.txt

////////////////////////////////////////////

Mbar . exe found nothing but I have attached the reports as well.
[attachment=4089][attachment=4093]

Thanks for your help! April

 

[Fiery]

Ok, what problems are you experiencing exactly? Please describe them in detail