Author Topic: What IS this?? Ideas? (Read 17581 times)

SirMatthew · « **Reply #45 on:** April 17, 2014, 09:10:07 PM »

Quote from: gitarslinger on April 17, 2014, 09:04:34 PM

Essexboy:

This is looking like a particularly intractable problem. I have been watching this thread with interest, as I'm experiencing precisely the same problem on a Win 7 laptop.

At this point, as you're deeply into differential diagnosis territory, I'm wondering if you would like a scan of any type from my computer so that you can do a side by side for common elements.

Let me know if so. Otherwise, I'll continue monitoring this thread in silent interest.

Glad I'm not alone!
Regards,
Jim

SirMatthew · « **Reply #46 on:** April 17, 2014, 09:11:56 PM »

Quote from: essexboy on April 17, 2014, 08:43:47 PM

If you have no objection as there is an update element running for that as a service

It is on its way out this moment!

I owe you about 10 years of free tax prep if you live in the US. I cannot reiterate enough my appreciation for your time, patience and diligent work on this issue!

essexboy · « **Reply #47 on:** April 17, 2014, 09:13:32 PM »

@ gitarslinger It would not hurt to see if there is a commonality

@ SirMatthew it exercises my little grey cells

gitarslinger · « **Reply #48 on:** April 17, 2014, 09:25:35 PM »

Essexboy, tell me what you'd like me to run and post.

essexboy · « **Reply #49 on:** April 17, 2014, 10:13:07 PM »

Could you run the latest FRST as the shortcut is a nice area to look for this type of thing

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select both shortcut and additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach all 3 logs generated.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

gitarslinger · « **Reply #50 on:** April 17, 2014, 10:26:12 PM »

The tool ran successfully. Files are attached. I ran it with Avast! shields active.

Let me know if you'd like to see anything else. Good luck.

Jim

essexboy · « **Reply #51 on:** April 18, 2014, 03:23:28 PM »

Whilst I look at the logs, is your wpad.dat only in Chrome as well ?

gitarslinger · « **Reply #52 on:** April 18, 2014, 07:07:42 PM »

Essexboy, if you're asking me, I fear I don't know what wpad.dat is, nor do I understand what it might mean to be "only in Chrome." Could you elaborate?

essexboy · « **Reply #53 on:** April 18, 2014, 07:45:29 PM »

Certainly is the alert only showing in chrome and is it the same one as SirMatthew (my apologies freeresult.com)

gitarslinger · « **Reply #54 on:** April 18, 2014, 08:02:34 PM »

The alert seems to be utterly divorced from anything I might be doing. It will show up within minutes of boot but before I open anything at all, during web sessions in IE or FF, or much later when the computer is idling and no windows are open. For what it's worth, I have Chrome installed, but never use it.

gitarslinger · « **Reply #55 on:** April 18, 2014, 08:03:37 PM »

Oh, I just noticed I misread part of the question. Yes, it is precisely the same alert as Matthew is receiving.

essexboy · « **Reply #56 on:** April 18, 2014, 08:48:24 PM »

Ta.. If it was an MBR or suborned system file I would expect the alerts to be near constant

gitarslinger · « **Reply #57 on:** April 18, 2014, 09:09:00 PM »

Random and infrequent in my case. If there is a pattern to their occurrence, I have been unable to detect it. They tend to show up within three minutes of startup, but not always; certainly not when I'm watching for it, of course.

SirMatthew · « **Reply #58 on:** April 19, 2014, 12:39:37 AM »

Quote from: gitarslinger on April 18, 2014, 09:09:00 PM

Random and infrequent in my case. If there is a pattern to their occurrence, I have been unable to detect it. They tend to show up within three minutes of startup, but not always; certainly not when I'm watching for it, of course.

Same thing for me - random and inconsistent. It's more an annoyance than anything, as much as not knowing the culprit. I have faith in essexboy to figure it out.

essexboy · « **Reply #59 on:** April 19, 2014, 05:28:10 PM »

I was hoping to locate a programme that would list all netsvc files but alas no one has made on yet

So a bit tedious this but it should pinpoint the little bugger

Go to this page and follow the instructions under process explorer heading http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchostexe-process/
Do this for each scvhost that is running .. A pain I know
And select the service tab.
Could you then screenshot each page and attach it for me to look at

Also I have found the location of the site and it was registered 11 March in the BVI and has a few dubious sites on it http://wsowner.com/ip/208.91.196.4

Author Topic: What IS this?? Ideas? (Read 17581 times)

SirMatthew

Re: What IS this?? Ideas?

SirMatthew

Re: What IS this?? Ideas?

essexboy

Re: What IS this?? Ideas?

gitarslinger

Re: What IS this?? Ideas?

essexboy

Re: What IS this?? Ideas?

gitarslinger

Re: What IS this?? Ideas?

essexboy

Re: What IS this?? Ideas?

gitarslinger

Re: What IS this?? Ideas?

essexboy

Re: What IS this?? Ideas?

gitarslinger

Re: What IS this?? Ideas?

gitarslinger

Re: What IS this?? Ideas?

essexboy

Re: What IS this?? Ideas?

gitarslinger

Re: What IS this?? Ideas?

SirMatthew

Re: What IS this?? Ideas?

essexboy

Re: What IS this?? Ideas?