Solved Rootkit warning keeps coming back

[Broni]

We've been over this couple of times.
You need to send them this file:
C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Internet Explorer users - Click on this link to open ESET OnlineScan.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    [/LIST]
    [*]Check [I]"YES, I accept the Terms of Use."[/I]
    [*]Click the [b]Start[/b] button.
    [*]Accept any security warnings from your browser.
    [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
    [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
    Do NOT checkmark [I]"Use custom proxy settings"[/I]
    [*]Click the [b]Start[/b] button.
    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    [*]When the scan completes, click [b]List Threats[/b]
    [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    [*]Click the [b]Back[/b] button.
    [*]Click the [b]Finish[/b] button.
    [/LIST]

 

[circusboy01]

Broni; Sorry. Didn't make myself clear. I know I need to send them
C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
I copy and posted it from your post to the subject line when I contacted Avast to be sure I got it right. What I don't know how to get is the files, logs. or whatever from

C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
So I can send them to avast.

Last scans that you asked for coming in my next posts.

 

[circusboy01]

Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Spybot - Search & Destroy
Java 7 Update 71
Java version out of Date!
Adobe Flash Player 15.0.0.223
Mozilla Firefox (33.1)
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast ng ngservice.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

[circusboy01]

Service Scanner Version: 21-07-2014
Ran by R.W.Solema (administrator) on 14-11-2014 at 15:12:22
Running from "C:\Users\R.W.Solema\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[Broni]

You need to send them actual file not where the file is located.
They don't have any access to your computer to get that file.
They need to test it.

 

[circusboy01]

Broni; I understand that. But. I don't know where to find the file, so I can send it to them.


Ran Eset. Thought I followed instructions. Must have done something wrong. nothing got saved to desktop. ( not sure I understood directions to do so.
I'm going to start over.

 

[Broni]

Open Windows Explorer,. navigate to C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe and attach jswpsapi.exe file to your email

 

[circusboy01]

Ran Eset again Still no www,Bleeping... on desktop to double click. Still couldn't figure out how to save to desktop. However 1st. scan found 31 infected files 2nd scan found 0

 

[Broni]

That's fine.
Did you read my previous reply?

 

[circusboy01]

Just read it now. Thanks Will send it off to Avast right away.

 

[circusboy01]

Broni; Right clicked start button, and clicked Windows Explorer. once I got there had no clue where to go next Tried a few things (all guesses) Last thing I tried was Local disk C Program Files (x86) NETGEAR WNA1100 jswpsapi exe Nothing happened???

 

[Broni]

What email program do you use?

 

[circusboy01]

I have Yahoo, and Gmail. Yahoo a large majority of the time. I gave Avast my Yahoo email.

I have looked through all of Windows Explorer ( as far as I can tell ) and that file is not there ( or I just can't find it )

 

[Broni]

Go to Yahoo mail, click on Compose (or use "Reply" button in a mail from Avast), enter some message like "I'm attaching required file..".
Click on "Attach" button at the bottom (paper clip).
In a popup window double click on "C:" drive in left pane, double click on "Program Files (x86)", double click on "NETGEAR", click ONCE on "WNA1100".
In RIGHT pane you'll see "jswpsapi.exe".
Click ONCE on it, click "Open" button at the bottom.
You just attached "jswpsapi.exe" file to your mail and you can send it now.

 

[circusboy01]

Followed your instructions.So, hopefully file was sent. However. Just in case I made a mistake, I attempted to send it again. This time, after clicking the paperclip C drive did not show up in the left pane of the pop up ???
Hopefully it worked the first time
Just for curiosity I'm going to restart my computer and see if that makes a difference .

 

[Broni]

For now...

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[circusboy01]

Broni; Thank you Thank you. I downloaded and ran the things you wanted me I will run all the other stuff weekly. I glanced through the things you wanted me to read. Got the gist of it. Bookmarked them so I can read them more thoroughly later.
I tried to keep my computer clean, and safe. I always updated when I ran my "protections"
MBAM, SAS, etc. Always keep window updated..Did I do, at least a fairly good job. Or. Was my computer in pretty bad shape.
Thanks again, and thank you for being so patient with me, Ray

 

[Broni]

You did fine and I'm glad to see your computer clean.

Good luck and stay safe