New
#11
I've seen that too many times before. There are search scripts out there (what is the name of that virtual universe?), that gives you answer to your last written question. Of course they give you "correct medicine" for your problem, that serves them well. :)
This is called making money out of nothing and preventing finding good information on net. Sad really.
Wynona, this pop up at start may be connected to do with your missing printer drivers!
Don't have idea, how to fix it yet, but may have some connection.
Edit: did you run Sysinternals utility to show you start programs? Winpatrol is also useful (I am using it).
Last edited by AndreTen; 25 Jun 2016 at 04:16. Reason: Additional info
Not yet, Andre. We're going to do that later, when Simrick is recovered enough to spend some time on the problem. Right now it doesn't seem to be causing any problems, so it's not one of those "hanging fire" issues.
I'll go look at Winpatrol; always good to have an arsenal. :)
Thanks.
Edit: BTW, I'm not going to pay any site that uses those tactics. Especially when we have Simrick!
YUM!
For those of you interested, we had an infection. It's all cleared up now. :)
Clips from scans:
RKILL
Program started at: 06/25/2016 11:20:47 AM in x64 mode.
Windows Version: Windows 10 Pro Insider Preview
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
(note: missing services are a glitch in RKILL & nothing to worry about)
* agp440 [Missing Service]
* gagp30kx [Missing Service]
* IEEtwCollectorService [Missing Service]
* IoQos [Missing Service]
* nv_agp [Missing Service]
* TimeBroker [Missing Service]
* uagp35 [Missing Service]
* uliagpkx [Missing Service]
* WcsPlugInService [Missing Service]
* wpcfltr [Missing Service]
* WSService [Missing Service]
* AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
* WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
* vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
* vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
MBAM
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
Rootkit.Fileless.MTGen, C:\Users\nlrai\AppData\Local\6d52e7\5e805e.bat, , [58cfdd24861477bf89c8fd9d798b7a86],
Physical Sectors: 0
(No malicious items detected)
ADWCleaner
# Support : ToolsLib - Forum: Ask for help or share your experience.
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Users\nlrai\Favorites\Coupons
***** [ Files ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Zwinky
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\zwinky.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\azlyrics.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\uhytajrtpo-a.akamaihd.net
***** [ Web browsers ] *****
[-] [C:\Users\nlrai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\nlrai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\nlrai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared