Build 14371 and 14372 Anomoly .b8527aa

Page 2 of 5 FirstFirst 1234 ... LastLast
  1. Wynona's Avatar
    Posts : 26,099
    Windows 10 1909 Build 18363.657
    Thread Starter
       #11

    f14tomcat said:
    Easy fix! It's even got your name in it!

    Fix Build 14371 and 14372 Anomoly .b8527aa
    What have you done, TC!? How did that get there!?
      My Computer

  2. AndreTen's Avatar
    Posts : 20,880
    Windows 10 (Pro and Insider Pro)
       #12

    Wynona said:
    What have you done, TC!? How did that get there!?
    I've seen that too many times before. There are search scripts out there (what is the name of that virtual universe?), that gives you answer to your last written question. Of course they give you "correct medicine" for your problem, that serves them well. :)

    This is called making money out of nothing and preventing finding good information on net. Sad really.

    Wynona, this pop up at start may be connected to do with your missing printer drivers!

    Don't have idea, how to fix it yet, but may have some connection.

    Edit: did you run Sysinternals utility to show you start programs? Winpatrol is also useful (I am using it).
    Last edited by AndreTen; 25 Jun 2016 at 04:16. Reason: Additional info
      My Computers

  3. Wynona's Avatar
    Posts : 26,099
    Windows 10 1909 Build 18363.657
    Thread Starter
       #13

    AndreTen said:
    I've seen that too many times before. There are search scripts out there (what is the name of that virtual universe?), that gives you answer to your last written question. Of course they give you "correct medicine" for your problem, that serves them well. :)

    This is called making money out of nothing and preventing finding good information on net. Sad really.

    Wynona, this pop up at start may be connected to do with your missing printer drivers!

    Don't have idea, how to fix it yet, but may have some connection.

    Edit: did you run Sysinternals utility to show you start programs? Winpatrol is also useful (I am using it).
    Not yet, Andre. We're going to do that later, when Simrick is recovered enough to spend some time on the problem. Right now it doesn't seem to be causing any problems, so it's not one of those "hanging fire" issues.

    I'll go look at Winpatrol; always good to have an arsenal. :)

    Thanks.

    Edit: BTW, I'm not going to pay any site that uses those tactics. Especially when we have Simrick!
      My Computer

  4. f14tomcat's Avatar
    Posts : 47,918
    Triple boot - Win 10 Pro, Win 10 Pro Insider (2) - (and a sprinkling of VMs)
       #14

    Wynona said:
    Not yet, Andre. We're going to do that later, when Simrick is recovered enough to spend some time on the problem. Right now it doesn't seem to be causing any problems, so it's not one of those "hanging fire" issues.

    I'll go look at Winpatrol; always good to have an arsenal. :)

    Thanks.

    Edit: BTW, I'm not going to pay any site that uses those tactics. Especially when we have Simrick!
    She works cheap! No bitcoins, but she does accept Choco-Dollars!
      My Computers

  5. simrick's Avatar
    Posts : 15,947
    W10Prox64
       #15

    f14tomcat said:
    She works cheap! No bitcoins, but she does accept Choco-Dollars!
    YES!! Those look GOOD!
      My Computer

  6. Wynona's Avatar
    Posts : 26,099
    Windows 10 1909 Build 18363.657
    Thread Starter
       #16

    f14tomcat said:
    She works cheap! No bitcoins, but she does accept Choco-Dollars!
    Well, she just earned her weight in Choco-Dollars!
      My Computer


  7. simrick's Avatar
    Posts : 15,947
    W10Prox64
       #17

    Wynona said:
    Well, she just earned her weight in Choco-Dollars!
    YUM!

    For those of you interested, we had an infection. It's all cleared up now. :)

    Clips from scans:

    RKILL
    Program started at: 06/25/2016 11:20:47 AM in x64 mode.
    Windows Version: Windows 10 Pro Insider Preview
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * No issues found.
    Checking Windows Service Integrity:
    (note: missing services are a glitch in RKILL & nothing to worry about)
    * agp440 [Missing Service]
    * gagp30kx [Missing Service]
    * IEEtwCollectorService [Missing Service]
    * IoQos [Missing Service]
    * nv_agp [Missing Service]
    * TimeBroker [Missing Service]
    * uagp35 [Missing Service]
    * uliagpkx [Missing Service]
    * WcsPlugInService [Missing Service]
    * wpcfltr [Missing Service]
    * WSService [Missing Service]
    * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
    * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
    * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
    * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
    Searching for Missing Digital Signatures:
    * No issues found.
    Checking HOSTS File:
    * No issues found.


    MBAM
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 1
    Rootkit.Fileless.MTGen, C:\Users\nlrai\AppData\Local\6d52e7\5e805e.bat, , [58cfdd24861477bf89c8fd9d798b7a86],

    Physical Sectors: 0
    (No malicious items detected)

    ADWCleaner
    # Support : ToolsLib - Forum: Ask for help or share your experience.
    ***** [ Services ] *****
    ***** [ Folders ] *****
    [-] Folder Deleted : C:\Users\nlrai\Favorites\Coupons
    ***** [ Files ] *****
    ***** [ DLLs ] *****
    ***** [ WMI ] *****
    ***** [ Shortcuts ] *****
    ***** [ Scheduled tasks ] *****
    ***** [ Registry ] *****
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Zwinky
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\zwinky.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\azlyrics.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\uhytajrtpo-a.akamaihd.net

    ***** [ Web browsers ] *****
    [-] [C:\Users\nlrai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\nlrai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\nlrai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com

    *************************
    :: "Tracing" keys deleted
    :: Winsock settings cleared
      My Computer

  8. AndreTen's Avatar
    Posts : 20,880
    Windows 10 (Pro and Insider Pro)
       #18

    This looks like one nasty infection. Any idea where did it came from?

    You deserve an extra!

      My Computers

  9. OldMike65's Avatar
    Posts : 87,044
    Windows10 Pro 64Bit
       #19

    Nice job simrick ....
    50 Choco-Dollars For You!!! :)
      My Computers

  10. simrick's Avatar
    Posts : 15,947
    W10Prox64
       #20

    AndreTen said:
    This looks like one nasty infection. Any idea where did it came from?

    You deserve an extra!

    Oh YUM! Thanks!
    Not sure, but it could have been the coupon printer, or the free PDF program.

    OldMike65 said:
    Nice job simrick ....
    50 Choco-Dollars For You!!! :)
    Thanks! :)
      My Computer


 

Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 20:54.
Find Us




Windows 10 Forums