Dam redirects etc. I am my wits end, no hair left.

October 8, 2014, 3:09 pm

≫ Next: Cryptowall

≪ Previous: Why does Hard Drive Fill up on it's own?

$

0

0

I have tried many times using Malware removal, Malwarebytes Anti-Malware, SUPERAntiSpyware Free Edition and a few more.
They say they find and fix but nothing seems to change.
I keep getting many pop up adds.
Also get many redirects and word on pages that display as links.
I went into add and remove programs and got rid of anything I didn't recognize.
Any ideas?
Thanks
James


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz, x86 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 3044 Mb
Graphics Card: Intel(R) Q35 Express Chipset Family, 384 Mb
Hard Drives: C: Total - 163921 MB, Free - 119308 MB; D: Total - 789632 MB, Free - 671937 MB; F: Total - 163921 MB, Free - 96256 MB; G: Total - 789632 MB, Free - 294875 MB;
Motherboard: Dell Inc., 0GM819
Antivirus: ZoneAlarm Antivirus, Updated: Yes, On-Demand Scanner: Disabled

---

Cryptowall

October 9, 2014, 9:07 am

≫ Next: Very slow internet page load and no printer

≪ Previous: Dam redirects etc. I am my wits end, no hair left.

$

0

0

It has been over month and unfortunately it can't wait because there is a timer on it before the changes become permanent. Thanks for your willingness to help others. Could any of you please tell me if reseting to factory would fix this problem?

Very slow internet page load and no printer

October 9, 2014, 12:23 pm

≫ Next: pup virus on windows 7

≪ Previous: Cryptowall

$

0

0

Hello,

Your version of FRST is outdated. Please delete your copy of FRST.exe (right-click + Delete), redownload and rerun a Scan.

Ensure a checkmark is placed next to Addition.txt.

pup virus on windows 7

October 9, 2014, 1:38 pm

≫ Next: loading pages problem

≪ Previous: Very slow internet page load and no printer

$

0

0

oops didn't do this bit but here it is........ hope this can help anyone to fix my laptop, thanks..

loading pages problem

October 9, 2014, 4:10 pm

≫ Next: Botnet and Internet is very slow

≪ Previous: pup virus on windows 7

$

0

0

will someone please tell me if i am in the wrong forum or why no one is replying to me?

Botnet and Internet is very slow

October 9, 2014, 5:42 pm

≫ Next: Avast blocking harmful webpages...

≪ Previous: loading pages problem

$

0

0

Earlier this week roadrunner had contacted me mentioning some botnet activity on CPU and I want that removed if possible. For some reason my CPU is very slow on the internet. My Adblock plus is turned on so I'm not sure whate else to do. Any information would be appreciated. Thanks.

Avast blocking harmful webpages...

October 9, 2014, 11:39 pm

≫ Next: windows explorer freezes

≪ Previous: Botnet and Internet is very slow

$

0

0

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU 2127U @ 1.90GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 2
RAM: 3983 Mb
Graphics Card: Intel(R) HD Graphics, 1799 Mb
Hard Drives: C: Total - 460856 MB, Free - 385827 MB;
Motherboard: Dell Inc., 0FXP6Y
Antivirus: avast! Antivirus, Updated and Enabled


Of course after I just got help for my sister's laptop, now it seems I'm infected with something. Everytime I open my Google browser I keep getting popups from Avast saying it blocked a harmful webpage. Such as:
homedatastars.co
takethefilenow.co
yourdownloadplace.com
URL:mal
In programs files...chrome.exe

I installed Adware Cleaner and copied and pasted the following report.

# AdwCleaner v3.311 - Report created 10/10/2014 at 02:10:51
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : smorovic - SMOROVIC-PC
# Running from : C:\Users\smorovic\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\smorovic\Documents\Online

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\smorovic\AppData\Roaming\Mozilla\Firefox\Profiles\4nzjqjv9.default-1410849553741\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\smorovic\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z065&partner_id= 287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_versio n=2.0&install_country=US&install_date=20110706&user_guid=9336B23226664B2CA5 5BA4F2615A39BA&machine_id=d2e04772182162478ad0105f59fc21f9&browser=CR&os=wi n&os_version=5.1-x86-SP3
Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_38_ch&cd=2XzuyEtN2Y1L1Qzuy ByEzzyCyB0AtC0FyDyD0CyBtC0FyD0FtN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1C zutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StBzzyE0EtCtA0FtDtGyCyC0A0CtGtAtC0A0 DtGtCyEzyyEtGyByC0BtC0A0B0A0EzzyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzztDyB0Czy 0EzztGtD0CyC0DtGyE0A0DyCtG0BzytB0DtGzytCyByBtDyEzzyEyB0FtBzy2Q&cr=193935740 6&ir=
Deleted [Search Provider] : hxxp://websearch.broadcom.com/search?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=adult&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://www.oxygenmag.com/Search-Results.aspx?query={searchTerms}&page=
Deleted [Startup_urls] : hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_38_ch&cd=2XzuyEtN2Y1L1QzuyByEzzyCyB0AtC0FyDyD0CyBtC0F yD0FtN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1 V1N2Y1L1Qzu2StBzzyE0EtCtA0FtDtGyCyC0A0CtGtAtC0A0DtGtCyEzyyEtGyByC0BtC0A0B0A 0EzzyC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzztDyB0Czy0EzztGtD0CyC0DtGyE0A0DyCtG0 BzytB0DtGzytCyByBtDyEzzyEyB0FtBzy2Q&cr=1939357406&ir=

*************************

AdwCleaner[R0].txt - [6695 octets] - [31/03/2014 22:51:33]
AdwCleaner[R1].txt - [1642 octets] - [13/08/2014 00:29:37]
AdwCleaner[R2].txt - [3740 octets] - [10/10/2014 02:05:20]
AdwCleaner[S0].txt - [6696 octets] - [31/03/2014 22:59:04]
AdwCleaner[S1].txt - [2663 octets] - [13/08/2014 00:30:56]
AdwCleaner[S2].txt - [3664 octets] - [10/10/2014 02:10:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3724 octets] ##########

windows explorer freezes

October 9, 2014, 10:36 pm

≫ Next: My PC is hacked

≪ Previous: Avast blocking harmful webpages...

$

0

0

I have a windows 8 laptop and yesterday I did ran my Trojan killer software and I had heaps of adware on my laptop, which didn't surprise me because it hasn't been working to well lately, I ran it and got rid of the results but now I have discovered that when I open my photo and music files (which is connected to windows explorer),they are very slow and when I right click on a file it just doesn't open anything it just keeps on trying to load. Please help and if anyone could help me in this in plain English would be great because I'm not a techy....thankyou

---

My PC is hacked

October 10, 2014, 5:39 am

≫ Next: Trying to remove Inspasio.exe

≪ Previous: windows explorer freezes

$

0

0

Hi
My PC has been hacked .
First on logging into any user account two cmd windows open and then a dialogue comes that your system will reboot for upgrade.
And before reboot my default browser opens and there is a message from the hackers.
The names are Jon Snow on Ygritte I'm Not sure about the second one.
But the PC works fine in safe mode.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 8119 Mb
Graphics Card: NVIDIA GeForce GT 430, -1 Mb
Hard Drives: C: Total - 299898 MB, Free - 80316 MB; D: Total - 653867 MB, Free - 218364 MB; F: Total - 476937 MB, Free - 140598 MB;
Motherboard: Gigabyte Technology Co., Ltd., H55M-S2
Antivirus: None

Trying to remove Inspasio.exe

October 10, 2014, 8:21 am

≫ Next: http://securepaths.com/pixel.cgi

≪ Previous: My PC is hacked

$

0

0

I have been trying to remove inspasio.exe from my computer for a little while now but I have found myself unable to do so! I had tried numerous things and nothing has prevailed so far so I thought I would try and get some help from an expert seeing is how im definitely no expert on these types of things! I have malwarebytes but that does not seem to remove it, the problem lies with inspasio.exe making my computer lag and slower by maximizing the cpu usage! I have found the file and have tried deleting it but it will not let me! I am the admin on my cpu but I can not get permission to delete this malware! Any help would be greatly appreciated!

http://securepaths.com/pixel.cgi

October 10, 2014, 1:22 pm

≫ Next: Mouse freezes. Computer locks up

≪ Previous: Trying to remove Inspasio.exe

$

0

0

I saw this posted earlier after searching on this forum and the reply seemed very specfic, from OCD, so I thought I would request a reply from my specific problem. I use AOL for my email and each time I open an email I get a new open window, usually several, with the address "http://securepaths.com/pixel.cgi" It does not seem to be causing any problems but then again I'm no computer genius. Can anyone help to remove whatever is causing this?

Mouse freezes. Computer locks up

October 11, 2014, 10:31 am

≫ Next: What to do about this malware ?

≪ Previous: http://securepaths.com/pixel.cgi

$

0

0

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 4
RAM: 8098 Mb
Graphics Card: NVIDIA GeForce GTX 550 Ti, 1024 Mb
Hard Drives: C: Total - 953859 MB, Free - 702408 MB; F: Total - 238414 MB, Free - 2 MB;
Motherboard: ASUSTeK COMPUTER INC., B85M-E
Antivirus: AVG AntiVirus Free Edition 2014, Updated and Enabled

Hi there,

I'm pretty sure everything was running fine until I downloaded a VLC player (which I have removed recently). My computer began shutting down and rebooting after giving me a blue screen. That's since stopped, but now my mouse constantly starts freezing. Occasionally it will allow me to move it after a few minutes but remains unstable. Often, when my computer monitor powers out and goes to the black screen in hibernation, I cannot wake it by moving the mouse. I have tried several different mice and still have the same problem.

I have run the avg scan, the malwarebytes scan, and a spybot scan. Still the same problem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:45 AM, on 10/11/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [EPSON Artisan 720 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYA.EXE /FU "C:\Windows\TEMP\E_SEACB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_BFB1AAC9AD5759BCC5B883652DF33E69] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1169591574-1390683875-1780121129-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1169591574-1390683875-1780121129-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [20090604] C:\Program Files (x86)\The Print Shop 3.0 Deluxe\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 3.0 Deluxe\RegApp\encore_reg.rpd" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [20090604] C:\Program Files (x86)\The Print Shop 3.0 Deluxe\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 3.0 Deluxe\RegApp\encore_reg.rpd" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

What to do about this malware ?

October 11, 2014, 12:29 pm

≫ Next: HELP computer slow

≪ Previous: Mouse freezes. Computer locks up

$

0

0

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 1912 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 5 Mb
Hard Drives: C: Total - 152524 MB, Free - 127642 MB;
Motherboard: Hewlett-Packard, 30DB
Antivirus: avast! Antivirus, Updated and Enabled


Hi,
After owning my laptop for several months now, it might be time to do some cleanup. Not just to reduce a slow response time but also to rid the system of a probable malware infection .
I really dont want to introduce anymore system cleanup software programs . As this is where I may have downloaded a virus or malware.
Now last night, things came to a head when I could not access my aol mail .........each and everytime I got an error: username and password not recognized .
What the heck ? I have only a few password variations and each one produced the same error msg

Obviously, I have an issue right malware right now. I would appreciate any help in getting my computer clean and responsive like before.

Xer

HELP computer slow

October 11, 2014, 4:22 pm

≫ Next: Internet Issues: Automatically Completing Passwords, Links in E-Mails Not Working, et

≪ Previous: What to do about this malware ?

$

0

0

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

Internet Issues: Automatically Completing Passwords, Links in E-Mails Not Working, et

October 11, 2014, 7:30 pm

≫ Next: Browsers are taken over-Windows says isn't authentic

≪ Previous: HELP computer slow

$

0

0

eddie 5659, thanks for the reply. I didn't receive an e-mail that you replied but when I checked TSG I saw your reply there. I tried running SystemLook again and a the program produced another report, but I find the computer really can't stay connected to the Internet long enough to send the report in a reply. The computer takes a little while to connect, and then when I click on a link in a site, I get a message saying that the connection was lost. All in all, after installing more RAM the computer is running very well, with the exception of the Internet. I bought the "mini" computer to take with me when travelling and not being able to surf the Internet is a real hindrance. Do you have any suggestions as to why the Internet keeps disconnecting whenever I click on a link within a site? Thanks again for your help.

---

Browsers are taken over-Windows says isn't authentic

October 12, 2014, 7:40 am

≫ Next: inspasio.exw removal

≪ Previous: Internet Issues: Automatically Completing Passwords, Links in E-Mails Not Working, et

$

0

0

I have a laptop (SysInfo below) that I loaned to my son while I fixed some broken hardware on his. When I got it back, the browsers are jacked...always popping up windows wanting me to download some utility, messages saying my system is seriously compromised and must call a number for tech support, wont let me exit pages, can't keep up with the popups, etc..

While I had it, I used MS security essentials and their malicious sw removal tool and on occasion malwarebytes. Since he only had limited access to the internet, he downloaded and blogged what he needed--just did his own thing, isn't into anything covert, but not all that careful. And, he did not keep the MS tools updated or scanned and Malwarebytes updates were way outdated. Through a lot of effort I was able to uninstall malwarebytes, uninstall Java, and update MS security essentials, and downloaded the latest copy of their malware removal tool. Other than wanting to just get the laptop generally cleaned up so I can use the browsers and java again, I have two major concerns. First, when I got the laptop back, it now says I don't have a legitimate copy of windows anymore, which it is (Was Vista OEM, but upgraded to a legitimate version of 7), and the second concern I have is that when security essentials was updated and scanned, it came back with a message saying that items detected on my system need further analysis by MS to determine if they are malicious. The path for what they are looking at is: C:\Users\(username)\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe . I have to check the entry (it was the only one found) and then choose to send the report to MS or not. I'm a little uneasy sending it to MS, first because my experience with info that gets reported to most organizations generally merits no response and thus no assistance either. The thing I'm a little concerned over is that they are asking to evaluate a utility that comes stock with every sandisk usb flashdrive for allowing you to save files on their drives with SanDisk proprietary encryption. I guess my concern is with the file they are wanting to examine more closely (I know this sounds a little paranoid when it comes to corporate espionage--and I'm not a conspiracy freak by any measure). First because of the proprietary encryption, and second, because it's under my user profile (I created a windows user profile he could use while he had it), especially now that it's saying I don't have a valid windows license. I don't want to be busted for going against anything in their windows agreement and loose the license (that is if it's not already lost). I'm sure I've plugged dozens of flash drives into the laptop, as has my son. So my specific questions are:
1. Should I send the info to MS they are requesting?
2. How do I get my old laptop back in working order?
3. I'm even wary about making backups of it in it's current condition--if there's all kinds of ugliness on there, I'm not sure if I want a copy of whatever it is, roaming around on my external backup hard drive--and there's too much stuff to backup to DVD and, btw, the burner has stopped burning any disks as well he said.

Any and all help is appreciated. I know it's an old dog of a box, but it's been a good laptop and I'd really like to hang onto it for a backup or second machine still. Thx in advance!

SysInfo:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, x64 Family 6 Model 15 Stepping 11
Processor Count: 2
RAM: 3573 Mb
Graphics Card: VNC Mirror Driver, 3 Mb
Hard Drives: C: Total - 47700 MB, Free - 8368 MB; D: Total - 47692 MB, Free - 6524 MB;
Motherboard: Dell Inc., 0KU184
Antivirus: Microsoft Security Essentials, Updated and Enabled

inspasio.exw removal

October 12, 2014, 12:05 pm

≫ Next: laptop - popups -check for virus/malware please

≪ Previous: Browsers are taken over-Windows says isn't authentic

$

0

0

I cannot delete inspasio.exe from my computer. An error message keeps popping up every few seconds

laptop - popups -check for virus/malware please

October 12, 2014, 12:23 pm

≫ Next: SVCHOST.EXE is running high

≪ Previous: inspasio.exw removal

$

0

0

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8, 64 bit
Processor: Intel(R) Core(TM) i3-2377M CPU @ 1.50GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 3909 Mb
Graphics Card: Intel(R) HD Graphics 3000, 1826 Mb
Hard Drives: C: Total - 459108 MB, Free - 395033 MB;
Motherboard: Acer, Aspire S3-391
Antivirus: Avira Desktop, Not Updated

Daughters Laptop had a load of popups

I removed all the PUP I could
deleted temp files / cookies etc

ran adwcleaner twice
ran superantispware twice - rebooted each time
ran malwarebytes twice - rebooted each time
ran aviara virus scan

all reports fixed / quarantined

working better now - but would like to be sure nothing hidden

any advice welcome - thanks in advance

SVCHOST.EXE is running high

October 12, 2014, 1:43 pm

≫ Next: not a valid win32 application

≪ Previous: laptop - popups -check for virus/malware please

$

0

0

Dear Adam!

The Shogun has been removed.

I am still experienced the same problem.

The same "Host process" runs high, with no reason...

I experience lower system power, if running anythig especially firefox, chrome, videos, etc...

not a valid win32 application

October 12, 2014, 2:16 pm

≫ Next: Slow computer with a pop up that will open and close really quickly.

≪ Previous: SVCHOST.EXE is running high

$

0

0

hello all, i have some nasty stuff going on with my laptop. I clean friends and co workers pc's and laptops all the time usually with combofix and adwcleaner. this one is on the wifes laptop and for the life of me i cant get rid of the mess. Ive ran combofix and it cleared out a few files. the problem is adwcleaner and other similar programs from bleepingcomputer. I get " ...exe is not a valid Win32 application "
Ive tried tdss killer and others with the same error message.

any help or guidance is greatly appreciated.
Thank you for any assistance

-Steve-