Explore topic-wise InterviewSolutions in .

Avast keeps on telling me that it has blocked a file which has malware on it. How do I remove it because I have tried the following:

Avast.

Malwarebytes.

Super Antispyware.

Spybot Search and Destroy.

Windows Defender.

And nothing has shown up.That's because it has been blocked. Have you installed and new programs prior to this happening? Quote from: SuperDave on June 14, 2015, 12:40:56 PM

That's because it has been blocked. Have you installed and new programs prior to this happening?

We can do some scans, if you wish, to make sure your computer is clean. Please indicate yes or no.

1. What time will the scan happen?

2. Will I be able to use my PC during the scan?

3. Do I need to keep the PC on and online?

• It should update automatically if the computer is connected to the internet.
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)

• Service Deleted : ReimageRealTimeProtector

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• TWO files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Leave the check mark next to Remove found threats.
  

I downloaded a program the other day, now the folder it was in won't delete. I deleted everything that was inside and it still says the folder is being used and can't be deleted.

-Can't be deleted by file assassin
-Program Explorer SHOWS it as being opened and used by Flash PLAYER
-Folder type is "File folder (.DEVIATED)"


Is this likely a virus causing this? How do I fix?Did you try uninstalling the program? That's usually the best way to get rid of unwanted programs.You could try Unlocker.
You can download and install Unlocker .Make sure you DECLINE each of those free offers so they won't get loaded on your computer.
Quote from: SuperDave on June 06, 2015, 10:30:59 AM

Did you try uninstalling the program? That's usually the best way to get rid of unwanted programs.You could try Unlocker.
You can download and install Unlocker .Make sure you decline each of those free offers so they won't get loaded on your computer.

I've downloaded a program and was in a rush, didn't use custom install. Afterwards, I noticed ads that weren't blocked by an ad-blocker inside the underlined text that were by CloudScout; looked around for how to remove it, AdwCleaner did not help (will use again if need be), uninstalling the CloudScout parental control did not help; Ontop of these, I also used CCLEANER and it did not help either. I've also uninstalled and reinstalled chrome, as well as resetting the settings, and neither have removed them. PLEASE help me.I managed to fix it on CHrome by saving a BACKUP of the "Default" folder, and then deleting it and opening chrome.

I have had the blue screen of death appear two times over the last two days.  After I restart, it seems to be slow but ok.  I am afraid there is something going on that I need to correct.  Also, it seems to take forever to restart my computer.  Here are the logs you requested.  Thanks!


# AdwCleaner v4.205 - Logfile created 30/05/2015 at 13:52:52
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# OPERATING system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Pam - PAM-HP
# Running from : C:\Users\Pam\Downloads\adwcleaner_4.205(2).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v45.0.2414.0


*************************

AdwCleaner[R0].txt - [15376 bytes] - [02/01/2015 22:20:54]
AdwCleaner[R1].txt - [3633 bytes] - [25/05/2015 15:14:37]
AdwCleaner[R2].txt - [1030 bytes] - [30/05/2015 13:41:33]
AdwCleaner[R3].txt - [1090 bytes] - [30/05/2015 13:48:55]
AdwCleaner[S0].txt - [15468 bytes] - [02/01/2015 22:28:20]
AdwCleaner[S1].txt - [3751 bytes] - [25/05/2015 15:21:29]
AdwCleaner[S2].txt - [1016 bytes] - [30/05/2015 13:52:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1075  bytes] ##########



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/30/2015
Scan Time: 2:17:12 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.30.04
Rootkit Database: v2015.05.24.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Pam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 411853
Time Elapsed: 36 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1227895710-2253308091-917287798-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [fececdcc5337a98d6af775ffdb2a5fa1],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1227895710-2253308091-917287798-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT2260173, , [606cc9d0bfcb4de9acbfcab455b007f9],

Registry Values: 2
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1227895710-2253308091-917287798-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbg_14_49_ff_na01&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyEtD0Fzy0CyD0ByE0CyCtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyCyDyBtAzyyEyEzytGtD0CtCtDtGzzzyyDyCtG0F0AtByCtGyBzy0EtCyDyE0FyB0FtC0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0EtAzyyB0FzztG0AtDtA0BtGyE0BtByBtG0A0FtAtDtGzzzzyC0FyByByByEyBtByE0E2Q&cr=1323670975&ir=, , [fececdcc5337a98d6af775ffdb2a5fa1]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1227895710-2253308091-917287798-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Vosteran, , [c4086f2a543638fe8cd5d0a4da2bd62a]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.BundleInstaller.A, C:\Users\Pam\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z, , [13b9aaef5e2c989e1198954c04ffbb45],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)




 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 MVPS Hosts File 
 Java 8 Update 45 
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.188 
 Mozilla Firefox (39.0)
 Google Chrome (44.0.2403.9)
 Google Chrome (45.0.2414.0)
 Google Chrome (Plugins...)
````````Process Check: objlist.exe by Laurent````````[/u] 
 IObit IObit Malware Fighter IMFsrv.exe 
 IObit IObit Malware Fighter IMF.exe 
 IObit IObit Malware Fighter IMFTips.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
DOUBLECLICK StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
****************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java RUNTIME Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************
Most BSOD's are usually caused by hardware or software failure. You can run some tests on your hard drive and your RAM, if you wish.
 I have ran StartupLite and everything seems to be fine, and my Java is up to date with no earlier versions on my computer.First of all, bsod is a generic term. We need to know the exact error message. However, I see you did post that data in another thread. I'm not sure why this is in the malware forum, but here are some things we need to know:

1) Did you recently install or update any drivers?

2) Is Windows Update set to install drivers or only critical updates?

3) Has it been only those two bsod's (in the other thread) or are there more? If more, please post in this thread.

4) Have you checked your ram? If not, please do so now as follows:  download memtest (http://memtest.org/). Burn it to a cd using a dedicated .iso burning utility (http://www.petri.co.il/how_to_write_iso_files_to_cd.htm), make sure the cd drive is at the top of the boot order in bios, then boot to the newly created cd and run the utility. Let us know the results (it needs to run multiple passes - even overnight is okay)

5) Have you checked your hd? If not, please do so now as follows: http://www.tacktech.com/display.cfm?ttid=287
Make sure you select the tool which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
For Toshiba drives, see here: http://sdd.toshiba.com/main.aspx?Path=ServicesSupport/FujitsuDrivesUSandCanada/SoftwareUtilities#diagnostic

Let us know the results of the hd tests


We'll wait to hear your responses.



1) The only driver that was recently updated was by Driver Booster on 5/19/2015 and the update   
    was to "Realtek High Definition Audio".
2) Windows Update is only set to install critical updates.  I don't update the optional updates.
3) There has been more BSOD in the past. These are the ones that I have received:
     
==================================================
Dump File         : 052115-37440-01.dmp
Crash Time        : 5/21/2015 11:02:28 AM
Bug Check String  :
Bug Check Code    : 0x00000101
Parameter 1       : 00000000`00000061
Parameter 2       : 00000000`00000000
Parameter 3       : fffff880`009bf180
Parameter 4       : 00000000`00000001
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+748c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18839 (win7sp1_gdr.150427-0707)
PROCESSOR         : x64
Crash Address     : ntoskrnl.exe+748c0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\windows\Minidump\052115-37440-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 287,096
Dump File Time    : 5/21/2015 11:09:26 AM
==================================================
==================================================
Dump File         : 052915-39639-01.dmp
Crash Time        : 5/29/2015 1:40:22 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 00000000`0000000a
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff880`016456f0
Caused By Driver  : tcpip.sys
Caused By Address : tcpip.sys+446f0
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : x64
Crash Address     : ntoskrnl.exe+748c0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\windows\Minidump\052915-39639-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 287,288
Dump File Time    : 5/29/2015 1:43:17 PM
==================================================

==================================================
Dump File         : 053015-43805-01.dmp
Crash Time        : 5/30/2015 1:10:52 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 00000000`0000000a
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff880`016456f0
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+748c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18839 (win7sp1_gdr.150427-0707)
Processor         : x64
Crash Address     : ntoskrnl.exe+748c0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\windows\Minidump\053015-43805-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 286,200
Dump File Time    : 5/30/2015 1:13:17 PM
==================================================

ALSO I RAN THE JUNK REMOVAL TOOL THAT I HAVE USED IN THE PAST TO GET RID OF MALWARE.

I RAN IT ON 5/25/2015 AND AGAIN ON 5/29/2015 BEFORE DECIDING TO COME BACK TO THE

FORUM THIS TIME.  THIS IS THE REPORTS IT HAS GIVEN ME:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Pam on Mon 05/25/2015 at 14:42:57.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Pam\AppData\Roaming\mozilla\firefox

\profiles\5200bplx.default-1391973213089\prefs.js

user_pref("[email protected]ed", true);
user_pref("extensions.xpiState", "{\"app-profile\":{\"[email protected]\":

{\"d\":\"C:\\\\Users\\\\Pam\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles
Emptied folder: C:\Users\Pam\AppData\Roaming\mozilla\firefox\profiles\5200bplx.default-

1391973213089\minidumps [5 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome

\Extensions\bopakagnckmlgajfccecajhnimjiiedh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/25/2015 at 14:48:34.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.4 (05.29.2015:1)
OS: Windows 7 Home Premium x64
Ran by Pam on Fri 05/29/2015 at 14:01:47.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Failed to delete: [Task] C:\windows\tasks\ImCleanDisabled
Successfully deleted: [Task] C:\windows\system32\tasks\Driver Booster Scan
Successfully deleted: [Task] C:\windows\system32\tasks\Driver Booster SkipUAC (Pam)
Successfully deleted: [Task] C:\windows\system32\tasks\Driver Booster Update
Successfully deleted: [Task] C:\windows\system32\tasks\SmartDefrag4_Startup
Successfully deleted: [Task] C:\windows\system32\tasks\Uninstaller_SkipUac_Administrator
Successfully deleted: [Task] C:\windows\system32\tasks\Uninstaller_SkipUac_Pam
Successfully deleted: [Task] C:\windows\tasks\Driver Booster Scan.job
Successfully deleted: [Task] C:\windows\tasks\Driver Booster SkipUAC (Pam).job
Successfully deleted: [Task] C:\windows\tasks\Driver Booster Update.job



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet

Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

\Eventlog\Application\Update Hold Page



~~~ Files

Successfully deleted: [File] C:\windows\syswow64\sho1A35.tmp
Successfully deleted: [File] C:\windows\syswow64\sho4245.tmp
Successfully deleted: [File] C:\windows\syswow64\sho4398.tmp
Successfully deleted: [File] C:\windows\syswow64\sho602B.tmp
Successfully deleted: [File] C:\windows\syswow64\sho74CE.tmp
Successfully deleted: [File] C:\windows\syswow64\sho8117.tmp
Successfully deleted: [File] C:\windows\syswow64\sho93FA.tmp
Successfully deleted: [File] C:\windows\syswow64\shoBA24.tmp
Successfully deleted: [File] C:\windows\syswow64\shoBA32.tmp
Successfully deleted: [File] C:\windows\syswow64\shoC457.tmp
Successfully deleted: [File] C:\windows\syswow64\shoD245.tmp
Successfully deleted: [File] C:\windows\syswow64\shoD752.tmp
Successfully deleted: [File] C:\windows\syswow64\shoDBB8.tmp
Successfully deleted: [File] C:\windows\syswow64\shoF5CD.tmp



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\driver

booster 2
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Pam\AppData\Roaming\productdata



~~~ FireFox

Successfully deleted the following from C:\Users\Pam\AppData\Roaming\mozilla\firefox

\profiles\5200bplx.default-1391973213089\prefs.js

user_pref([email protected]ed, true);
user_pref(extensions.xpiState, {\app-profile\:{\[email protected]\:{\d\:\C:\

\\\Users\\\\Pam\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles



~~~ Chrome


[C:\Users\Pam\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search

provider reset

[C:\Users\Pam\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions

Deleted:

[C:\Users\Pam\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default

search provider reset

[C:\Users\Pam\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] -

Extensions Deleted:
[
  oilkkkefbalmbfppgjmgjoefbclebkce
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/29/2015 at 14:06:34.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4)  As far as burning CD's or using .iso burning utilities, I have no idea how to do any of that.  You

kind of lost me after #3. 


1) Please uninstall driver booster. NEVER use 3rd party utilities to download or install drivers.

2) Do you have system restore enabled? If so, do you have a restore point that will get you back to before you installed driver booster? If so, please restore the system to that date.

3) At this time I'm not concerned with "junkware" reports. You should be using a good anti virus app and MalwareBytes.  If SuperDave suggested anything else that's fine, but other than that please don't use anything other than first tier utilities.Driver Booster has been uninstalled.  Yes, I have the system restore enabled, but it only goes back to 5/19/2015.  It doesn't go back to before I downloaded and installed Driver Booster.Okay. If you did not have any bsod's prior to 5/19 please go ahead and restore to that date.I was unable to go back to the 19th to restore.  I disabled my anti-virus and it still would not let me.  This is what showed up on the screen:

System Restore did not complete successfully.  Your computer's system files and settings were not changed.

Details:

System Restore could not access a file.  This is probably because an anti-virus program is running on the computer.  (  The second time I tried to restore, I disabled my anti-virus).  Temporarily disable your anti-virus program and retry System Restore.

An unspecified error occurred during System Restore (0X80070005)

You can try system restore again and choose a different restore point.  If you continue to see this error, you can try an advanced recovery method.Please try system restore from safe mode. You have a 50/50 shot of it working. This is why I don't use system restore and always recommend that EVERYONE should use disc imaging as their primary backup method. But more about that later.

If you can restore from safe mode, let's see if you still get bsod's. If not, you'll need to go into device manager and start rolling back drivers one at a time and seeing if each one fixes the problem - starting with your network adapter.

As a last resort, if you are on a desktop you can visit the websites of the various hardware providers and download and install their current drivers. If you are on a laptop, obtain all drivers from the website of your laptop manufacturer. Be sure to include the chipset driver.

BTW - for future REFERENCE, there is no such thing as an "outdated" driver. Drivers should only be updated if there is a specific need or reason to do so.Also, please don't forget to run the scans on your ram and hd.I tried the system restore in safe mode and unfortunately it did not work.  When I go into Device drivers, under network adapters, I have 3 of them that are not working.  They are "Microsoft 6to4 adapter", "Microsoft ISATAP Adapter", and "Microsoft Teredo Tunneling Adapter".  When I click on properties of each of these, they all say "This device cannot start."  The last one that is there "Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet
Controller (NDIS 6.20), says "The device is working properly.

I don't understand how to run the scans on ram and hd if I need to burn a CD or using .iso utilities.  I have never done that before. That is very foreign to me.

My Comcast DVR has been acting up for the last couple months in that i had a hard time deleting taped items. Anyhow I googled comcast help and got a live chat person who said a tech would call me back and help. My wife got on the phone with him, as i'm hard of hearing, and was on the phone for 1 1/2 hrs and he accessed  the computer remotely and told us their records showed we had some 40 units connected on our service {we have a DESKTOP, laptop, a phone with a remote phone and thats it] and that was disrupting our Dvr. Said someone had hacked into our computer and it would take an outside source to correct the problem. He connected us with a company called ORION, which said would cost  239 dollars to correct the problem, and 6 months protection would be 439. Sounds kinda fishy to me. Legit or scam?  I have AVG on the desktop and Avast on the laptop. Everythingseems to working OK except for the DVR deleting.I really don't understand how your DVR can be connected to your computer. It sounds like a scam to me. Do you receive your internet access from Comcast?Yes, Comcast furnishes TV, internet, and telephone.It is almost certainly a scam. You should have been furnished with their tech support phone line when you got their service. It will likely be on your bills as well, so use that.

If you provided access to the computer via a remote access program than your system is very likely compromised. it sounds more like they just claimed to access it remotely and then made up some nonsense about funding "40 units" connected. Comcast as far as I can find does not outsource any of their technical support to other companies- and if they do I can find no linkage between Comcast and Orion.


Possibly related:

http://www.9news.com/story/money/2015/03/24/comcast-scam-audio-pop-up/70390606/
Turns out, stupid me, I googled Comcast help, and a website came up,, which I assumed was Comcast, had the Comcast logo, had a live chat window which I posed my question with my problem. I assumed I was talking with Comcast.....not so as it turned out. My son came over and couldn't find anything wrong on the computer. What would I do further to correct anything they might have done to my computer?If they had access to your computer they probably got what they were looking for such your banking and personal information. They could have installed spyware on your computer which would GIVE them continous access to your information. I would suggest you change your passwords immediately. They should be changed by using a different computer and not the hacked ONE. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. There are MANY who believe that re-formatting the computer is the only method to ensure that the computer is still not hacked. I can run some scans but we can't be sure with such a type of hacking. We cannot determine what damage was done to the computer.Thanks, Dave
How would I go about changing the passwords using my laptop? As you can tell I'm not very computer literate.If the laptop is the safe computer you will need to go into each account and make the changes to your password there. In the future you should install WOT that will warn you when you're on a bad site.

WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

I have a huge problem, my dads computer got infected by CTB-locker a ransomware but he made the mistake to restore his files to the same date his computer got infected, I REMOVED the virus but, can't restore the files I've already TRIED CHECKING OLDER versions and shadowexplorer and differentent decrypting softwares, what can I do to retrieve the crypted data..?

Can anybody advise any free D/L software can clean up the SLOW Archos 80 G9 Tablet.
Thank you.
John Quote from: jnch88 on May 10, 2015, 07:09:13 PM

Can anybody advise any free D/L software can clean up the
slow Archos 80 G9 Tablet.
Thank you.
John

Editor's note:
As of April 2012, the Archos 80G is upgradable to Android 4.0 (Ice CREAM Sandwich). For details on the advantages Android 4.0 offers over Honeycomb, check the Android 4.0 section of the Asus Transformer Prime TF201 review

Hey guys its me again,

I had a tough time removing this redirect virus the last time on my router
I have 2 SEPARATE routers 1 as primary modem 2nd as wireless

Few days ago i removed the adware from my primary modem by changing the DNS, however the problem persisted on my home smartphones

We are not able to access google, whenever we try to it says "Flashplayer needs an update" & asks us to download a setup executable
its obviously a false alarm as google never asks for flashplayer update

The miracle is my device which is Samsung Ativ S (windows phone) google started working yesterday without any messing !
My tablet Samsung Note 8.0 as well as my SIS's phone Note 2's google is not working & asks for flashplayer update , i tried changing DNS of wireless network but with no luck, it reverts back

Summary
All devices were infected that were CONNECTED to wireless modem
Suddenly my windows phone's google started working
Only google is affected not any other site
Inaccessible google on android devices
Its a false alarm , i've verified this with searching the net, google NEVER asks for Flash player updateI'm AFRAID I can't help very much unless your computer is infected. Quote from: SuperDave on May 15, 2015, 01:05:12 PM

I'm afraid I can't help very much unless your computer is infected.

New to this forum, somehow I have an adware virus on my MAC OS X Yosemite. At least I THINK that is what it is. It puts HYPERLINKS on random items, which if CLICKED on says to CALL a number for removal. How do I remove this adware?

Thank you in advanceI'm sorry but none of my tools will work to clean an Apple computer. You may be able to find some help in ONE of these sites.

I am working on a PC Optimizer WEBSITE. The name of website is SystHeal. It has very few back links and not has GOOD quality back links. I want to increase the no of good quality back links. What activity should I do.
This has exactly what to do with VIRUSES and spyware?

I have a MICROMAX mobile. I am using 2GB chip in my mobile. Before some days I saw that the data(audio and video) in my chip is CONVERTED in text file and COULD not PLAY. I format chip and insert data again but it is not working. Tell me reason?Replace the chip.

I am looking to filter out IP addresses using hardware external to the computer itself.
 
I have decided that using Windows' system for filtering IPs/hosts is no good, because if SOMEONE hacked the computer itself, then they could just alter all of that anyway.
 
So it needs to be some external device, that can't be hacked.
 
The thing is, I am in a place where other people USE the same router as me. So, using any built-in IP address filtering on the router is no good.
 
It needs to be some kind of hardware device that is placed between my computer, and the router.
 
It would have the ability to
 
1. Filter out all IP addresses except certain ones
2. Or, just filter out certain IP addresses
 
What is your recommendation for this...?I seriously doubt that you will find such a device. May I ask why you want to filter the IP addresses? Have you checked in the use of Proxies?It's simple why I want it.

If someone hacked your computer, then they would still need to upload all your data through your own connection..

And therefore, by filtering the connection with an external firewall hardware device, you can BLOCK out all IP addresses except trusted ones, and therefore, they may have your computer hacked, but they simply don't have anywhere to upload it.A good firewall will also do that.

There may not be a problem here, but I have had a MESSAGE 'Normal.dotm was being edited by another Word session'. Word was not running on my computer. Should I worry?
An image of the error message is attached.

[attachment deleted by admin to conserve space]Are you using Microsoft Outlook?
Yes, I am.Try these steps with neither Word nor Outlook running:

Click on Start> Run, copy and paste the below LINE and click ok.

%userprofile%\Application Data\Microsoft\Templates

In the folder that opens, if there is a file called normalemail.dotm,  right click on normalemail.dotm and click RENAME and type normalemail.old and click enter.

If normalemail.dotm is not present, MAKE a copy of normal.dotm and rename it normalemail.dotm

Close the window and start Word to verify it works OK, and Outlook to see if the error has GONE away.

There is no Templates folder where you specify, just a Forms folder. (I am using Windows 8, 1.) Try

    C:\Users\[USERNAME]\AppData\Roaming\Microsoft\Templates

    C:\Users\[USERNAME]\AppData\Roaming\Microsoft\Addins

Or read here (Google is your friend!)

http://addbalance.com/word/normaltemplate.htm




Thank you, Salmon Trout. That has done the trick.

I have both MS Essentials and free 2015 Avast on my PC. Real time PROTECTION is turned off on MSE. Is that ENOUGH to allow Avast to OPERATE ok or do I need to UNINSTALL MSE to make sure I have no conflict between the two systems? Thanks.Disabling MSE is all you will need to do.

I have incredimail installed somewhere i cannot FIND it, i have ran sas, mbam and my av, below is another log with it SHOWING up.

# AdwCleaner v2.101 - Logfile created 12/19/2012 at 20:50:08
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service PACK 1 (64 bits)
# User : harry - HARRY-PC
# Boot Mode : Normal
# Running from : C:\Users\harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2RRP9A9\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Program Files (x86)\Perion
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-260414698-275278998-2528326897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\harry\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.36] : icon_url = "hxxp://mystart.incredibar.com/mb196/favicon.ico",
Found [l.39] : keyword = "mystart.incredibar.com/mb196",
Found [l.42] : search_url = "hxxp://mystart.incredibar.com/mb196/?loc=IB_DS&search={searchTerms}&a=6PQTcpLLgt&i=26",

*************************

AdwCleaner[R1].txt - [3988 octets] - [19/12/2012 20:50:08]

########## EOF - C:\AdwCleaner[R1].txt - [4048 octets] ##########
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:24, on 19/12/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-260414698-275278998-2528326897-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-260414698-275278998-2528326897-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&END to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: %SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: %SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: %systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: %SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: %systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: %systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: %SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: %SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: %systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: %SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: %SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: %SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: %SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: %systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: %SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: %systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: %Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8765 bytes
DDS LOG

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.9.2
Run by harry at 21:07:58 on 2012-12-19
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.4095.1453 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.yahoo.com/?p=us
uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} -
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{CCCBE9C0-486E-4E47-9D79-309BA697919E} : DHCPNameServer = 192.168.1.254 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck -
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
x64-SSODL: WebCheck -
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-19 969200]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-19 359464]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-19 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-19 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-19 44808]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-17 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-17 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-17 1255736]
.
=============== Created Last 30 ================
.
2012-12-19 21:04:17   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-12-19 20:12:39   --------   d-----w-   C:\Users\harry\AppData\Roaming\SUPERAntiSpyware.com
2012-12-19 20:12:31   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-12-19 20:12:31   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-12-19 15:55:13   --------   d-----w-   C:\Users\harry\AppData\Roaming\Fighters
2012-12-19 15:55:10   --------   d-----w-   C:\ProgramData\Fighters
2012-12-19 15:52:50   --------   d-----w-   C:\Program Files (x86)\Perion
2012-12-19 15:52:36   829264   ----a-w-   C:\Windows\System32\msvcr100.dll
2012-12-19 15:52:36   608080   ----a-w-   C:\Windows\System32\msvcp100.dll
2012-12-19 15:52:35   --------   d-----w-   C:\Windows\SysWow64\WNLT
2012-12-19 15:52:04   --------   d-----w-   C:\Users\harry\AppData\Local\VisualBeeExe
2012-12-19 15:51:15   --------   d-----w-   C:\ProgramData\Tarma Installer
2012-12-19 15:51:04   --------   d-----w-   C:\ProgramData\VisualBee
2012-12-18 12:46:48   9125352   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BBB042DB-2BDA-43CF-AE67-7572A1B23956}\mpengine.dll
2012-12-16 08:37:28   --------   d-----w-   C:\ProgramData\Symantec
2012-12-16 08:37:22   --------   d-----w-   C:\ProgramData\Norton
2012-12-16 08:37:21   --------   d-----w-   C:\ProgramData\NortonInstaller
2012-12-14 17:04:38   --------   d-----w-   C:\Windows\SysWow64\Adobe
2012-12-13 18:26:00   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2012-12-13 18:26:00   2048   ----a-w-   C:\Windows\System32\tzres.dll
2012-12-03 22:03:04   --------   d-----w-   C:\Users\harry\AppData\Local\Diagnostics
2012-11-21 21:11:09   --------   d-----w-   C:\Users\harry\AppData\Local\Mozilla
2012-11-21 19:43:51   --------   d-----w-   C:\Users\harry\AppData\Roaming\Chayowo Games
2012-11-20 23:11:24   --------   d-----w-   C:\Users\harry\AppData\Roaming\ERS Game Studios
2012-11-19 23:45:23   --------   d-----w-   C:\Users\harry\AppData\Roaming\BlamGames
.
==================== Find3M  ====================
.
2012-12-11 22:11:33   73656   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 22:11:33   697272   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40   3149824   ----a-w-   C:\Windows\System32\win32k.sys
2012-11-14 06:11:44   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-11-14 06:02:49   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46   599040   ----a-w-   C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27   420864   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-11-05 21:35:16   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2012-11-05 20:41:32   367616   ----a-w-   C:\Windows\System32\atmfd.dll
2012-11-05 20:32:16   295424   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2012-11-05 20:32:09   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2012-11-02 05:59:11   478208   ----a-w-   C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31   376832   ----a-w-   C:\Windows\SysWow64\dpnet.dll
2012-10-20 12:08:12   95208   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-20 12:08:09   821736   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2012-10-20 12:08:09   746984   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-10-18 05:53:30   175616   ----a-w-   C:\Windows\System32\msclmd.dll
2012-10-18 05:53:30   152576   ----a-w-   C:\Windows\SysWow64\msclmd.dll
2012-10-16 08:38:37   135168   ----a-w-   C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34   350208   ----a-w-   C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52   561664   ----a-w-   C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13   55296   ----a-w-   C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13   226816   ----a-w-   C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31   44032   ----a-w-   C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31   193536   ----a-w-   C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15   243200   ----a-w-   C:\Windows\System32\wow64.dll
2012-10-04 17:46:15   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16   424960   ----a-w-   C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55   338432   ----a-w-   C:\Windows\System32\conhost.exe
2012-10-04 14:46:46   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54   1914248   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21   70656   ----a-w-   C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21   303104   ----a-w-   C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17   246272   ----a-w-   C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17   18944   ----a-w-   C:\Windows\System32\netevent.dll
2012-10-03 17:44:16   216576   ----a-w-   C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16   569344   ----a-w-   C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24   18944   ----a-w-   C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24   175104   ----a-w-   C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23   156672   ----a-w-   C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26   45568   ----a-w-   C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:11   3293544   ----a-w-   C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04   6200680   ----a-w-   C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57   891240   ----a-w-   C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57   63336   ----a-w-   C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57   118120   ----a-w-   C:\Windows\System32\nvmctray.dll
2012-09-29 18:54:26   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:47:43   78336   ----a-w-   C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17   95744   ----a-w-   C:\Windows\System32\synceng.dll
.
============= FINISH: 21:08:13.24 ===============
UNLESS LOG

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 17/10/2012 19:37:10
System Uptime: 19/12/2012 18:22:24 (3 hours ago)
.
Motherboard: ASRock |  | N68C-S UCC
Processor: AMD Phenom(tm) II X4 B55 Processor | CPUSocket | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 428.252 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1274&DEV_1371&SUBSYS_13711274&REV_09\4&2F735D55&0&4020
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1274&DEV_1371&SUBSYS_13711274&REV_09\4&2F735D55&0&4020
Service:
.
==== System Restore Points ===================
.
RP24: 23/11/2012 18:53:07 - Windows Update
RP25: 27/11/2012 19:16:21 - Windows Update
RP26: 27/11/2012 23:41:08 - Windows Update
RP27: 04/12/2012 17:13:35 - Windows Update
RP28: 13/12/2012 18:19:12 - Windows Update
RP29: 13/12/2012 23:57:50 - Windows Update
RP30: 18/12/2012 12:46:23 - Windows Update
RP31: 19/12/2012 15:53:29 - Installed Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Shockwave Player 11.6
avast! Free Antivirus
Big Fish Games: Game Manager
CCleaner
Creative PCI Audio Drivers
Google Chrome
Google Update Helper
HijackThis 2.0.2
Java 7 Update 9
Java Auto Updater
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
NVIDIA Control Panel 306.97
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
PVSonyDll
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SUPERAntiSpyware
swMSM
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
.
==== Event Viewer Messages From Past Week ========
.
19/12/2012 19:22:37, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user harry-PC\harry SID (S-1-5-21-260414698-275278998-2528326897-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
19/12/2012 18:16:44, Error: Service Control Manager [7034]  - The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).
19/12/2012 18:16:18, Error: Service Control Manager [7000]  - The PfModNT service failed to start due to the following error:  The system cannot find the file specified.
19/12/2012 18:11:22, Error: Microsoft-Windows-WHEA-Logger [20]  - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: CRC Error Processor ID: 0 The details view of this entry contains further information.
19/12/2012 18:11:22, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Unknown Error Processor ID: 1 The details view of this entry contains further information.
19/12/2012 18:11:22, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Unknown Error Processor ID: 0 The details view of this entry contains further information.
19/12/2012 18:11:22, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor ID: 0 The details view of this entry contains further information.
19/12/2012 18:11:22, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 1 The details view of this entry contains further information.
19/12/2012 18:11:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8004c2d038, 0x0000000000000000, 0x0000000000000000). A DUMP was saved in: C:\Windows\Minidump\121912-15890-01.dmp. Report Id: 121912-15890-01.
19/12/2012 15:56:19, Error: Service Control Manager [7030]  - The DefaultTabSearch service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
19/12/2012 11:22:44, Error: Microsoft-Windows-WHEA-Logger [20]  - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: 11 Processor ID: 0 The details view of this entry contains further information.
18/12/2012 13:24:39, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
18/12/2012 07:00:46, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
18/12/2012 07:00:46, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
16/12/2012 14:45:30, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa80046a98f8, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\121612-11687-01.dmp. Report Id: 121612-11687-01.
16/12/2012 12:42:38, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from aHi Harry, long time.
This should remove it.

Remove the Adware:

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

Ok. I want to wish you and yours a Merry Christmas  and a Happy New Year.

I suspect that some is MONITORING my pc.
Last night I saw a window with a white subtitle of "byscout SCREEN capturing filter " INSTEAD of my own picture when I pluged-in my webcam to pc  trying skype.
Since I'm the only one who USE this computer I'm sure that I've never installed such a sofware.
So I'm worried if someone is monitoring me? If so how can I stop them and what should I do?

I'm so worried.Help me please.
Bytescout screen capturing filter is used in many Skype apps. Sometimes this window is seen if a USER is using software beyond an evaluation period, or if it was not correctly installed, or if the wrong version was installed.



Well, I could see all my screen (all my desktop features, all windows ect.) on that window instead of my image and  who i was talking to as well.

If what you say is true so I should not be worry about it?


Here you can find a similar discussion but with a big different of mine cause haven't installed such a program on my pc:

https://bytescout.com/support/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=349

Why do I get words from previously written emails or Word docs appearing in my google search BAR ?
I SCAN my pc regularly with ESSENTIAL and Malwarebytes and they come up no detection of viruses.
ThanksIt may be just a case of having "Auto-complete" active in your search bar. As soon as you start typing a word, it tries to complete the spelling of the word.Sorry if I didn't give a clear explanation.....I mean that phrases such as 'To whom it may concern' written in a Word doc or email by me will appear in my google search history as if I've typed them in my search bar at some point and wish to search for sites using that as a prompt or research topic.
This HAPPENS when I haven't typed anything into the bar but have accessed the drop-down at the side of the search bar to insert a SUBJECT from my web history contained there.
I hope that makes it clearer but thanks for your reply regardless.You could try clearing your search history.Yeh I've tried to clear history and it keeps coming back.....thanks for the suggestion though.

Whenever I log off, I get a MESSAGE that a certain file is keeping my system from CLOSING. This file is by AnySend. I have searched, ran sutoruns, deleted files from the Control Panel, everything I can think of. The only help I get from AnySend is "That's really weird." The logs report everything is clean. Oddly, it doesn't appear in IE8 but it does in Chrome, my preferred browser.

Does anyone know how I can find this file and delete it?

Thanks for any help.    1) Did you install AnySend on your system?
2) What do you mean you deleted files from Control Panel?
3) What is the EXACT message you see when you shut down the system?Yes, I did, inadvertently.

The file is called "frmreceivingnotifications."

Can't copy the message but basically  it says:

  "This file "frmreceivingnotifications" is preventing Windows from shutting down. Click "cancel," and close the file."

But I can't close it because I can't find it!

I went into control panel, programs and features, and deleted all anysend files. I also deleted all the AnySend files in Program Files. One file I could not delete; the message was "cannot delete because the file is open in AnySend User Interface."

Thanks for RESPONDING, Allan. Hope this helps.Did you UNINSTALL Anysend using Programs & Features or did you just delete the folder and files? If the latter, you have two choices:

1) Reinstall the app and then  uninstall it properly or

2) Install Revo Uninstaller and use it to completely uninstall the App

First off...here are my specs.

i7 3770k
HD Radeon 5770
1 x 120GB 840 Pro Samsung SSD (OS)
1 x 2TB Hitachi (Back up - This does have have another copy of windows on this from my previous computer)
2 x 4GB Vengeance 1333
1 x 850w PSU (80+ Gold)
ASRock Extreme 4 motherboard (latest BIOS)

So I just installed windows last WEEK. I've only had this configuration for about a week now. I do have the most recent BIOS and Video card driver. Every time I get the BSOD error, it is usually something different. I've gotten 1a, 18, 1f, 17..I can't remember all of them. I know that when I reinstalled my video card drivers...I went into safe mode and uninstalled all of the previous ones and installed the new ones and the computer ran fine through a few games of cs:go which before then it wouldn't do at all..so I figured I fixed it but now (JUST BLUE SCREENED - this time it was 3b) anyways. I figured it was fixed but obviously its not lol. Here are a few things that could be causing this, but I have no clue.

1. Device Manager - There is a caution sign next to the following

"Universal Serial Bus (USB) Controller"
"Universal Serial Bus (USB) Controller"
"Unknown device"
"Video Controller" (This isn't under "Display adapters") but rather other devices

2. "Display driver AMD has stopped responding and has recovered"
This happens pretty often. Usually every time I boot up but the video drivers are up to date. Could this have anything to do with the drives on my other drive? not sure.

3. Video Card Control Panel
I've checked the temps and what not, nothing seems bad with the video card.

4. Everything in the system is new other than the video card. The RAM, Motherboard, Processor, PSU, primary drive, and case (not that it matters) are ALL brand new.

The only things in the system that aren't new are the secondary drive and video card.

5. Windows install

Could it be that the install was bad? I had to restart the install like twice but I did format the drive before I started.

6. BAD RAM?

Could it be the RAM? I mean it's brand new...not sure.

7. 2.0 pci-e video card in a 3.0 pci-e video card slot

Surely this can't be it...

Anyways...thank you in advance for all the help. Quote from: kirbygames89 on FEBRUARY 19, 2013, 05:28:35 AM

First off...here are my specs.

i7 3770k
HD Radeon 5770
1 x 120GB 840 Pro Samsung SSD (OS)
1 x 2TB Hitachi (Back up - This does have have another copy of windows on this from my previous computer)
2 x 4GB Vengeance 1333
1 x 850w PSU (80+ Gold)
ASRock Extreme 4 motherboard (latest BIOS)

So I just installed windows last week. I've only had this configuration for about a week now. I do have the most recent BIOS and Video card driver. Every time I get the BSOD error, it is usually something different. I've gotten 1a, 18, 1f, 17..I can't remember all of them. I know that when I reinstalled my video card drivers...I went into safe mode and uninstalled all of the previous ones and installed the new ones and the computer ran fine through a few games of cs:go which before then it wouldn't do at all..so I figured I fixed it but now (JUST BLUE SCREENED - this time it was 3b) anyways. I figured it was fixed but obviously its not lol. Here are a few things that could be causing this, but I have no clue.

1. Device Manager - There is a caution sign next to the following

"Universal Serial Bus (USB) Controller"
"Universal Serial Bus (USB) Controller"
"Unknown device"
"Video Controller" (This isn't under "Display adapters") but rather other devices

2. "Display driver AMD has stopped responding and has recovered"
This happens pretty often. Usually every time I boot up but the video drivers are up to date. Could this have anything to do with the drives on my other drive? not sure.

3. Video Card Control Panel
I've checked the temps and what not, nothing seems bad with the video card.

4. Everything in the system is new other than the video card. The RAM, Motherboard, Processor, PSU, primary drive, and case (not that it matters) are ALL brand new.

The only things in the system that aren't new are the secondary drive and video card.

5. Windows install

Could it be that the install was bad? I had to restart the install like twice but I did format the drive before I started.

6. BAD RAM?

Could it be the RAM? I mean it's brand new...not sure.

7. 2.0 pci-e video card in a 3.0 pci-e video card slot

Surely this can't be it...

Anyways...thank you in advance for all the help.

I cannot open my USB Flashdisk, note: it's an MP3 player too, SANDISK Sansa e140

When I try to open it, it only shows a SHORTCUT (never been there before), and when I double-click it, this PROMPTS up:
RunDLL
There was a PROBLEM starting ~$WLVRSA.USBDrv
The specified module cannot be found.

Please help! I scanned it with both my AVG Antivirus and Malwarebytes Anti-Malware.

For security, I use MSE, a firewall, M.Bytes, & am careful to DEFRAG, do scans, UPDATES, WHATEVER. Is there more i should be doing, more programs I should be using? I once had Windows Defender, don't have it now.

Thanks for previuos help/advice I've recieved here   Windows Defender is rolled into MSE. Your PRESENT protection is about the same as what I have.

I have Avira Antivirus, SUPER Anti-Spyware and  Malwarebytes Anti-Malware - I run a FULL scan with each of these about once a MONTH, running each scan separately.  Would it matter if I ran the scans at the same time, or would this cause some sort of conflict?
Advice appreciated.

I have WINDOWS Vista SP2Well, I wouldn't worry about a conflict as much as I would performance. The scans would take forever. Just run one at a time.Thanks for that - it's what I expected.  They do take quite a time EVEN run separately.

TreeHello.

I am NEW here and have run into some PROBLEMS.  Could not OPEN icons, no volume, shadow volume error and more.  I moved everything to hard drive, trying to reload vista which starts my errors.   Drive is not set up correctly is an error when I pick my C drive to install.  Seriously needing help, even if I can RESTORE or something.   I have a Gateway.

Thanks,

FrazierSorry about the TreeHello, not SURE what happened.You said you tried to reload Vista but your OS shows as Windows 7. What's up with that? What do mean you moved everything to hard drive?

I usually send and receive attachments through mail. Now I am facing a problem, my computer is generating automatic attachments to all documents when I compose a mail.

If it is happening because of virus then please suggest me a fast and light ANTIVIRUS as soon as possible.

Hi there!

Scan for malware
 
Please download Malwarebytes Anti-Malware from HERE.
 
 
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the PROGRAM has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will OPEN in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be ACTIVE on the computer.
• Please save the log to a LOCATION you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that EVERYTHING is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs TAB in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

• Be sure to print out and follow the instructions PROVIDED on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and REBOOT the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

Just received an urgent EMAIL about virus called "windows live virus".  Couldn't find anything on the internet about this except a DEBUNK by Snopes in September, 2012.  Has ANYONE else heard this? Right here is the closest related to Windows Essentials (fake) Antivirus: HTTP://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alertThanks for the info DMJ.  I ALWAYS know I can get the proper info here.

I cannot get my LAPTOP to ACCESS MALWAREBYTES ...from the Hope site.Hi there. WELCOME to the forums.

What other issues are you EXPERIENCING?

My computer won't boot in safe mode it keeps returning to the screen that wants to know if I want safe mode or whatever. If I don't select normal it keeps going in circles. It started with moneypak ransom note now shows can't find web page. Will not let me do anything, goes quickly to the page and freezes out. Can some one please save me?
ComboFix scan
 
Please download ComboFix by sUBs
From BleepingComputer.com
 
Please save the file to your Desktop.
 
Important information about ComboFix
 

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

• Double click on ComboFix.exe & follow the prompts.
  
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be FOUND at "C:\Combo-Fix.txt" in your next reply.
  

• Download OTLPENet.exe to your desktop
  
• Download Farbar Recovery Scan Tool and save it to a flash drive.
  
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn  to burn the file to CD
  
• Reboot your system using the boot CD you just created.

• As the CD needs to detect your hardware and load the operating system, I would recommend a nice CUP of tea whilst it loads 
  
• Your system should now display a Reatogo desktop.

• Insert the flash drive with FRST on it
• Locate the flash drive and run FSRT
• The tool will start to run.

• When the tool opens click Yes to disclaimer.
• Press Scan button. It will do its scan and save a log on your flash drive.
  
• Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
  
  When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  
• Type exit in the Command Prompt window and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

start
2012-10-29 17:47 - 2012-10-29 17:47 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\ukovn
2012-10-20 13:22 - 2012-10-20 13:22 - 00000000 ____D C:\Program Files\IObit Toolbar
2012-10-20 13:22 - 2012-10-20 13:22 - 00000000 ____D C:\Program Files\Common Files\Spigot
2012-10-20 13:22 - 2012-10-20 13:22 - 00000000 ____D C:\Program Files\Application Updater
2012-10-20 13:22 - 2012-10-20 13:22 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Search Settings
HKLM\...\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [1111432 2012-10-16] (Spigot, Inc.)
HKLM\...\Run: [Windows Service] C:\Documents and Settings\Owner\Application Data\ukovn\ukovn.exe [154624 2012-10-29] (Auslogics)
HKU\Owner\...\Run: [Windows Service] C:\Documents and Settings\Owner\Application Data\ukovn\ukovn.exe [154624 2012-10-29] (Auslogics)
AppInit_DLLs:
2 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [799112 2012-10-09] (Spigot, Inc.)
end

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

• Double click on ComboFix.exe & follow the prompts.
  
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
  

Hi,


Sorry if I'm posting this question in the wrong forum, but since I'm not tech saavy, I wasn't sure where I should post this question.

A FRIEND of mine recently let a tech support staff remote access his computer to fix a problem. The techy had control for about 4 minutes and my friend said he watched everything that was done on the monitor. No suspicious activities were performed that he could see.

However, my friend realized that it may not have been a good idea to allow SOMEONE (even a techy) to remotely access his computer and is now worried that 1) his computer files may have been accessed, 2) his computer files may have been uploaded, 3) the techy could have installed software, trojans, or a "back door (not sure what this means but we saw it mentioned online) onto his computer during the time of access.

Could the techy have done any of this without my friend seeing it on the monitor?

Also, what are the chances that the techy could gain access to my friend's computer again without his permission/knowledge and what are the chances that the techy could "watch" what my friend does in the future?

As my friend is worried about this issue, we tried looking up more information on this topic but could not find definitive answers.

If someone can answer the above questions and provide any tips for my friend to be vigilant about, that'd be great.

Thanks in advance. Quote

Could the techy have done any of this without my friend seeing it on the monitor?

Also, what are the chances that the techy could gain access to my friend's computer again without his permission/knowledge and what are the chances that the techy could "watch" what my friend does in the future?

As my friend is worried about this issue, we tried looking up more information on this topic but could not find definitive answers.

uh ohh it restarted after like 45 minutes on longest i been on without restart its still RUNNING real fast but what the f**k is making it restart?

lol any other suggestions?

should i just try the remove cards and ram 1 at a time then seeing what happens when i run it?ummm yea just remove the ram and turn your computer BACK on and see if it continues to restart if it does then turn off the MACHINE and remove and replace another part Quote

should i just try the remove cards and ram 1 at a time then seeing what happens when i run it?

Has anyone ever used CLAMWIN free and Bitdefender Free Edition? I've READ about them from VARIOUS places, but am not sure about them. I've also heard that Bitdefender Free expires after a year...is that true?I believe BitDefender free only lasts 30 days as a trial (From what I read). Clamwin is okay, yet still no comparison to a full subscribed antivirus, which is what you should be looking for if you want maximum protection.Not sure why you WOULD want to use fringe products when there are so many better known ones, and free to boot.Well, I just want to see if they're worth using at all. I already use avast! and plan to get AntiVir.One antivirus running at a time is all you need. More than that causes PROBLEMS.

Aagh. Just when you think you're safe, you get hit again.

It seems that whenever I go to anything on About.com (sometimes Google leads me there when trying to answer a programming question) I get spyware/malware or something like that. For that reason I usually avoid About.com. Sadly, I don't always check the URL of the Google results, and I get stuck with this.

OK. I booted up the computer, so I could do some programming work. I soon got the error message:



OK. I have a GB of memory and a 2.2 GHz AMD Athlon 64 3700+ processor. The chance of me being out of system resources at all is small, let alone at startup. One possible cause: Malware.

Further confirmation came with a Ctrl-Alt-Delete and checking CPU usage. There was a huge spike in use right at the START (during which I got the message; during this time my PC was on the slow side, not to my satisfaction). Also, I checked Memory usage on the Processes tab of the Task Manager. A quick scan down the list showed that explorer.exe was using 23,892 KB of memory! Not good. doing elementary school math, I discovered that in all, I was out 67% of my memory (not just explorer, but all the background programs as well). Ooookaay, something's wrong.

Of course, I'm not a complete idiot. I started updating and scanning. A-squared found 7 malicious objects, all adware and tracking cookies. SpyBot - Search and Destroy found nothing.  AVG Free found my HOSTS file, but it always does that (actually, is there a way to get it to stop recognizzing my HOSTS file?). Ad-aware found 5 critical and 40 negligible.  >Pic< Last, and least, Norton found nothing.

After all this, I ran HijackThis to see if anything glared out at me. Nothing did, but maybe you guys will see otherwise. Attached is the log as usual. After all this work, though, I'm running Defrag. Dilbert,

You have made the point again of why people should have a dual boot Linux setup for accessing the INTERNET, if for no other use at all.   I find it hard to believe that About.com is a source of spyware.  I get an email newsletter from About.com and occasionally follow a link from a newsletter to the website.  And, a brief look with Google for some INDICATION that About.com has any association with spyware turns up nothing.  Maybe you'd better guess again.
Do you have a regular maintenance schedule for your computer?
For you I'd recommend a clean OS install once a Month.  LOL .................... Ya , but he's using Grams computer ....lol......
She wont be HAPPY .......


dl65  Grammy is going to change her logon password on you!   It's my PC. She let me being my supa-coll electricity-guzzling supercomputer to her house.

Anyhow, I may be wrong about About.com but it seems to coincide with that site. Then again, I visit a lot of sites on my machine while reserching different coding techniques and any one of them could have malware on it. :-/

I'm taking it that my log is, malware speaking anyway, clean? If so, I'm happy; I booted my machine this morning and didn't get the error. It's also running a tad faster (defrag does work after all; Norton's Speed Disk is Norton's one redeeming factor) than before, and my CPU usage is far from 100%.

Oh yeah, I also forgot to mention that after getting the error I also updated SpywareBlaster and downloaded a new HOSTS file. You think maybe I'm overreacting a little?

(As an aside, I have a question about SpywareBlaster. Does it need to be running while I browse the net to work, or does it work "behind-the-scenes"?) Quote

(As an aside, I have a question about SpywareBlaster. Does it need to be running while I browse the net to work, or does it work "behind-the-scenes"?)

Oh, I thought it was supposed to run in the background like too many programs today do. Ah, I had to ask that stupid question sometime.

Dilbert,

You have made the point again of why people should have a dual boot Linux setup for accessing the Internet, if for no other use at all.  

i have a big bropbleme here my bro downloaded some pron of limewire and that file does not want to be deleted?

when you right click it only has the options of windows media?open with and add to...

i can't rename it or even change the propreties.i have tryed in safe mod.

i tryed appz like killerbox ,adaware and even bit defender ,....

im out of ressource and im freaking out...

help pleasepron of limewire? What is that supposed to mean? Out of resource? Does that mean you have tried everything, or your computer is running out of memory? Try retyping your problem so we can understand it.ok.he dowloaded xxx rated files on limewire (peer to peer)

when it came to delete the file it WOLD not.

i have tryed RENAMING the file ,using all kinds of appz to remove it and even in safe mode admin it wold not budge,i can't even move it.

now i will try move on boot to see if that works..okay. open task manager. open a command prompt.  leave task manager running but end-task explorer.exe process. type "cd" then the path of the file.  Then type DEL and then the file name.  the wiredest thing happend i juste when to get the full path and i right clicked it and the delete was there?

FUNKY.....anyways thx a millionno problem.  8-)*Mother enters in bedroom door* and just in time too!LOL i put him in as a USER and blocked every thing!hey can't download or use lime wire...scared the [email protected]#$% out of me..imagine if my wife would of got to it...lolYes, there is a lesson to be learned here.

Hi everyone.  I need help.  My son downloaded "Morpheus" and I can't get rid of it.  It has an Uninstall feature that won't work and I also tried GOING thru "Add and Remove" PROGRAMS.  Nothing happens, computer just hangs.  How do I get rid of this program?  Thanks to all.  Sometimes things get broken in the uninstaller, and a reinstall THEN an uninstall works wonders.ahhhh morpheus  .....should have used LIMEWIRE.................GX1_man is right, reinstalling usually works....or try to get rid of it in safe mode.

I hate it when that happens. It ACTUALLY has happened to me the most when tryin to remove Norton. Very PAINFUL to get rid of.Hey, I got lucky.  I got rid of it.  I have a firewall (Zone Alarm).  Every time I tried to uninstall Morpheus-- it would try to access the internet.  Zone alarm was blocking it so it couldn't get on-line.  Well I finally gave up and allowed Zone Alarm to access the net.  Morpheus wanted to know why I was ending their program.  I clicked on one of their responses and WHAM------uninstall was activated by Morpheus.   Thanks a lot for your help.  I hope this help someone else.Thanks for posting back.

I've had my computer for a couple years, and as long as I can remember, it's stalled for about a half-second once every 10 seconds. But not always. Most often when I'm playing a game or watching a movie, and sometimes after a while it'll go AWAY. I've noticed also that (what I think is) the hard drive LED on my case flashes at the same times the computer stalls. This leads me to think it's a hard drive problem, but I still have no idea where to go from there.

I'm not really sure what computer specs to include, so here's what I know and what 'dxdiag' tells me.

Mobo: Asus A7N8X-X
Processor: AMD Athlon XP 3000+ ~2.2GHz
Graphics Card: Radeon 9800 Pro 128 AGP
Memory: 1024MB RAM
Page file: 531MB used, 1163MB available
HD: 7200RPM 120GB SEAGATE "Barracuda"

Anyone with any ideas, please let me know. This is my computer's curse, and to BREAK it would be incredibly relieving.

Thanks in advance,

-TonyMkae sure it's clean...
Online Virus SCAN and Spyware Scan
http://www.pandasoftware.com/products/activescan.htm

Online Malware Scan
http://www.ewido.net/en/


Are you using Norton?Trust me, it's clean. I had the latest Panda trial recently, and it didn't find anything. Besides, I regularly go through my Task Manager and check for ugly-looking processes.

And no, I'm not using any firewall programs.Does it stall in safe mode?
You really should have a firewall.
You could post a Hijackthis log so we can see what's running on your computer.
It still wouldn't hurt to run the online scans I suggested.I've never tried going into safe mode to play a game.. but I'm guessing it wouldn't..

Here's the log from HijackThis. I don't know what to make of it. Quote

Does it stall in safe mode?
You really should have a firewall.
You could post a Hijackthis log so we can see what's running on your computer.
It still wouldn't hurt to run the online scans I suggested.

Trust me, it's clean.

Trust me, it's clean. I had the latest Panda trial recently

Hi

I'm running Windows XP SP2. AVG anti virus. ZoneAlarm Firewall.

Running on dsl through a proxy server.

I've SEEN a few attempts for the first time today, my ZoneAlarm log:

FWIN,2006/08/05,22:32:04 +2:00 GMT,192.168.36.1:137,192.168.0.93:137,UDP
FWIN,2006/08/05,22:32:04 +2:00 GMT,192.168.135.1:137,192.168.0.93:137,UDP
FWIN,2006/08/05,22:32:04 +2:00 GMT,192.168.36.1:2843,192.168.0.93:139,TCP (flags:S)
FWIN,2006/08/05,22:32:06 +2:00 GMT,192.168.135.1:2844,192.168.0.93:139,TCP (flags:S)
FWIN,2006/08/05,22:34:24 +2:00 GMT,192.168.36.1:2849,192.168.0.93:139,TCP (flags:S)
FWIN,2006/08/05,22:34:24 +2:00 GMT,192.168.135.1:2850,192.168.0.93:139,TCP (flags:S)
FWIN,2006/08/05,22:35:30 +2:00 GMT,192.168.36.1:2868,192.168.0.93:139,TCP (flags:S)
FWIN,2006/08/05,22:35:30 +2:00 GMT,192.168.135.1:2869,192.168.0.93:139,TCP (flags:S)

That is just a few. The first Ip is the intruder, second is my IP.

I am not a security expert. Is there a way for me to see or trace or whatever who is doing this?

RegardsWell, I'm not an expert either, but have you tried a the tracert? (traceroute)?
If you don't know how go to Start ---> Run, type "cmd.exe", and finally type tracert <INTRUDERS IP>
What does it SAY? You might be able to find his ISP, and then report him to [email protected] or something of the like.

EDIT 1: Nevermind, I guess you won't really be able to trace him because I think your being scanned from within your own network because all the addresses start with 192.168.

EDIT 2: I don't really know what this means, but I know that all the IP addresses are Local Network addresses because they start with 192.168. I guess that means that whoever is intruding must be inside the network or something.

EDIT 3: It looks like the intruder is scanning your NetBIOS ports probably looking for shared files/printers. As long as you don't have File and Printer Sharing enabled I don't think you have to worry about him getting in that way.It is possible that someone on my network is trying to access my pc. You see, I'm connected to my neighbour. He is running dsl. I get internet through a proxy set up on his pc. He also has an wireless antenae on his roof. So, maybe someone is CONNECTING through that.

I know of the tracert command, doesn't work by the way. Isn't there another way of me FINDING out who tried to access me, a piece of software or something?

RegardsYou're only as secure as he is, and how you have things set up.Travel here for tons of info on your vulnerabilities and solutions...

https://www.grc.com/x/ne.dll?bh0bkyd2

patio.   8-)

Under the windows folder i have found a folder CALLED "internet Logs" containing "IAMDB.RDB" and a text file for each day with my internet logs.

I have put this file into google and have found mixed results. Some say this is spyware and others say it is a LOG that Zone alarm keeps (which i run) It looks like it has been running for a while as the text files date back a while. I run anti virus and spyware detecting spftware whihc have never to my knowledge picked this up.

So what is this and should it be there?

CheersIt does appear to part of Zone Alarm, it is the Rules data BaseCan i delete the text files containing my surfing log? Nigel.......   That is indeed part of Zone Alarm ....... and yes you can delete it , however it will keep comming back .......
Do you have something to hide ?

dl65  Sygate has options to delete the log files, disable the log files or limit their size by time kept or KBs.
Perhaps Z Alarm has similar features.No Nothing to hide........ But i'm always concerned with my actions being tracked whether on a computer, cctv or the travel CARD i use on the underground.... its 1984 and big brother is watching Quote

No Nothing to hide........ But i'm always concerned with my actions being tracked whether on a computer, cctv or the travel card i use on the underground.... its 1984 and big brother is watching

I need someone to explain these installation instructions to me as I try to install this patch. I know very little about where to find THINGS like SQL Servers. I have done searches on the internet to find what pack of SQL I have but I don't know where to run what that tell me to run. I dont even have the path where it tells me to install this patch at.  This patch is to stop attacks from Helkerns which Kaspersky keeps repelling more than 10+ while I'm surfing the net.  If someone could help me I would be so grateful.


===================================================================How to Apply Microsoft SQL Server 2000 Hotfix 8.00.0636 for Ssnetlib.dll
===================================================================

Please read this file thoroughly before you proceed with any of the hotfix installation steps.

Hotfixes are intended for interim use until the next service pack is available. When the next service pack becomes available, you should upgrade immediately.

When you run a hotfix, if conditions arise that require the assistance of Microsoft Product Support Services (PSS), you may be asked to upgrade immediately to a newer hotfix or the next service pack. You may be required to install the upgrade to expedite troubleshooting and problem resolution.


***********************************************************************
This hotfix requires the installation of Microsoft SQL Server 2000 Service Pack 2. You MUST install SQL Server 2000 Service Pack 2 before you apply this hotfix.
***********************************************************************


This hotfix contains the following files:

Ssnetlib.dll - Server-side Network Library
Ssnetlib.pdb - Server-side Network Library symbol file


If you install this hotfix on a server that is running Microsoft SQL Server 2000 Enterprise Edition with clustering enabled, please use the section titled "Hotfix Installation Steps for SQL Server 2000 Enterprise Edition with Clustering Enabled" for installation instructions. All other environments should use the section titled "STANDARD Hotfix Installation Steps."

In the instructions that follow, the designation refers to the path on your disk in which the SQL Server files are installed. This path is typically :\Program Files\Microsoft SQL Server\Mssql. Note that the Mssql directory may be MSSQL$ for a named instance installation.

Please contact Microsoft PSS if you have any questions or problems with this hotfix build.


Microsoft PSS
Critical Problem Resolution


===================================================================
Hotfix Installation Steps for SQL Server 2000 Enterprise Edition with Clustering Enabled
===================================================================

1. Install SQL Server 2000 Service Pack 2. Do not proceed any further until you  successfully install SQL Server 2000 Service Pack 2.

2. Navigate to a node of the cluster where the SQL Server instance is currently not running.

3. Make a back up copy of the ssnetlib.dll files from the \Binn folder and the ssnetlib.pdb files if they exist from the \Binn\Dll folder.

4. Copy the ssnetlib.dll files from the hotfix self-extracting archive into the \Binn folder and the ssnetlib.pdb files into the \Binn\Dll folder.

5. Failover the SQL Server instance to the node in which the new binaries are now installed.

6. Test the SCENARIO for the bug that this build fixes to verify that your problem is resolved. Notify Microsoft PSS immediately if your problem is still unresolved.

7. If, for any reason, you encounter a problem with this hotfix build, you may go back to the previous build by restoring the files you backed up in step 3.

8. After you verify the hotfix, REPEAT steps 1 through 3 on the remaining nodes in the cluster.


===================================================================
Standard Hotfix Installation Steps
===================================================================

1. Install SQL Server 2000 Service Pack 2. Do not proceed any further until you successfully install SQL Server 2000 Service Pack 2.

2. Shut down the Microsoft SQL Server and SQL Server Agent services.

3. Make a back up copy of the ssnetlib.dll files from the \Binn folder and the ssnetlib.pdb files from the \Binn\dll folder.

4. Copy the ssnetlib.dll files from the hotfix self-extracting archive into the \Binn folder and the ssnetlib.pdb files into \Binn\Exe folder.

5. Start the Microsoft SQL Server and SQL Server Agent services.

6. Test the scenario for the bug that this build fixes to verify that your problem is resolved. Notify Microsoft PSS immediately if your problem is still unresolved.

7. If, for any reason, you encounter a problem with this hotfix build, you may go back to the previous build by restoring the files you backed up in step 3.

Hi guys.

I recently noticed my computer running slow and there was definitely some kind of problem. I have run my antivirus software (bidefender) which tells me there are no problems, and also I have been running various anti spyware programmes. They usually find a few things, but then delete them.

But when I do a search at google or anywhere, I ALWAYS get this WEIRD pop-up telling me to go to this website for whatever I have searched for. So how would I get rid of this? I hope if I can get rid of this, my machine might be back to normal speed.

Many thanks for any replies posted.
kop44.Download and install ShootTheMessenger and turn off messenger service...

List all the malware apps you have updated and ran.

patio.   8-)Hi.

I used the "shoot the messenger" programme, and it stopped the message appearing so thank you for that.

But my computer still seems to run a slower. Am I now just hiding the problem instead of getting rid ot it?

Is malware the same as spyware? WELL I have used spybot, ad-aware, windows defender and also ewido.

Thank you.Update them and then try again in Safe Mode. See what happens.What firewall protection are you USING?  

In addition to the adware and spyware removal programs, I think installing CCleaner would be a good idea.  It's a good tool for disk cleanup and doing some registry cleaning, both things that can improve performance. Quote

Download and install ShootTheMessenger and turn off messenger service...

List all the malware apps you have updated and ran.

patio.   8-)

Just because this needs to be POSTED every now and then:

http://www.spywarewarrior.com/rogue_anti-spyware.htmOne of the absolute best resources on the web...

THANX Again GX1Man !

PATIO   8-)i think i should have my grandma and the rest of my family have a read because they do LOVE installing whatever pops up infront of them.

thanks for that list, it might save me some WORK some day.

hi, I am currently running 2 virus programs but have been told to delete one.. but which one...

I want the best protection but not sure which of these programs to go with..

HHHEEEEEELLLP....

  tori......  Yes , you should only use one or the other ....2 is not better .
Now , I must ask , which version of Norton are you using and is it a stand alone product or part of a suite ?


dl65  norton antivirus 2006, v 12.2.0.13.. it isnt part of a suite...tori......   First of all let me say ,that I have 3 machines ...and use Norton Anti-Virus on the main one and AVG ( free ) on the other 2 ........
I have never had a virus ..... slip past either Norton or AVG .......
Scheduled scans ....... The Norton has the ADVANTAGE here in that you can schedule regular virus scans . ( I let my pcs run 24/7s and Norton does a full system scan each day 2am ) With AVG , I must manually run the full system scan on the other TWO whenever I think about it .
They both do auto updates .......... Norton usually does an auto-update on Wednesday of each week , where AVG will look to see if there are any up dates daily.
When it comes to trojans , Norton , sees more than AVG I think ....... however is unable to deal with some of them .
When Norton is running , doing a full system scan , it uses up a lot of the machines resources ...so you might almost just dont use the machine until it's finished ....... AVG is much better in this area.   ( thats why I run Norton at 2 am ) So this isnt an issue for me .........
Symantecs site provides a greater number of virus specific removal tools than does AVG .........
If you wish to remove Norton from your system for whatever the reason ........ It isnt just a matter of going to the CONTROL panel and using the ADD/REMOVE feature ........ there are many bits left in various places on the machine ....... however Symantec have a Norton remover available on their website.
AVG , is much easier to remove , but even it leaves bits behind .......
Now to the big question ...... which one is better ..............  They both do a good job.  I really don't know ......... I am comfortable using either one of them ...........
I don't know if this HELPS you or not......... but you only REQUIRE one ......... not both.

dl65

nope its still doing it, but i talked to dell and  they are sending me a xp dixc so i can reformat...

thanks for all of your help

by the way did you make that batch?Did you check your hosts file for a re-direct? Quote

nope its still doing it, but i talked to dell and  they are sending me a xp dixc so i can reformat...

Sadly we never got to the end of the little fact finding mission, not to worry, can you post a fresh HJT log just to be sure you are OK.

Nothing major, just some datamining cookies that Ad-Aware usually finds. My AV, AntiVir may be a bit overly aggressive though. It has flagged simple utility programs (pskill.exe, ntregopt.exe and the MAGICAL Jellybean Key Finder) as viral activity.

 8-) Quote

cuz if he hasnt done any scans laely then he WONT really know whats in his computer...

what do those programs do?

like you know the application is called "IceCold" is a SMALL app. to prevent msn login (it use (maybe) Brute FORCE attack)

as it send 6 login qeuest per secont to provide hotmail lock account.


i can login via hotmail but can not login msn messenger

how can i login msn ?

how can i prevent it ?Actually the app is called IceCold Reloaded. Why WOULD you use such a product? The web site is listed as www.crapware.tk and the email address is [email protected]. Shouldn't this tell you something?

Apparently you can TOGGLE between freeze and defreeze mode by using the appropriate button on the main window.

 8-) Quote

Actually the app is called IceCold Reloaded. Why would you use such a product? The web site is listed as www.crapware.tk and the email address is [email protected]. Shouldn't this tell you something?

Apparently you can toggle between freeze and defreeze mode by using the appropriate button on the main window.

 8-)

see ?

i have a website set up on an external server, can any program be placed on my website that would then enable it to hack into my computer - i hope this makes sense.

THANKS pepiNo it does not. Please explain in more depth and with many details about your setup.

A good question usually takes more than one sentence.  
i have my website located on an external server with the COMPANY having access to my email account as they know my password. can a virus be placed into my website so that when I open it it could scan my computer - however I assume that would mean that any computer that openeed my website would also be scanned. the only reason I am asking is that I received an email on my WEBMAIL account that when I had opened the email closed and deleted it and then I reopened it and then I noticed an attached file that was a photo show. This photo slide show at the outset showed a conference table and then individual photo shots of heads, it then showed website pages I had visited and also the photo of an order I had placed over the internet, so was it a viral email that GOT access through my webmail or could my website have had ANYTHING to do with this?

Thanks Pepi

Can SOMEONE give me a plain-language definition of "HIJACKER" or "hijack" so i can EXPLAIN it to a customer?  This person, until a week ago, was not aware that it was possible for the browser or computer to be hijacked and doesn't see the point of having hijack DETECTOR program.

I know what it MEANS, i just don't know how to explain it adequately in plain english. :question :question :questionhttp://www.google.com/search?hl=en&lr=&q=hijack+definitionthanks.

So.  I used spybot, ccleaner, norton, ad-aware in safemode.  Norton and ad-aware found nothing, but spybot and ccleaner found over 150 issues, programs, files, etc.  Yet, my computer still is driving me crazy with the same popups.  I use Mozilla and they open up new tabs and RESIZE my internet window.  The popups are from partypoker (I've never been there), heavy.com, telling me I need disk cleaners, stopzilla, etc.  What else can I do?  I work out of my home and this only began last Friday [highlight]when I let my mother do something-or-other on it.[/highlight]  I also tried a system restore, but that didn't do anything.  Not that I really expected it to ...

That would be an important bit of info to find out.

You may be so compromised you get to reinstall Windows. (Do you have a real Windows CD, by the WAY?)

But try running Hijack This and post a log file here after you run ALL of those SCANS again in Safe Mode with System Restore turned off.  

http://www.majorgeeks.com/download3155.htmldid you do all of the scans in safe mode with the system restore off??Yes, I did.  And I kept it in safemode and ran the scans multiple times until they all came back clean.

It did not work.ok http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

save that to your desktop extract the file to their own folder.. go into safe mode and run "runthis".bat


if that doesnt work check your host filesTurn off the Messenger service. To do this, follow these steps:
1.      Click START, and then click Control Panel (or point to Settings, and then click Control Panel).
2.      Double-click Administrative Tools.
3.      Double-click Services.
4.      Double-click Messenger.
5.      In the Startup type list, click Disabled.
6.      Click STOP, and then click OK.

If you are networked, get a router and a decent firewall - not windows built in crap. If you find that you actually need Messener service running, go to:
http://www.grc.com/stm/shootthemessenger.htm
This 22 byte utility will allow you to turn it on or off at will.

Hi All

I have just run all my spy/adware. After doing so I was checking through my computer and noticed within the spybot search and destroy folder recovery there was a large list of ZIPPED items (altnet ect) that spybot had previously had FOUND and fixed.My querie is do I delete them?

Thanks
CazzieDo you need the drive SPACE, is this a security issue, or is it a matter of housekeeping?Hi GX1_Man

Just house keeping. I'm a stickler for tidyness
So would it be okay/safe to delete them?

Thanks
CazzieYes, that is FINE.  Thanks GX1

it might just be easier to do a reformat.... but lets see what the experts sayhave figures out (i think) where the problem is! The game i was playing at the time it first crashed is football manager. I have been trying to uninstall it but everytime i do it crashes! is there anyway to get it off my computer or am i stuck with formatting it?The whole thing SOUNDS FUBAR'ed. A good format and reinstal would have fixed it by now.  How did you TRY and do the memtest86 test?
Did you extract it to a floppy then boot to that floppy?
A clean install won't fix a hardware problem so I'd try Memtest first.Well i hadnt TRIED doing a memtest that way but i have decided to take this opppurtinuty to upgrade my graphics card, MOTHERBOARD and add extra memory!

Thankx guys for all ur support and time!  With a new motherboard you will need to format and reinstall Windows so this is a good time to address all issues.

Let us know how the story ends.  hey guys

a short update, i have got a new motherboard and graphics card! however it wasnt any of those that caused a problem nor was it a software problem! It turns out the problem is with my HARD drive so i am going to take this oppurtunity to get a bigger hard drive

will keep you informed!

(i am sure that someone had already told me that a complete re-format probabl;y wouldn't do the job!! lol)

Hi,

I was wondering if anyone might be able to help me out. I'm looking for a BETTER package that comes with ANTI Virus, Anti Spyware and Anti Adware (All in one) for a small business. I mean there are some like Norton, McAfee, etc but i don't like to use Norton or McAfee. I guess i'm looking for some other new brand.

Thank you in advancePersonally I don't start with the assumption that an all in one is the BEST solution, but that's just me.

Outside of those, eTrust, PCCillin and Kaspersky are the next big names if that's what you want.i like getting an av from one company that just does av and same with my anti spyware and adware and firewall. associates....... I , like GX1_Man don't feel that a all in one is the way to go ........
I use , a AV of my choice , antispyware of my choice  and so on .
PLUS I haven't come across any one that does a great job at all those THINGS .......
What one will find , another may or maynot ....... and thats just not good enough.


dl65