Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirected Google web searches + Random Pop Ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 19th, 2009, 1:45 am

Hi - SysLook & OTM files attached below. Crypto Services was started & set to Automatic.

Computer Operation - No problems observed other than the ones already discussed- Slow shut down still persists although when I rebooted after running OTM it shut down in just a few seconds

=========================================================================

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 22:39 on 18/08/2009 by TENMEG (Administrator - Elevation successful)

========== service ==========

CryptSvc - Unable to open Service Handle.

-=End Of File=-

=========================================================================

All processes killed
========== FILES ==========
c:\documents and settings\TENMEG\Application Data\PCMM2009\diagnostic moved successfully.
c:\documents and settings\TENMEG\Application Data\PCMM2009 moved successfully.
c:\windows\Tasks\RegCure Program Check.job moved successfully.
c:\program files\RegCure\RegCure.exe moved successfully.
c:\windows\Tasks\RegCure.job moved successfully.
File/Folder c:\program files\RegCure\RegCure.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TENMEG
->Temp folder emptied: 1467561 bytes
->Temporary Internet Files folder emptied: 53503124 bytes
->Java cache emptied: 0 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: User.2WIRE200
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52.46 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08182009_221134

Files moved on Reboot...

Registry entries deleted on Reboot...
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm
Advertisement
Register to Remove

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 20th, 2009, 2:41 pm

Hello!

I have someone who is helping me to deal with your problems, if you are willing we can try to fix most of your problems please let me know what you want to do.


SystemLook

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield (make sure there is no empty spaces after CryptSvc):
    Code: Select all
    :service
    CryptSvc

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 20th, 2009, 4:28 pm

Hi - Yes, I'm more than open to finally clearing up some of my computers on-going problems. Attached is the latest LookUp log.

======================================================================

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 13:25 on 20/08/2009 by TENMEG (Administrator - Elevation successful)

========== service ==========

CryptSvc
CryptSvc
"Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
Group: (none)
SafeBoot: Minimal Network
Dependencies:
->RpcSs
Dependant Services:
(none)

-=End Of File=-

===================================================================================
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 23rd, 2009, 4:30 am

Hello!

I am waiting for further instructions, so when i get them i will post them straight away.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 23rd, 2009, 1:31 pm

Hi - When I try to download an ActiveX control, install an update to Windows or to a Windows component, install a service pack for Windows or for a Windows component, or install a Microsoft or third-party software program, I receive the following error message: "Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic service is running on this computer". When I check my Cryptographic Service it always shows that Service is running.

Next I ran a web search regarding corrupted "update.inf" file and found a Microsoft help page ( http://support.microsoft.com/kb/822798 ) regarding this issue. I ran all of the suggested Methods up to Method 8. Method 8: Verify the status of all certificates in the certification path and import missing or damaged certificates from another computer. When I ran a check on Microsoft Certificates as outlined in Method 8 it instantly closed that web page and all of the other Windows web pages that were running on my computer. This Method requires one to download fresh MS Certificates from another safe computer which I don't have at this time. So that is my main problem as outlined above. Thanks in advance for any further help on the above.
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 24th, 2009, 2:56 am

STEP 1
I'd like to look at your Event logs.
  • Click Start
  • Click Run
  • In the box type:
    • Eventvwr.msc
  • Then press enter.
  • Event Viewer opens
  • Right click on Application
  • Click Save Log file as And give the file a name like apps. Leave the file type alone. (By default it will save as .evt)
  • Keep event viewer open
  • Right click on System
  • Click Save Log file as And give the file a name like sys. Leave the file type alone. (By default it will save as .evt)
NOTE: Makes sure you remember where you saved the Logs.


STEP 2
  • Find apps.evt
  • Right click on it
  • Then click Send to >compressed

  • Find sys.evt
  • Right click on it
  • Then click Send to >compressed



STEP 3
Please upload the files to this forum:
http://thespykiller.co.uk/index.php?board=1.0


  • Scroll down the page and Press new topic.
  • Subject line put: For Mosaic1
  • Give a link to this topic.
  • Let them know Mosaic1 asked for this file.
  • Press the browse button and then navigate to the new zip files you have created. (sys.evt and apps.evt)
  • Press send and the files will be uploaded.
  • Please do not post any logs over there. This is just an upload site for suspicious files. Also, you will not be able to see the files once they are uploaded.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 25th, 2009, 12:44 am

Hi - I followed your instructions & submitted the two log files to Mosaic1 at the SpyKiller web site. I was not sure or clear what you meant by posting a link? Did you mean a link to this posting or what? Thanks for your continued interest in assisting me in fixing my computer and it's various problems. I'm interested in seeing what Mosaic1 comes up with from the logs I submitted. In the last reply I mentioned problems with MS certificates and now that problems has been fixed. I still can't get Windows Update to work. Solutions offered by MS that apply to the error code I receive doesn't correct the ongoing Windows Update problem.
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 25th, 2009, 4:02 am

Hello!

Will let you know as soon as i hear from Mosaic1. The link i wanted to post was this thread link but it should be ok.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 25th, 2009, 8:55 am

Hello!

Mosaic1 has received the uploads but the uploaded files where the same (2 copies of sys.evt) so we need to to do this again.


STEP 1
I'd like to look at your Event logs.
  • Click Start
  • Click Run
  • In the box type:
    • Eventvwr.msc
  • Then press enter.
  • Event Viewer opens
  • Right click on Application
  • Click Save Log file as And give the file a name like apps. Leave the file type alone. (By default it will save as .evt)
  • Keep event viewer open
  • Right click on System
  • Click Save Log file as And give the file a name like sys. Leave the file type alone. (By default it will save as .evt)
NOTE: Makes sure you remember where you saved the Logs.


STEP 2
  • Find apps.evt
  • Right click on it
  • Then click Send to >compressed


STEP 3
Please upload the files to this forum:
http://thespykiller.co.uk/index.php?board=1.0


  • Scroll down the page and Press new topic.
  • Subject line put: For Mosaic1
  • Give a link to this topic.
  • Let them know Mosaic1 asked for this file.
  • Press the browse button and then navigate to the new zip files you have created. (sys.evt and apps.evt)
  • Press send and the files will be uploaded.
  • Please do not post any logs over there. This is just an upload site for suspicious files. Also, you will not be able to see the files once they are uploaded.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 25th, 2009, 4:03 pm

Hi - resubmitted the Apps & Sys log files to Mosaic1 - Probably what happened is I was not familiar with their web site & could not see at first how one submitted more than one log file. Once I found the right button I probably rentered the same file again without noticing that I have already entered that file - Now I think we are on track. . . .
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 25th, 2009, 4:05 pm

Hello!

Good job. I will post back further instructions tomorrow.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 26th, 2009, 9:17 am

STEP 1


Sigverif

  • Click Start
  • Click Run
  • Type in Sigverif click Enter
  • When File signature verification opens, click the Start button to begin the scan.
  • This is going to take a few minutes to complete. Go have a short break while it runs.
    When finished, find this file, C:\windows\sigverif.txt. Zip it and upload the zip to Spykiller like you did before.


STEP 2
  • C:\windows\sigverif.txt
  • Right click on it
  • Then click Send to >compressed


STEP 3
Please upload the files to this forum:
http://thespykiller.co.uk/index.php?board=1.0


  • Scroll down the page and Press new topic.
  • Subject line put: For Mosaic1
  • Give a link to this topic.
  • Let them know Mosaic1 asked for this file.
  • Press the browse button and then navigate to the new zip file you have created. (sigverif.txt)
  • Press send and the files will be uploaded.
  • Please do not post any logs over there. This is just an upload site for suspicious files. Also, you will not be able to see the files once they are uploaded.





Register files

  • Click Start
  • Click Run
  • Type in Regsvr32 ole32.dll click Enter
  • Click Start
  • Click Run
  • Type in Regsvr32 oleaut32.dll click Enter
  • You should get message: registered successfully
    If you receive any error messages please report them.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 26th, 2009, 7:27 pm

Hi - The sigverif.txt file was uploaded to Moasic1 successfully. And no problems in uploading the two .dll files

thanks again. . .
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 27th, 2009, 10:04 am

Hello!

I am doing nights shifts this week so i am not very active but i am still in contact with Mosaic1 about your issues.


Show All Files And Folders Windows XP

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck Hide file extensions for known file types
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Apply to confirm.
  • Click OK.



Delete file

Using Windows Explore by right-clicking the start button and left clicking Explore navigate to and find the following file: if found, delete them (some may not be present after previous steps):

    File:
    C:\windows\system32\sdearlydelete.exe




Batch file

  • Open Notepad (not wordpad) by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad (not wordpad):

    Code: Select all
    cacls C: >perms.txt
    Start Notepad perms.txt
    

  • Go to File > Save As
  • Save File name as Check perms.bat
  • Change Save as Type to All Files and save the file to your desktop.
  • Close Notepad
  • Double-click Check perms.bat on your Desktop
  • Post back with the text that will open in notepad.




Registry Fix with ERUNT

  • Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

Code: Select all
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\
  00,00



NOTE: Make sure there are NO blank lines before REGEDIT4
NOTE: Make sure there IS one blank line at the end of the file.

  • Go to File > Save As
  • Save File name as Fix.reg
  • Change Save as Type to All Files and save the file to your desktop
  • Close Notepad, and double-click Fix.reg on your Desktop
  • When it asks if you want to merge the info to the registry, hit YES/OK
    Reboot computer


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Check perms.bat results
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 27th, 2009, 8:37 pm

Hi - thanks for sticking with it because I have gone around in circles with my limited knowledge especially in trying to get Windows Update to work.

There are some minor operating issues that still remain - I normally put my computer into Hibernation in place of turning it off.

When I try to turn my computer off it still takes minutes to close windows & shut down.

When I restart my computer I get the following windows error: Limited Virtual Memory, Sys has no paging file or page too small

When Paging File is fixed as outlined I get the same error message when I restart my computer the next time - I just ignore it and continue without doing anything.

I still get the error number 0x80248011 when I try to use Windows Update site. I can't update my current version of windows or explorer because of this problem. I don't know how many times I have tried different windows suggestions for correcting this problem but it still remains a problem! If anyone comes up a definiitive solution I would like to know what it is?

========================================================
Info Requested
========================================================
Hidden files, Hide file extensions & Hide protected operating system files - Files unchecked - Should these files be rechecked for protection?
========================================================
C:\windows\system32\sdearlydelete.exe - I did not find this file
========================================================
ERDNT created in c:\ windows - Registry backed up
========================================================
Fix.reg created
Merge Registry was successful
========================================================
perms.bat results
========================================================
C:\Documents and Settings\TENMEG\Desktop 2WIRE200\TENMEG:F
2WIRE200\TENMEG:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware