Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Never Ending Malware pop up alert


  • This topic is locked This topic is locked
28 replies to this topic

#1 Pestyone

Pestyone

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 20 April 2015 - 08:59 AM

Ok here goes this won t be easy.

I was trying to post the Farbar scan log but its to huge and I gave up after reaching 8 pages trying to get it into smaller smaller sections.

 

So posting the junk removal scan; but what I need to do fast is post a screen shot of this malware alert spam pop up alert that wants me to call a toll free number so they can fix me up;  yeah right like I am that stupid.

 

Its 130 kbs in size but the problem is when I use print screen ; the print gets saved in libre office as

O D T   so I can t upload that to here its not acceptable; so how do I fix that and get it posted here so it get removed ! ?      I so need the help it isn t going away and it needs to get posted here .

 

 

So whats next  :  (

 

 

 

  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.9 (04.19.2015:1)
OS: Windows 8.1 x64
Ran by Pestyone on Mon 04/20/2015 at  9:40:50.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3116091646-4023644724-1358722376-1001

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/20/2015 at  9:44:44.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



BC AdBot (Login to Remove)

 


m

#2 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 20 April 2015 - 05:27 PM

Ok dang it guess this has to be done the hard way to have the malware removed ; will post scans till somebody tells me how to get

a screen shot posted .

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/20/2015
Scan Time: 6:01:34 PM
Logfile: Malwear here.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.20.06
Rootkit Database: v2015.04.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Pestyone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377056
Time Elapsed: 20 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#3 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 20 April 2015 - 05:35 PM

Ok heres  the  ADW  log -

 

 

 

 

# AdwCleaner v4.201 - Logfile created 20/04/2015 at 18:29:52
# Updated 08/04/2015 by Xplode
# Database : 2015-04-20.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Pestyone - LOSTSOUL
# Running from : C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCache\IE\227E7FR4\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v

*************************

AdwCleaner[R3].txt - [768 bytes] - [17/04/2015 18:27:03]
AdwCleaner[R4].txt - [986 bytes] - [20/04/2015 18:28:37]
AdwCleaner[S3].txt - [916 bytes] - [20/04/2015 18:29:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [974  bytes] ##########



#4 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 20 April 2015 - 05:56 PM

Ok heres the Emisoft malware log - 

 

 

 

Emsisoft Anti-Malware - Version 9.0
Last update: 4/20/2015 6:50:41 PM
User account: lostsoul\Pestyone

Scan settings:

Scan type: Quick Scan
Objects: Rootkits, Memory, Traces

Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 4/20/2015 6:51:03 PM
Value: HKEY_USERS\S-1-5-21-3116091646-4023644724-1358722376-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3116091646-4023644724-1358722376-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)

Scanned 59019
Found 2

Scan end: 4/20/2015 6:51:42 PM
Scan time: 0:00:39



#5 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 20 April 2015 - 06:01 PM

Heres one I love called Ultra Adware killer posting that log now . 

 

 

 

 

Emsisoft Anti-Malware - Version 9.0
Last update: 4/20/2015 6:50:41 PM
User account: lostsoul\Pestyone

Scan settings:

Scan type: Quick Scan
Objects: Rootkits, Memory, Traces

Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 4/20/2015 6:51:03 PM
Value: HKEY_USERS\S-1-5-21-3116091646-4023644724-1358722376-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3116091646-4023644724-1358722376-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)

Scanned 59019
Found 2

Scan end: 4/20/2015 6:51:42 PM
Scan time: 0:00:39



#6 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 20 April 2015 - 06:15 PM

Ok heres a Speccy log should help worth posting -

 

ops won t paste so will move on to  next scan . .



#7 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 20 April 2015 - 06:24 PM

Will post more scans later enough for now I see several more to post  .

 

Thanks for the help anybody .    Back later



#8 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 21 April 2015 - 01:05 AM

Ok heres the Super antispy ware scan and ouchy no one here now knows how to get my screen shot posted yet !  ?

 

 

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/21/2015 at 01:59 AM

Application Version : 6.0.1186
Database Version : 11840

Scan type       : Quick Scan
Total Scan Time : 00:01:43

Operating System Information
Windows 8.1 64-bit (Build 6.03.9200)
UAC On - Limited User

Memory items scanned      : 735
Memory threats detected   : 0
Registry items scanned    : 62877
Registry threats detected : 0
File items scanned        : 8445
File threats detected     : 18

Adware.Tracking Cookie
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\27IT4KDL.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\27IT4KDL.txt [ /casalemedia.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\7MW78SRO.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\7MW78SRO.txt [ /ads.pubmatic.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\MBCWYIWN.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\MBCWYIWN.txt [ /ads.ad-center.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\1L79GKXK.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\1L79GKXK.txt [ /ads.adplxmd.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\573TOTKT.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\573TOTKT.txt [ /revsci.net ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\HT146P5N.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\HT146P5N.txt [ /findmonstergames.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\TPL99K1M.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\TPL99K1M.txt [ /doubleclick.net ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\QMVYYT3A.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\QMVYYT3A.txt [ /adtechus.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\9LGIEAUP.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\9LGIEAUP.txt [ /ads.pointroll.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\0TRFI28G.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\0TRFI28G.txt [ /atdmt.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\OVQX6JJF.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\OVQX6JJF.txt [ /ru4.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\KR8H4M8E.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\KR8H4M8E.txt [ /imrworldwide.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\8KCJNDIG.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\8KCJNDIG.txt [ /bs.serving-sys.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\1IRPXIOH.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\1IRPXIOH.txt [ /ads.undertone.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\S50VCZ63.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\S50VCZ63.txt [ /www.findmonstergames.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\HFZ53T9L.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\HFZ53T9L.txt [ /serving-sys.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\EQ6D9NE9.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\EQ6D9NE9.txt [ /advertising.com ]
 C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\QG38OQKE.txtC:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCookies\QG38OQKE.txt [ /pro-market.net ]

 

============
 End of Log
============



#9 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 21 April 2015 - 01:12 AM

Hum thinking Combo - Fix log is next then must see what I have missed then get that scan posted here .



#10 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 21 April 2015 - 02:35 PM

Ok this should help somebody here so many un knowns in this log anyone awake out their to help .

 

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:30:50 PM, on 4/21/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCache\IE\227E7FR4\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe" /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Product Registration Manager (DellProdRegManager) - Aviata, Inc. - C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: My Dell Client Framework - Dell Inc. - C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: 360 Total Security (QHActiveDefense) - Unknown owner - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wyse PocketCloud (WysePocketCloud) - Unknown owner - C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
O23 - Service: Wyse RemoteAccess (WyseRemoteAccess) - DELL Inc. - C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe

--
End of file - 8230 bytes



#11 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 23 April 2015 - 12:37 AM

Humm wonder;  thinking aloud if I print out a copy of the problem screen shot; scan it to to desk top; assuming it

doesn t get messed up in the scan process; could I then attach a that copy of the screen shot ?

 

Would it be small enough and would somehow get into an acceptable bleeping computer format to attach I wonder ?



#12 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:07 AM

Posted 24 April 2015 - 09:47 AM

Hi Pestyone,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
     

Let's get started....

First, do you still need help here or are you being assisted somewhere else?

Second, before you run any more scans, please run a SFC check on this system.
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close nOtepad. Close the Command Window.

After that, we need to get a fresh scan from FRST.

  • If you still have the Addition.txt file on your desktop, please delete it now.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please. Otherwise, just wait for the "The tool is ready to use." message.
  • Please check the Addition.txt in the Option Scan section of FRST.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

If the FRST logs are too large to post, you can attach them this time.


Edited by dbrisendine, 24 April 2015 - 09:49 AM.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#13 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 24 April 2015 - 11:27 AM

I am still here and need the help amazing how the 7 scans I have posted to date haven t gotten me a fix; was hoping

to get a fix the easy way now we try the hard way crappo.    Will post SFC  and FRST logs and yes I know how to post and save logs have posted 7 different ones here and no one has helped; wonder if that is a record for this site ! ?

 

Will try to post a screen shot soon I have that in a JPEG and PDF format my fingers and toes are crossed that it works :  (



#14 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 24 April 2015 - 01:43 PM

Ok using win 8.1 how do I run S F C  I don t see it  :  (    never easy dang it .



#15 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 24 April 2015 - 02:25 PM

Ok  will  try  to  attach  a  screen  shot  fingers  crossed  : (

 

O M G   the attachment worked party time so wheres a fix  :  )

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users