Need Help With Malware

October 17, 2014, 2:56 am

≪ Previous: EXE problem - possibly "bootExecute" reverted

Download to Desktop: DDS by sUBs from one of the below locations

http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.exe

double click DDS to run it
Make sure there is a check mark in DDS txt
place a check mark in the attach.txt box and then press start

Do not select any other options unless specifically told to

When complete, DDS.txt will openand attach.txt will be minimized on your taskbar, click on it to open it

Save both reports to your desktop.
DDS.txt
Attach.txt

post the contents of both logs back here.

and please do this
Please run the MGA Diagnostic Tool and post back the report it creates:

Download MGADiag to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

Please download and run WVCheck.

Double-click WVCheck.exe.
As indicated by the prompt, this program can take a while depending on your hard drive space.
Once the program is done, copy the contents of the Notepad file as a reply.

↧

Viruses

October 17, 2014, 11:38 am

≫ Next: windows7 will not boot

≪ Previous: Need Help With Malware

OS Version: Microsoft Windows 8, 64 bit
Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 2
RAM: 6029 Mb
Graphics Card: Microsoft Basic Render Driver, 6 Mb
Hard Drives: C: Total - 381096 MB, Free - 322033 MB; D: Total - 550702 MB, Free - 550542 MB;
Motherboard: ASUSTeK COMPUTER INC., X550CA
Antivirus: Avira Desktop, Updated and Enabled
HELLO I NEED HELP I AM NEW TO COMPUTERS AND HAVE TRIED TO LOAD MOZZILA FIREFOX AND GOOGLE AND ENDED UP WITH V9 AND OTHER SEARCH ENGINES TRIED TO REMOVE THEM NOW MY COMPUTER KEEPS FREEZING AND WOULD JUST LIKE IT BACK TO NORMAL IF POSSIBLE THANKS

↧

windows7 will not boot

October 17, 2014, 12:37 pm

≫ Next: Slow Computer - Can Anyone Help? Log Attached

≪ Previous: Viruses

Toshiba satellite 1500 L505
Windows 7
Vision AMD
Windows is loading files. On bottom of screen. Will not boot
Have tried Windows 7 64 bit restore disc and up simple save external hard drive
Help please
I am communicating with my kindle

↧

Slow Computer - Can Anyone Help? Log Attached

October 17, 2014, 1:11 pm

≫ Next: Multiple pop ups/ads on webpages

≪ Previous: windows7 will not boot

My computer is running slow lately for some reason. I have already tried cleaning it, Malwarebytes, SuperAntiSpyware, and ComboFix.

I am running Windows 7 Professional with an Intel i7 @3.4 GHz with 32 GB of ram. Can anyone help? It used to be super fast. It is not my internet connection. Things are just slower than normal. Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:35:00 PM, on 10/17/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)

FIREFOX: 32.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Home\AppData\Local\Citrix\GoToMyPC\gotomypc_1470.exe
C:\Users\Home\AppData\Local\Temp\G2_1470\g2viewer.exe
C:\Users\Home\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - Startup: Dropbox.lnk = Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Axiom Audio Device Monitor (AxiomAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Xerox PrintingScout Status Watcher (XCPSPWD) - Xerox Corporation - C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE
O23 - Service: Xerox PrintingScout Status Database (XCPSSDB) - Xerox Corporation - C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE

--
End of file - 8164 bytes

↧

Multiple pop ups/ads on webpages

October 17, 2014, 2:35 pm

≫ Next: need to get laptop get rid of nurowise Trojjan.Gen.2

≪ Previous: Slow Computer - Can Anyone Help? Log Attached

I am using a HP laptop with windows 8 operating system. The laptop is fairly knew (about 2 months). Almost since I got it I kept getting multiple popups when i open any website online. I thought maybe I had downloaded something that brought the virus so I went to my programs and uninstalled some apps that were causing some popups and the ads from these ads stopped. but this particular one never went. All the popups say 'ads by SmartSaver+ 21.1. I've tried to find any program with that but I couldn't find any. Whenever I click on a button on my webpage, another page pops up and I have to remove it and on every page i go to there are about 5 or more ads that pop up. I installed ads block but it didn't change anything so I know its definitely a virus. I also use avast antivirus but it doesn't help either. What i don't get is how my laptop could have a virus when it's new. I didn't even use it that much and i wasn't downloading any programs as well but the problem had started almost immediately i got it.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, Intel64 Family 6 Model 69 Stepping 1
Processor Count: 4
RAM: 8122 Mb
Graphics Card: Intel(R) HD Graphics Family, -2016 Mb
Hard Drives: C: Total - 690095 MB, Free - 612677 MB; D: Total - 24263 MB, Free - 2419 MB; E: Total - 476936 MB, Free - 408714 MB;
Motherboard: Hewlett-Packard, 22D6
Antivirus: Windows Defender, Disabled

↧

need to get laptop get rid of nurowise Trojjan.Gen.2

October 18, 2014, 4:14 am

≫ Next: Windows Update Won't Run

≪ Previous: Multiple pop ups/ads on webpages

The TSGsysinfo: -

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Basic, Service Pack 2, 32 bit
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-70, x64 Family 17 Model 3 Stepping 1
Processor Count: 2
RAM: 1789 Mb
Graphics Card: ATI Radeon HD 3200 Graphics, 256 Mb
Hard Drives: C: Total - 229154 MB, Free - 173900 MB; D: Total - 9316 MB, Free - 1666 MB;
Motherboard: Hewlett-Packard, 30FB
Antivirus: Norton AntiVirus, Updated and Enabled

I have norton antivirus running on my computer.
Today my computer cot a few infections as I was
trying to download something. I was trying to
download Nokia PC suite from download.cnet.com.
It was during this time when my laptop got
infected.I was notified by Norton antivirus
through a popup. I then immediately stoped
downloading. The download had barley started.

When I go to Norton security history I get the folloing details detected by auto-protect :-
a) nurowise[1].dll (Trojan.Gen.2), Severity is high, Status is blocked
b) neurowisebho.dll (Trojan.Gen.2), Severity is high, Status is blocked
c) neurowisesetup.exe (PUA.Downloader), Severity is low, Status is quarantined

Now when browsing many advertisements get loaded
on my browser which are both relevent and irrevel
ent to my search history.

I have also posted screenshots explaining the
problem please have a look.

Earlier prior to today I had run a root kit scan
called Norton power eraser twice. It used to
detected a DNS host threat with severity high
but was not able to remove it both times. It
would also show the file location. So I went to
the location and moved the files to recycle and
never deleated them. After a few days I noteced
the files had deseapered from the recycle bin.
Today again I ran a root kit scan through norton
power eraser. This time it was not able to
detect any root kits. Instead it detected the
SYSinfo tool of this websit installed on my
deskyop.

Attached Images

	Norton 1.png (56.8 KB)
	norton 2.png (43.9 KB)
	Norton 3.png (41.9 KB)
	Norton 4.png (48.8 KB)

↧

Windows Update Won't Run

October 18, 2014, 6:18 am

≫ Next: Internet Explorer will not start

≪ Previous: need to get laptop get rid of nurowise Trojjan.Gen.2

I recently found Windows update hasn't worked for some weeks.
This morning I tried again - eventually got a message saying I need a new version of the updater. The message said that if I did as instructed, windows updater would close and then re-open. It did indeed close, but failed to re-open.
I have scanned for malware (I have Norton 360 running, and also checked with Malwarebytes, and Windows own emergency scanner) but my PC shows clean. Repeated attempts to do an update get me nowhere, and Microsoft's automated tool, which is supposed to fix this sort of thing, isn't helping.

I also find I cannot access some pages in Microsft Windows Support. It does look like malware to me, despite my not finding any.

All help gratefully received.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz, Intel64 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 4028 Mb
Graphics Card: NVIDIA GeForce 8600 GT (Microsoft Corporation - WDDM v1.1), 256 Mb
Hard Drives: C: Total - 715394 MB, Free - 251750 MB; D: Total - 305234 MB, Free - 179084 MB;
Motherboard: Intel Corporation, DG43GT
Antivirus: Norton 360 Premier Edition, Updated and Enabled

↧

Internet Explorer will not start

October 18, 2014, 6:30 am

≫ Next: Bootkit

≪ Previous: Windows Update Won't Run

This a.m. tried computer again and IE did start and is running normally. Based on my post that started this thread let me know if you think there could be an issue with malware and we will proceed. If not, please mark as solved. Thanks in advance. Jay

↧

Bootkit

October 18, 2014, 8:09 am

≫ Next: M...LOCKER/Personal file is this a virus

≪ Previous: Internet Explorer will not start

Hi,

I think I am infected with a BootKit. I am no malware analyst, so I don't know if I supplied the correct thread title.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz, Intel64 Family 6 Model 15 Stepping 11
Processor Count: 2
RAM: 4095 Mb
Graphics Card: AMD Radeon HD 6450, 1024 Mb
Hard Drives: C: Total - 778951 MB, Free - 611920 MB; D: Total - 174813 MB, Free - 156496 MB; F: Total - 99 MB, Free - 69 MB;
Motherboard: ASUSTeK Computer INC., P5G41-M LE
Antivirus: ESET NOD32 Antivirus 7.0, Updated and Enabled

I assigned the System partition with a drive letter and saw that Boot/BCD has a date of this Monday. As it is just before Patch Tuesday, I don;t think anything normal would modify that file. I discovered the change on Tuesday.

Then yesterday, Friday, I discovered that the file has a new modification date again. And today the date changed to today.

I have ran TDSS Killer. And it reported nothing.

I have ran GMER. And this is what it says:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-16 18:25:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4 WDC_WD1001FALS-00J7B1 rev.05.00K05 931.51GB
Running: e7nk3c0u.exe; Driver: C:\Users\Mori\AppData\Local\Temp\pxldqpow.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001b4200 7 bytes [40, A3, F3, FF, 01, B5, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001b4208 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1400] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075d78791 4 bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000757c1465 2 bytes [7C, 75]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000757c14bb 2 bytes [7C, 75]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757c1465 2 bytes [7C, 75]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757c14bb 2 bytes [7C, 75]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757c1465 2 bytes [7C, 75]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757c14bb 2 bytes [7C, 75]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757c1465 2 bytes [7C, 75]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757c14bb 2 bytes [7C, 75]
.text ... * 2
.text C:\Program Files (x86)\AntiLogger\AntiLogger.exe[2360] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000075d734b1 4 bytes {CALL 0xffffffff8ab46f30}
.text C:\Program Files (x86)\AntiLogger\AntiLogger.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757c1465 2 bytes [7C, 75]
.text C:\Program Files (x86)\AntiLogger\AntiLogger.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757c14bb 2 bytes [7C, 75]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [1888:372] 000007fef4e69688
Thread C:\Windows\system32\mmc.exe [2744:3024] 000007feea6efe98
Thread C:\Windows\system32\mmc.exe [2744:1080] 000007feea8300bc
Thread C:\Windows\system32\mmc.exe [2744:676] 000007fefc022bf8
Thread C:\Windows\system32\mmc.exe [2744:1240] 000007feea8300bc
Thread C:\Windows\system32\mmc.exe [2744:348] 000007feea839cc0
Thread C:\Windows\system32\mmc.exe [2744:2440] 000007feea8300bc
Thread C:\Windows\system32\mmc.exe [2744:2712] 000007feea8300bc
Thread C:\Windows\system32\mmc.exe [2744:952] 000007feea8300bc
Thread C:\Windows\system32\mmc.exe [2744:3044] 000007feea8300bc
Thread C:\Windows\system32\mmc.exe [2744:980] 000007feea71d9ac

---- EOF - GMER 2.1 ----

I was using MMC.exe - Local Security Policy while GMER ran. So that why mmc showed up. I don't know what the first 2 entries are.

The machine is off the network since Tuesday. So I don't know why the BCD file changed yesterday and today. Maybe the malware comes in 2 pieces, and keeps the infection going.

Thanks in advance for all your help.

↧

M...LOCKER/Personal file is this a virus

October 18, 2014, 8:21 am

≫ Next: Advice for removing searchassist and help to understand advice please

≪ Previous: Bootkit

When I click on SystemLook-64.exe to run it I don`t get run as administrator

When I right click on same and click on Run As Administrator I get a blank sheet with a Look button at the foot. Should I click on Look andscan the result ?

Sorry if I`m being dumb

↧

Advice for removing searchassist and help to understand advice please

October 18, 2014, 8:52 am

≫ Next: General Security Concerns

≪ Previous: M...LOCKER/Personal file is this a virus

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Celeron(R) CPU N2815 @ 1.86GHz, Intel64 Family 6 Model 55 Stepping 3
Processor Count: 2
RAM: 8080 Mb
Graphics Card: Intel(R) HD Graphics, -1984 Mb
Hard Drives: C: Total - 945914 MB, Free - 888993 MB;
Motherboard: DSG Retail Ltd, 079114
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled
Hello, please forgive me as I believe the answer to my problem may already be posted, however, I'm not confident enough to be sure. I'm also struggling with basic computer language and concern about doing more harm than good to my laptop.
My problem - My homepage always opens with www.searchassist.net/?p=h&m=10206&c=d&s I can't remove it although I can go on a dropdown to google.I tried to disable it but the homepage still appears albeit without the searchassist name. I also have something appearing which says it protects against malware - Trusteer IBM.? Finally, I think, there is a site that keeps popping up with free spyware downloads. I also thought my laptop backed up my files however, I will now back them up to a CD. I would really appreciate any help or advice. If you can assist me please be patient if I do not understand all the instructions; I don't even understand what the box underneath this one is asking - Tags? Sorry

↧

General Security Concerns

October 18, 2014, 8:59 am

≫ Next: Computer Running VERY slow

≪ Previous: Advice for removing searchassist and help to understand advice please

i have moved tothe virus forum
have a read here
http://forums.techguy.org/virus-othe...e-posting.html

it may take 48 hrs before you get a reply , as its a very busy forum and only authorised members may assist here

↧

Computer Running VERY slow

October 18, 2014, 3:10 pm

≫ Next: RealCloud player virus

≪ Previous: General Security Concerns

Hi there,

I just got this computer, used, and I knew it would need some tuning up. I took it to a local computer shop - and it didn't really help. I have been looking online for help, but I don't know how to do a lot of the things online forums say to do (a little techonologically challenged) so I'm wondering if there is someone who could help in layman's terms.

Thank you.

↧

RealCloud player virus

October 18, 2014, 6:58 pm

≫ Next: log in problems

≪ Previous: Computer Running VERY slow

I manged to get a virus that has locked me out of malware bytes and seends tons of Popups to my screen while online. I believe it is from an accidental download of RealCloud player. I thought I was updating real player. The ads that pop up starting from the top right corner say enterprise1.1
Some of the adds looks like pages peeling from the top right corner.
I have windows 8.
My processing speed keeps getting slower. I have ran avast also avast boottime scans several times.

Please help me remove this virus

↧

log in problems

October 19, 2014, 5:20 am

≫ Next: Flash Player Pro Virus/Worm

≪ Previous: RealCloud player virus

every time i try to log in to my facebook account the page goes to. Internet cannot display the website,

↧

Flash Player Pro Virus/Worm

October 19, 2014, 7:47 am

≫ Next: Startup Repair cannot find problem

≪ Previous: log in problems

Has anyone had any experience with this? When starting up my Win 8.1 laptop I get a screen telling me my flash player needs to be updated to Flash Player Pro. Very good looking panel and you'd think it was from Adobe.

Not one to just click on an ad like that I went to Adobe's web site and found that, first, flash player is already incorporated in Win 8 and automatically gets updates from Microsoft, and second, there is no such thing as Flash Player pro. A google search turned up a web site that claims it's a worm hacked into the routers, mainly attacking Win 7 machines.

Neither my other laptop or PC, both Win 7 machines, have had any problems. It's the Win 8.1 laptop that's slow to boot and I get the "Flash Player Pro" panel every time and sporadically while using the machine. I never downloaded anything regarding the web site this spam/malware came from. I've run SuperAntiSpyware, AVG and Windows Defender and they turn up nothing but the everyday tracking cookies, etc. which I have removed. The panel still keeps coming up and the laptop is still slow to boot. If it is something in the router itself, how do I get rid of it in there?

After just resolving a problem with my PC and now this, I'm about ready to go back to pencils and paper! :rolleyes: :)

↧

Startup Repair cannot find problem

October 19, 2014, 3:26 pm

≫ Next: Virus,and everything else

≪ Previous: Flash Player Pro Virus/Worm

Hi and welcome.

I have moved the topic to the Malware forum.

Download the enclosed file (see below). Save it in the same location FRST is saved. Run FRST, except that this time around click on the Fix button and wait. The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.

Attempt to boot in normal mode and let me know the outcome.

Attached Files

fixlist.txt (949 Bytes)

↧

Virus,and everything else

October 19, 2014, 4:46 pm

≫ Next: What anti virus is the best to get

≪ Previous: Startup Repair cannot find problem

I wish I was able to download and run the utility,log, however my computer is so messed up, I am sending this from my other computer. Went to bed last night and computer was working just fine. However, I find that my computer has been messed up terribly. Viruses, etc. Constant popup of "Internet Explorer has stopped working". Windows looking for a solution, however, none found. Cannot access Internet Explorer. I have McAfee Plus, but evidently it has not protected my computer from viruses. Popup that it has blocked a potentially unwanted program, however, the popup keeps popping up over and over again. Talked to McAfee and they want to charge up to $400 dollars to correct. -- Sure could use some advice as what I should do? email - mammykins1@gmail.com. Thank you in advance for whatever help you might be able to give. Thank You

↧

What anti virus is the best to get

October 19, 2014, 6:24 pm

≫ Next: poss full of spyware etc cos pages loading slow and coming out wrong

≪ Previous: Virus,and everything else

I have Norton Anti virus right now and the subscription ended. I can pay 30 to renew for a year.

Or is there a free good anti virus that i can get

THANKS for your help

↧

poss full of spyware etc cos pages loading slow and coming out wrong

October 20, 2014, 10:59 am

≫ Next: unwanted ads

≪ Previous: What anti virus is the best to get

Hi

I think my computer needs a clean cos pages like hotmail are coming out weird.
I've updated my sysinfo and would like to find out how to clean this computer out.
I don't just want to download any cleanup software from the internet.

thanks

↧

Latest Images