• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved System (32 bit) or otherwise called winserv.exe is pottentially eating my Laptop

Status
Not open for further replies.
#41
Can you use this site for an ESET online scan now?
After the all in one repair. What issues remain?

Make sure and disable your antivirus/defender prior to the scan.


  • Download ESET Online Scanner from herea nd save it to your Desktop.
  • Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
  • Click Get started.
  • In the Terms of use screen, click Accept if you agree to the Terms of use.
  • Click Get started in the welcome screen.
  • Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
  • Click Computer scan, in the Welcome back screen.
  • Choose Full scan on the next screen.
  • Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
  • When the scan is finished click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
  • ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.Click Continue
  • You will now be offered a trial version of ESET Internet Security.Click continue
  • On the next screen, you can leave feedback about the program if you wish.
  • Select Delete application's data on closing, if you are short of disk space or do not wish to retain the program for future use.
  • If you left feedback, click Submit and continue. If not, Close without feedback.
  • Copy and paste the contents of the ESETScan.txt file in your next reply.
 
#43
Ok. Those were in FRST quarantine, except one. Can you post one last FRST and Addition.txt log so that I can confirm I have removed everything. Also how is the computer running now?

C:\FRST\Quarantine\C\ProgramData\WindowsTask\AMD.exe a variant of Win64/CoinMiner.NZ potentially unwanted application cleaned by deleting

C:\FRST\Quarantine\C\ProgramData\WindowsTask\AppModule.exe a variant of Win64/CoinMiner.NZ potentially unwanted application cleaned by deleting

C:\FRST\Quarantine\C\ProgramData\WindowsTask\MicrosoftHost.exe Win64/CoinMiner.AJD trojan cleaned by deleting

C:\ProgramData\SecTaskMan\c_script1D1DAF3.file BAT/Agent.PYO trojan cleaned by deleting
 
Last edited:
#44
Heres the FRST logs. The computer was running fine ever since I quaranteened it with security task manager the first time. Everything you helped me achieve is very helpful, and I can't express my gratetude enough to you and the work you did. Even though it was running okei, the feeling that it still exists and could have others like it was what you helped me with imensle, and I can't thank you enough.
 

Attachments

  • Addition.txt
    44.9 KB · Views: 0
  • FRST.txt
    57.5 KB · Views: 1
#47
Last fix list for you, run this in safe mode.

Update your older programs with Patch My PC home Edition.


We will clean all the tools we used...

Download KpRM
Save to Desktop
Check Delete Tools'
Check Delete Restore points.
Create Restore point.
Click delete quarantines.
Then click run.

I suggest:
Ublock Origin
O&O Shutup Ten
O&O App Buster




Any more issues to speak of??
 

Attachments

  • fixlist.txt
    4.1 KB · Views: 0
#49
Ran the fixlist, heres the fixlog. The download site for Kprm doesnt work, and the program updater app only sows, that updates to Chrome, OBS and some other non essential app is needed, so I skipped it.
 

Attachments

  • Fixlog.txt
    243.2 KB · Views: 0
#50
"C:\Program Files\Malwarebytes" => was unlocked
"C:\ProgramData\Malwarebytes" folder move:
C:\ProgramData\Malwarebytes => moved successfully
"C:\Program Files\Malwarebytes" folder move:
C:\Program Files\Malwarebytes => moved successfully
Click to expand...

Malwarebytes should install now.

Here is the download for you. Also, check mark each highlighted box. Hit the run button and reboot.


1692328595840.png


Download Autologger to your desktop.
Disable your Anitivirus/Defender prior to running.


  • Unzip it there. -- If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----
  • Right click Autologger and run as admin. (Xp user double click)
  • AVZ4 will open and scan your machine, allow this to complete.
  • Upload Collectionlog.zip to your next reply.
 

Attachments

  • kprm_2.14.exe.zip
    1.8 MB · Views: 0
#55
OK, there is a lot of information for me to go over here. I will have a reply for you tomorrow. But it is good that we are able to get malwarebytes to run on the system we are seeing progress,.
 
#56
Download AV block remover .
Unzip it (but not to the Desktop or Download folder ), perhaps inside of documents folder or on the c programfiles folder ...run it, and follow the instructions. If it doesn't start, rename the file AVbr.exe in, for example, AV-br.exe (or any other name).
If it doesn't start anyway, run it in safe mode with network .

Looking back everything loaded thru One drive. Can you disable that?

Everything is
C:\Users\domin\OneDrive\Desktop\Auto\AutoLogger\AV\av_z.exe

When it should be C:\Users\domin\Desktop\Auto\AutoLogger\AV\av_z.exe



Look in the Autologger folder and drag out the CheckBrowsersLNK file.
To your desktop.

AutoLogger\CheckBrowserLnk
Click to expand...
Drag and drop onto the ClearLNK utility .
After saving ClearLNK to desktop.
move.gif

Run HijackThis! as admin! (located in the folder ...Autologger\HijackThis)
Do a system scan, then check each item below, make sure and only check the items listed.
Then click Fix checked.
The computer will need to reboot, allow it to do so.


Code: 
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\BatteryGauge (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfeeTsk (empty)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O22 - Tasks: NahimicSvc32Run - C:\Windows\SysWOW64\NahimicSvc32.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (sign: 'Microsoft')
O22 - Tasks: NahimicSvc64Run - C:\Windows\system32\NahimicSvc64.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (sign: 'Microsoft')
O22 - Tasks: NahimicTask32 - C:\WINDOWS\system32\..\SysWOW64\NahimicSvc32.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (sign: 'Microsoft')
O22 - Tasks: NahimicTask64 - C:\WINDOWS\system32\.\NahimicSvc64.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (sign: 'Microsoft')
O22 - Tasks_Migrated: (telemetry) \Lenovo\Vantage\Schedule\DailyTelemetryTransmission - C:\Program Files (x86)\Lenovo\VantageService\3.8.23.0\ScheduleEventAction.exe DailyTelemetryTransmission (file missing)
O22 - Tasks_Migrated: \Lenovo\BatteryGauge\BatteryGaugeMaintenance - C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (file missing)
O22 - Tasks_Migrated: \Lenovo\LenovoWelcomeLauncher - C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcome.exe /task (file missing)
O22 - Tasks_Migrated: \Lenovo\LenovoWelcomeTask - C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe $(EventData) (file missing)
O22 - Tasks_Migrated: \Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.8.23.0\ScheduleEventAction.exe HeartbeatAddinDailyScheduleTask (file missing)
O22 - Tasks_Migrated: \McAfeeTsk\OOBEUpgrader - C:\Program Files\McAfee\MSC\OOBE_Upgrader.exe /Run (file missing)
O22 - Tasks_Migrated: OneDrive Reporting Task-S-1-5-21-4241844815-1059841684-711678986-1001 - C:\Users\domin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (file missing)
O22 - Tasks_Migrated: OneDrive Standalone Update Task-S-1-5-21-4241844815-1059841684-711678986-1001 - C:\Users\domin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)


Disable your antivirus prior to running AVZ!
Run AVZ as admin! (located in the folder ...Autologger\AVZ) click File => Customs Scripts.
Copy the content of the text file I uploaded. (AVZFix.txt)
Click edit select all copy.
Paste into AVZ window.
Make sure the word begin is in the absolute top left of the window as per picture below.

1671241631764.png


Hit Run Fix.

The computer will reboot.
Code: 
begin
 ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
 CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
 QuarantineFile('C:\ProgramData\princeton-produce','');
 QuarantineFile('C:\WINDOWS\system32\rfxvmt.dll','');
 DeleteFile('C:\WINDOWS\system32\rfxvmt.dll','');
 DeleteFile('C:\ProgramData\princeton-produce','');
ExecuteSysClean;
 ExecuteWizard('SCU', 2, 3, true);
 ExecuteRepair(6);
RebootWindows(true);
end.
 

Attachments

  • avzfix.txt
    444 bytes · Views: 0
Last edited:
#59
This is the message that pops up when I tried running any restore points (first the Windows Update one on the 23rd, then the SCPtoolkit uninstall one from the 20th)


"System Restore did not complete successfully. Your computer's system files and settings were not changed.


Details:
System Restore failed to extract the original copy of the directory from the restore point.
Source: %ProgramFiles%\WindowsApps
Destination: AppxStaging
System Restore ran out of disk space while restoring your files.


You can try System Restore again and choose a different restore point. If you continue to see this error, you cab try an advanced recovery method."
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu