svchost.exe rising to 200'000 memory

May 21, 2015, 1:54 am

≫ Next: Slow Browser All Across The Board

Hello,

First of all english is not my mother tongue so please excuse any mistakes that I could make.

As the title states I have a problem with a running process which is svchost.exe. There are a lot of these but one of them is always up there at 200'000 RAM usage. I tried forcing it to close but it keeps coming back and always up again at 200'000 memory usage.

I tried looking for solutions and saw that someone has had the same problem and was helped by one of your staff. Sadly the process to fix it is too hard for me to do alone as I don't understand much that is going on in that particular thread.

If anyone knows how to help me it would be great, thanks in advance.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows*7 Édition Familiale Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 8
RAM: 8187 Mb
Graphics Card: NVIDIA GeForce GTX 560, 1024 Mb
Hard Drives: C: Total - 305142 MB, Free - 50127 MB; H: Total - 953866 MB, Free - 73831 MB;
Motherboard: Gigabyte Technology Co., Ltd., P55-USB3
Antivirus: None

↧

Slow Browser All Across The Board

May 21, 2015, 6:47 pm

≫ Next: bogus files not spotted by Avast

≪ Previous: svchost.exe rising to 200'000 memory

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz, Intel64 Family 6 Model 26 Stepping 5
Processor Count: 8
RAM: 12278 Mb
Graphics Card: ATI Radeon HD 5800 Series, 1024 Mb
Hard Drives: C: Total - 953766 MB, Free - 503391 MB;
Motherboard: DELL Inc., 0X501H
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

HELLO Tech Guys!

I'm in need of desperate help!!! Here's my situation:

For the past two months, my browser (Chrome, Forefox, IE) speed have slowed down to what almost feels like dial up. I was working with another tech on here under a different forum but he was unable to resolve the issue and suggested I post it under here...thinking it could be a virus/malware issue.

I currently have 45 Mbps down and running speedtest.net shows me this (at least when my Chrome browser loads the page properly for it to run). I also ran the speedtest.net on the laptop (connected directly to the router) and it also gives me 45 Mbps down (page loads right away every time...using IE).

The last tech suggested to test the download time at thinkbroadband.com. This gave me at time of 1 minute 39 secs for a 10 MB download and 33 secs for a 5 MB download...which is equivalent to like 1Mbps...if that. Unfortunately, I was not able to test this on the laptop as the file will not load (it's a work laptop so security is probably blocking it).

If you have time (because it's quite lengthy...4 pages worth), here's the link to the other post (http://forums.techguy.org/networking...d-desktop.html) if you want to see what all we did trying to resolve the problem.

I hope you guys can help! Thanks in advance!

↧

bogus files not spotted by Avast

May 22, 2015, 1:31 pm

≫ Next: Username.exe issue, CPU usage 100%

≪ Previous: Slow Browser All Across The Board

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: AMD A4-5300 APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 16 Stepping 1
Processor Count: 2
RAM: 3263 Mb
Graphics Card: AMD Radeon HD 7480D, 768 Mb
Hard Drives: C: Total - 926629 MB, Free - 874877 MB; F: Total - 305243 MB, Free - 15515 MB;
Motherboard: LENOVO,
Antivirus: Windows Defender, Disabled

Hello:
Please help me if you can..........
Something disabled Windows Defender and is letting very large bogus files onto my computer so I installed the latest free version of Avast. I am using win 8.1 in a Lenovo computer. I just discovered that some mystery files are being inserted into my computer by the dozens and these mystery files are extremely large so the hard drive was almost filled up!
Here is what I found by using an app called WinDirStat:
the mystery files look like this: 12754694899610736661_2853498758043839360_4480_4480 ~ 960 MB
and this: ver1
they are sent to this location in my computer: C:\$Recycle.Bin\S-1-5-21-2712117882-3860235528-2112810399-1002

When I open the mystery file with FIREFOX, it looks like this:
file:///C:/recyclebin/12754694899610736661_2853498758043835520_3840_3840
which is an application/octet-stream (960 MB) from C:\recyclebin

Note: file opens in Firefox but there is no information in the page and, after selecting Ctl - U, there is NO code at all!

These files are still coming into my computer after installing Avast so PLEASE help me if you can. I can catch these files with the help of WinDirStat but want to stop them altogether. I believe a virus has invaded my PC and had hoped that Avast would catch and kill it but not so far!
Thanks,
jim

↧

Username.exe issue, CPU usage 100%

May 22, 2015, 1:53 pm

≫ Next: Comp infected and can't drag and drop some things.

≪ Previous: bogus files not spotted by Avast

I would like to examine the files we removed so we can get them detected by antivirus companies and help others not be infected
can you go to C:\FRST and right click the quarantine folder, select send to compressed( zip) folders
that makes a zip copy of the quarantine folder

please email that zip to me submit@thespykiller.co.uk

↧

Comp infected and can't drag and drop some things.

May 22, 2015, 3:01 pm

≫ Next: Out of control

≪ Previous: Username.exe issue, CPU usage 100%

One of the problems is that I can't copy and paste, or drag and drop an address link. I could do it ok yesterday. Also, I haven't been able to do system restore for a few weeks, from a variety of restore points. Thank you for helping me,
Boyd.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4043 Mb
Graphics Card: Intel(R) HD Graphics Family, 1797 Mb
Hard Drives: C: Total - 584792 MB, Free - 248239 MB; D: Total - 21422 MB, Free - 2275 MB; E: Total - 4055 MB, Free - 10 MB; I: Total - 476937 MB, Free - 8415 MB;
Motherboard: Hewlett-Packard, 1695
Antivirus: Bitdefender Antivirus Free Edition, Updated and Enabled

↧

Out of control

May 22, 2015, 4:41 pm

≫ Next: facebook site said I had malware

≪ Previous: Comp infected and can't drag and drop some things.

my system has been taken over. I use Internet Explorer and Chrome. I am getting a frequent message that the browser has quit and when I click the X the internet explorer continues on but chrome quits and I have to start allover. When ever I click to go to a different place on my browsers I always get something else, some of it I can't get out.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 8094 Mb
Graphics Card: NVIDIA GeForce GT 640M LE, 1024 Mb
Hard Drives: C: Total - 669121 MB, Free - 460941 MB; D: Total - 26079 MB, Free - 22290 MB;
Motherboard: LENOVO, Product Name
Antivirus: Kaspersky PURE 3.0, Updated and Enabled

↧

facebook site said I had malware

May 22, 2015, 9:43 pm

≫ Next: HELP!! xp sp3 strange activity files moving, additional connections to internet

≪ Previous: Out of control

Did u guys forget about me??? Well I had ran mbam and deleted what it found...and haven't seen the FB warning yet again....maybe its fixed?

↧

HELP!! xp sp3 strange activity files moving, additional connections to internet

May 23, 2015, 4:39 pm

≫ Next: Computer Slowness

≪ Previous: facebook site said I had malware

And security log portion:

5/23/2015 4:12:17 PM Security Success Audit Privilege Use 576 NT AUTHORITY\NETWORK SERVICE YOUR-KYBTG65GXE "Special privileges assigned to new logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege"
5/23/2015 4:12:17 PM Security Success Audit Logon/Logoff 528 NT AUTHORITY\NETWORK SERVICE YOUR-KYBTG65GXE "Successful Logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: -"
5/23/2015 4:11:28 PM Security Success Audit Policy Change 850 NT AUTHORITY\SYSTEM YOUR-KYBTG65GXE A port was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy
Profile used: Standard
Interface: All interfaces
Name: Remote Desktop
Port number: 3389
Protocol: TCP
State: Disabled
Scope: All subnets
5/23/2015 4:11:28 PM Security Success Audit Policy Change 850 NT AUTHORITY\SYSTEM YOUR-KYBTG65GXE A port was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy
Profile used: Standard
Interface: All interfaces
Name: UPnP Framework over TCP
Port number: 2869
Protocol: TCP
State: Enabled
Scope: Local subnet only
5/23/2015 4:11:28 PM Security Success Audit Policy Change 850 NT AUTHORITY\SYSTEM YOUR-KYBTG65GXE A port was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy
Profile used: Standard
Interface: All interfaces
Name: SSDP Component of UPnP Framework
Port number: 1900
Protocol: UDP
State: Enabled
Scope: Local subnet only
5/23/2015 4:11:28 PM Security Success Audit Policy Change 850 NT AUTHORITY\SYSTEM YOUR-KYBTG65GXE A port was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy
Profile used: Standard
Interface: All interfaces
Name: SMB over TCP
Port number: 445
Protocol: TCP
State: Enabled
Scope: Local subnet only
5/23/2015 4:11:28 PM Security Success Audit Policy Change 850 NT AUTHORITY\SYSTEM YOUR-KYBTG65GXE A port was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy
Profile used: Standard
Interface: All interfaces
Name: NetBIOS Session Service
Port number: 139
Protocol: TCP
State: Enabled
Scope: Local subnet only
5/23/2015 4:11:28 PM Security Success Audit Policy Change 850 NT AUTHORITY\SYSTEM YOUR-KYBTG65GXE A port was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy
Profile used: Standard
Interface: All interfaces
Name: NetBIOS Datagram Service
Port number: 138
Protocol: UDP
State: Enabled
Scope: Local subnet only
5/23/2015 4:11:28 PM Security Success Audit Policy Change 850 NT AUTHORITY\SYSTEM YOUR-KYBTG65GXE A port was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy
Profile used: Standard
Interface: All interfaces
Name: NetBIOS Name Service
Port number: 137
Protocol: UDP
State: Enabled
Scope: Local subnet only
5/23/2015 4:11:28 PM Security Success Audit Policy Change 849 NT AUTHORITY\SYSTEM YOUR-KYBTG65GXE An application was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy
Profile used: Standard
Name: Nero ProductSetup
Path: E:\Installation\Setupx.exe
State: Enabled
Scope: All subnets
5/23/2015 4:11:28 PM Security Success Audit Policy Change 849 NT AUTHORITY\SYSTEM YOUR-KYBTG65GXE An application was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy
Profile used: Standard
Name: Remote Assistance
Path: C:\WINDOWS\system32\sessmgr.exe
State: Enabled
Scope: All subnets
5/23/2015 4:11:28 PM Security Success Audit Policy Change 849 NT AUTHORITY\SYSTEM YOUR-KYBTG65GXE An application was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy
Profile used: Standard
Name: Run a DLL as an App
Path: C:\WINDOWS\system32\rundll32.exe
State: Enabled
Scope: All subnets
5/23/2015 4:11:28 PM Security Success Audit Policy Change 849 NT AUTHORITY\SYSTEM YOUR-KYBTG65GXE An application was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy
Profile used: Standard
Name: Microsoft Management Console
Path: C:\WINDOWS\system32\mmc.exe
State: Enabled
Scope: All subnets
5/23/2015 4:11:28 PM Security Success Audit Policy Change 849 NT AUTHORITY\SYSTEM YOUR-KYBTG65GXE An application was listed as an exception when the Windows Firewall started.

Policy origin: Local Policy

↧

Computer Slowness

May 24, 2015, 2:03 pm

≫ Next: Help Please...Virus Infection

≪ Previous: HELP!! xp sp3 strange activity files moving, additional connections to internet

Hi,

Recently my laptop started running pretty slowly, hanging (but not freezing), and the internet crashes. Not sure what to do about it; I'm not very knowledgeable about technology. Any suggestions are much appreciated!

↧

Help Please...Virus Infection

May 24, 2015, 3:16 pm

≫ Next: hard drive fills up on its own

≪ Previous: Computer Slowness

Many thanks for your reply. I agree, I believe I may have acquired a virus through the use of utorrent. I have removed, as well as the others you have suggested. For some reason, the Vuze file could not be removed as I tried to do such through the "remove program" in control panel and nothing would happen even though I clicked on it multiple times. The log after the scan is as follows:

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
Ran by Owner at 2015-05-24 18:06:06 Run:2
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Program Files\SearchProtect
C:\Program Files\Common Files\Wondershare
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-05-13] (Client Connect LTD)
C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {FC5F965C-50F7-495F-A16F-C1E2946E31D0} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US1056D20140723&p={SearchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Keyword.URL: https://search.yahoo.com/search?fr=m...56D20140723&p=
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [3274512 2015-05-13] (Client Connect LTD)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [uTorrent] => C:\Documents and Settings\Owner\My Documents\Downloads\uTorrent(2).exe [1688656 2014-12-21] (BitTorrent Inc.)
2015-05-22 22:57 - 2015-05-22 22:59 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\SearchProtect
2015-05-22 22:57 - 2015-05-22 22:58 - 00000000 ____D () C:\Program Files\SearchProtect
2015-05-22 22:56 - 2015-05-22 22:56 - 00000585 _____ () C:\Documents and Settings\Owner\Start Menu\µTorrent.lnk
2015-05-22 22:56 - 2015-05-22 22:56 - 00000585 _____ () C:\Documents and Settings\Owner\Desktop\µTorrent.lnk
2015-04-30 22:43 - 2015-04-30 22:43 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Wondershare PDFelement
2015-04-30 22:41 - 2015-04-30 22:41 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
2015-04-30 22:41 - 2015-04-30 22:41 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Wondershare
2015-04-30 22:41 - 2015-01-30 16:40 - 00083016 _____ (Wondershare Software) C:\WINDOWS\system32\WSMonEditor.dll
2015-04-30 22:40 - 2015-04-30 22:42 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Wondershare
2015-05-24 11:05 - 2014-08-05 13:45 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\uTorrent
EmptyTemp:
Cmd: ipconfig /flushdns

*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Program Files\SearchProtect" => File/Folder not found.
C:\Program Files\Common Files\Wondershare => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value Removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderO ptions => value Removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControl Panel => value Removed successfully.
"C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll" => value data not found.
"C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll" => File/Folder not found.
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully.
"HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
"HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC5F965C-50F7-495F-A16F-C1E2946E31D0}" => key Removed successfully.
HKCR\CLSID\{FC5F965C-50F7-495F-A16F-C1E2946E31D0} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key Removed successfully.
Firefox DefaultSearchEngine Removed successfully.
Firefox SearchEngineOrder.1 Removed successfully.
Firefox SelectedSearchEngine Removed successfully.
Firefox Keyword.URL Removed successfully.
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2 => key not found.
C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2 => key not found.
C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
CltMngSvc => Service not found.
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value Removed successfully.
"C:\Documents and Settings\Owner\Local Settings\Application Data\SearchProtect" => File/Folder not found.
"C:\Program Files\SearchProtect" => File/Folder not found.
C:\Documents and Settings\Owner\Start Menu\µTorrent.lnk => Moved successfully.
"C:\Documents and Settings\Owner\Desktop\µTorrent.lnk" => File/Folder not found.
C:\Documents and Settings\Owner\My Documents\Wondershare PDFelement => Moved successfully.
"C:\Program Files\Common Files\Wondershare" => File/Folder not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\Wondershare => Moved successfully.
C:\WINDOWS\system32\WSMonEditor.dll => Moved successfully.
C:\Documents and Settings\Owner\Application Data\Wondershare => Moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent => Moved successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 71.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 18:07:00 ====

↧

hard drive fills up on its own

May 24, 2015, 4:38 pm

≫ Next: My father's computer may be infected with 1 or more issues according to Comcast

≪ Previous: Help Please...Virus Infection

My hard drive fills up without my adding anything to it. I have deleted everything I can think that would be large, but still my C drive is almost full. Every time i delete stuff, the next day it has begun to fill it back up, to the tune of a gig per day or more. Please help! This is a fairly new PC.
Thanks

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 4
RAM: 16265 Mb
Graphics Card: Intel(R) HD Graphics 4600, -1984 Mb
Hard Drives: C: Total - 462008 MB, Free - 72054 MB; D: Total - 11851 MB, Free - 1302 MB; E: Total - 2040 MB, Free - 2017 MB;
Motherboard: Hewlett-Packard, 1942
Antivirus: Microsoft Security Essentials, Updated and Enabled

↧

My father's computer may be infected with 1 or more issues according to Comcast

May 24, 2015, 6:38 pm

≫ Next: Overwhelming ads and underlined green text popups

≪ Previous: hard drive fills up on its own

Quick Q I just anted to ask. In "Programs and Features" I see the various programs to select for uninstalling. After I select a program (Advanced SystemCare 8 for example), I see the following options at the top of the list of programs (from left to right):
Organize; Uninstall; Powerful Uninstall

Is there any preference &/or benefit to using the "Powerful Uninstall" option vs. the one word "Uninstall" option?

Thank you

↧

Overwhelming ads and underlined green text popups

May 25, 2015, 1:13 am

≫ Next: Creative.ad120m.com virus-malwhare-garbage in my Desktop

≪ Previous: My father's computer may be infected with 1 or more issues according to Comcast

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 7989 Mb
Graphics Card: Intel(R) HD Graphics, -325 Mb
Hard Drives: C: Total - 447802 MB, Free - 2610 MB; D: Total - 28832 MB, Free - 4229 MB; F: Total - 99 MB, Free - 83 MB;
Motherboard: Hewlett-Packard, 144C
Antivirus: Norton AntiVirus Online, Updated and Enabled

I keep getting the very annoying underlined green texts with linked ads in any article I'm reading. I already went through the internet settings and supposedly removed all extensions that might be giving an issue. I downloaded AdwCleaner and ran the scan. I will copy and paste the results here. I am afraid of removing something that I may actually need. So I need some advice on that front.

AdCleaner:

# AdwCleaner v4.205 - Logfile created 25/05/2015 at 01:25:19
# Updated 21/05/2015 by Xplode
# Database : 2015-05-24.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Natalie - NATALIE-HP
# Running from : C:\Users\Natalie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P9RBXXI3\adwcleaner_4.205.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
File Found : C:\Users\Chet\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff
File Found : C:\Users\Chet\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage-journal
File Found : C:\Users\Chet\AppData\Roaming\Mozilla\Firefox\Profiles\hrlbt1g2.default\sea rchplugins\dregol.xml
File Found : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\w8bxg3f4.default\sea rchplugins\dregol.xml
File Found : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\6yhutnh9.default\ searchplugins\dregol.xml
File Found : C:\Users\Natalie\AppData\Roaming\WBPU-TTL.DAT
Folder Found : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\6yhutnh9.default\ Extensions\{02edb56b-9b33-435b-b7df-b2843273a694}
Folder Found : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\6yhutnh9.default\ Extensions\{d0d872fa-5875-418c-8f78-684486dc9a43}
Folder Found : C:\Users\Natalie\AppData\Roaming\ProgSense
***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\ProgSense
Key Found : [x64] HKCU\Software\ProgSense
Key Found : HKLM\SOFTWARE\Classes\CLSID\{b160a11e-8cde-47dd-bc20-2d67921fe5c6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Classes\DictionaryBoss.ToolbarProtector
Key Found : HKLM\SOFTWARE\Classes\DictionaryBoss.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{58f23f40-5d16-4689-8e7d-c867153c8770}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73a92446-8e2a-4b4d-8bfb-fa18f6b1c9a8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f1c42789-0513-4c10-9978-e4eabbe0e02d}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{73a92446-8e2a-4b4d-8bfb-fa18f6b1c9a8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\.DEFAULT\Software\AskToolbar
Key Found : HKU\.DEFAULT\Software\ImInstaller
Key Found : HKU\.DEFAULT\Software\WNLT
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DictionaryBoss AppIntegrator 32-bit]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DictionaryBoss AppIntegrator 64-bit]
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17801

-\\ Mozilla Firefox v29.0.1 (en-US)
[hrlbt1g2.default] - Line Found : user_pref("browser.search.selectedEngine", "Dregol");
[hrlbt1g2.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtCzztC0AtA0D0DtBzyzytN0D 0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L[...]
[w8bxg3f4.default] - Line Found : user_pref("browser.search.selectedEngine", "Dregol");
[w8bxg3f4.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtCzztC0AtA0D0DtBzyzytN0D 0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L[...]
[6yhutnh9.default] - Line Found : user_pref("browser.search.selectedEngine", "Dregol");
[6yhutnh9.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtCzztC0AtA0D0DtBzyzytN0D 0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1StN1L[...]
-\\ Google Chrome v43.0.2357.65
[C:\Users\Chet\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Chet\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtCz ztC0AtA0D0DtBzyzytN0D0Tzu0CyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD 1B1P1R&cr=1376235985&ir=
[C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtCzztC0AtA0D0DtBzyzytN0D0Tzu0C yCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1376235985&ir=
[C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtCzztC0AtA0D0DtBzyzytN0D0Tzu0C yCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1376235985&ir=
[C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtCz ztC0AtA0D0DtBzyzytN0D0Tzu0CyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD 1B1P1R&cr=1376235985&ir=
[C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0 D0AtCzztC0AtA0D0DtBzyzytN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyE tBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCzy0ByDtCtByEtBtGtAtDtCyBtG0AtA0FzztG0At AyD0EtGtCyEtCzytAtC0EtD0FtByB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0Dzz0E0C0FtAyCtG 0Bzz0CtDtGyEyB0C0EtG0BzyyCyCtGyEyCtByDyCyD0BzzyEyC0Bzy2QtN0A0LzutB&cr=20292 43224&ir=
*************************
AdwCleaner[R0].txt - [61747 bytes] - [26/01/2015 00:39:27]
AdwCleaner[R1].txt - [7425 bytes] - [25/05/2015 01:25:19]
AdwCleaner[S0].txt - [62241 bytes] - [26/01/2015 00:42:33]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [7544 bytes] ##########

I would like to clear these bugs out right away but I want to wait and have an expert check out the list of the marked programs so they can tell me which ones need to stay, if any, so that I don't end up regretting my DIY fix. :D

Thank you so very much in advance!!! And happy Memorial Day!

↧

Creative.ad120m.com virus-malwhare-garbage in my Desktop

May 25, 2015, 5:14 am

≫ Next: Spyware, virus's and home access clogging up computer, please help

≪ Previous: Overwhelming ads and underlined green text popups

Good Morning America !!

I have come accross a nasty malware-virus which comes after I choose a soccer game to watch during the week end at www.usagoals.com and I am stopped by a new page with a warning advising me not to go on with opening the game page because I might have security problems freezing any further page within that site. The page itself does not allow to do anything like to copy it or reload it but to close it. I could not trace it at the malware TSG site but there are web references to it here in Europe where it is known as creative.ad120m.com I will appreciate your help to delete that garbage from my computer which I have not been able to do after following many advises from the web. I have also made a Hijackthis log so you can check if there is any hint there to delete that virus:

Thank you very much for you help,

Oniro

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:57:49, on 25/05/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)

FIREFOX: 37.0.2 (x86 en-US)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Hernando\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hernando\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GUDelayStartup] "D:\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Hernando\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Hernando\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [CCleaner Monitoring] "D:\ccleaner\CCleaner.exe" /MONITOR
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hernando\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.h tm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FACD039-DCBD-4B9C-8857-DFC7D281BAE9}: NameServer = 192.89.123.230 192.89.123.231
O17 - HKLM\System\CS1\Services\Tcpip\..\{3FACD039-DCBD-4B9C-8857-DFC7D281BAE9}: NameServer = 192.89.123.230 192.89.123.231
O17 - HKLM\System\CS2\Services\Tcpip\..\{3FACD039-DCBD-4B9C-8857-DFC7D281BAE9}: NameServer = 192.89.123.230 192.89.123.231
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mobile Broadband. OUC (Mobile Broadband. RunOuc) - Unknown owner - C:\Program Files\Mobile Broadband\UpdateDog\ouc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

--
End of file - 7483 bytes

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3004 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1278 Mb
Hard Drives: C: Total - 306356 MB, Free - 239860 MB; D: Total - 149999 MB, Free - 132559 MB;
Motherboard: SAMSUNG ELECTRONICS CO., LTD., R530/R730
Antivirus: Microsoft Security Essentials, Updated and Enabled

↧

Spyware, virus's and home access clogging up computer, please help

May 25, 2015, 8:05 am

≫ Next: Slow PC after opening attachment

≪ Previous: Creative.ad120m.com virus-malwhare-garbage in my Desktop

Ok, thanks for all your help.

↧

Slow PC after opening attachment

May 25, 2015, 9:39 am

≫ Next: Possible virus created HPA on system ssd

≪ Previous: Spyware, virus's and home access clogging up computer, please help

Adding some more info in hope of receiving some help here.

I ran BitDefender Quick Scan, which found no viruses.

I installed HijackThis, when starting a scan I get a message saying the program is denied write access to the host file. After the scan, when pressing the "AnalyzeThis" button I get a message saying I have no Internet connection.

I'll post the results of the scan here:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:37:24, on 25.05.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Arne\AppData\Local\TelenorCapture\TelenorCapture.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Arne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T454UKKN\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?tracki...q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?tracki...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?p=mKO_AwFzXI...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?p=mKO_AwFzXI...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [20150107] C:\Program Files\AVAST Software\Avast\setup\emupdate\90026c26-0890-42de-a9f7-2f474cc510ba.exe /check
O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: Min Sky.lnk = Arne\AppData\Local\TelenorCapture\TelenorCapture.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NO/Co...IKEA_Win32.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab...l_4.5.13.0.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\Program Files (x86)\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13907 bytes

↧

Possible virus created HPA on system ssd

May 25, 2015, 6:13 pm

≫ Next: How to rid off the annoying "Deals" pop ups from appearing again?

≪ Previous: Slow PC after opening attachment

I have had some issues with my pc which I really cannot explain or find any help for, I have been experiencing a sluggish computer which at times will randomly freeze with the mouse being the only thing movable. It seems there is an HPA on my ssd as it is ever so slightly smaller than it normally is. I have scanned with my regular virus removal which consists of Avast and Malware Bytes and neither found anything on either my system drive of the hard drive I keep my games on.

I attempted to detect whether or not there was an HPA on each drive and there is not one on my hard drive though the dco is frozen , I have no option to detect on the ssd with HDAT2 even though it scans the hard drive fine and when I try to detect with OSForensics I get the following error message.

"Could not retrieve Max User LBA
Could not retrieve Max Native LBA - GET NATIVE MAX Command issue failed
Could not retrieve Max Disk LBA - DCO Locked"

My computer also crashed while I was attempting to scan for HPAs when I first encrypted my ssd which is particularly suspect and I really am at a loss and am ready to throw both drives out to be safe but if there are any other options I would love to hear them before I drop another 300$

I am Running Windows 7 and I am using an Asus Sabertooth MOBO

↧

How to rid off the annoying "Deals" pop ups from appearing again?

May 26, 2015, 2:25 am

≫ Next: Urgent attention needed, please !!!

≪ Previous: Possible virus created HPA on system ssd

Step 1
Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

↧

Urgent attention needed, please !!!

May 26, 2015, 8:17 am

≫ Next: stamplive error in all websites in Google Chrome

≪ Previous: How to rid off the annoying "Deals" pop ups from appearing again?

Please do not start more than one thread for the same issue.

Closing duplicate.

↧

stamplive error in all websites in Google Chrome

May 26, 2015, 5:35 pm

≫ Next: "finding discount" malware?

≪ Previous: Urgent attention needed, please !!!

I am getting a stamplive error in all websites I visit including this. It says the scripts have been blocked. I have Malware bytes installed, Eset smart security and Cryptomonitor but nothing reports this.

I had once installed Spyhunter unknowingly.

Now how can I get rid of this console error?

Attached Images

stamplive-console.jpg (83.0 KB)

↧

Latest Images