Explore topic-wise InterviewSolutions in .

Yes. You helped me greatly.

I'm looking for the pop up message entering your site, it's missing. Tell me something about how our elected officials are trying to hurt your cause and how I can sign up.

Quote

I'm looking for the pop up message entering your site, it's missing. Tell me something about how our elected officials are trying to hurt your cause and how I can sign up.

• Activate UAC (optional; some users prefer to keep it off)
• Remove DISINFECTION tools
• Create Registry backup
• Purge System Restore Points
• Re-set system settings

i ve got the same issue, if there is no other solution i will have to format the hard disk and SET it up new.
maybe the partition with the restore files is broken?Quote from: anabel365 on September 06, 2014, 11:44:57 PM

i ve got the same issue, if there is no other solution i will have to format the hard disk and set it up new.
maybe the partition with the restore files is broken?

Each time it takes me to the HP recvery manager where my only chices are set computer back to factory setting or go to a restore point. I tried restore point and it says there are none.

• Place a BLANK CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Now you should be able to save all your important data to an external drive or DVD's

I am browsing in the public library .

1. May be the conduit virus dued to an indirect attack to the public library server with a static IP ?
2. When I abandon the public library i don't observ any problem after removing the viruses. So may be more difficult to infect if you have a dynamic IP ?
3. When I return to the public library and inmediately after LOG in in the wifi connection i observ my system stressed, but I have no virus from the day before. So how can i protect against this situation ?

Best Regards
Quote

2. When I abandon the public library i don't observ any problem after removing the viruses. So may be more difficult to infect if you have a dynamic IP ?
3. When I return to the public library and inmediately after log in in the wifi connection i observ my system stressed, but I have no virus from the day before. So how can i protect against this situation ?

• It should update automatically if the computer is connected to the internet.
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete make sure all the infections have "QUARANTINE" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When DISINFECTION is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)

Used space is 47.6 GB
Free Space is 399 GB

Speed test
Ping - 155 ms
Download speed : 9.22 ms
Upload speed: .92 ms


That is much too slow. You should contact your ISP. What should I say to them?

off TOPIC: I've NOTICED that sometimes wmpnscfg.exe still pops up for a second when my WIFI cuts off.
Sometimes when I'm next to the router the bars on wifi icon disappear?
And still iexplore, avg tune up pop up Tell them that you did a speedtest and it was very slow. If you want to RUN speedtest again you can rate your ISP by clicking down in the lower left HAND corner. I'm sure it will be rated very low. Also tell them that you keep losing your connection.

Hello Superdave!
Just thought I would update you on what I have found out. went out and bought a new hard drive and reinstalled OS. A bit tedious, but got all windows updates done, plus all the programs and applications that my mother uses, all updated. also restored files from back-ups taken from old hard drive. After all was said and done computer was running like a dream for about 3 WEEKS and then mom calls me and says she has a problem.
Well I noticed right off it was pretty much doing everything that I started this thread for (slow boot up, programs taking over a minute to open, getting page cannot be displayed in IE, and hanging in firefox. just a slow and sick computer again. first off I ask her if she had downloaded or installed any new programs or applications. She told me that she had trouble with her online banking and had to call them and I guess they told her it would be in her best interest to install an application called Trusteer Rapport and PROCEEDED to walk her through installing it. my thought was to restore the computer to an earlier time before she installed Trusteer Rapport. Once in restore points I noticed that there was a restore point for everyday and even several times a day that said "installed Rapport". I then went back to a restore point before the install of Rapport and it was successful. After that the computer started running like a charm again.
Told Mom it could have been a bad install, so proceeded to install it again and the same problem's started occurring again. So just uninstalled it and things went back to normal again. Told Mom to GO into her bank and see if she had any problems with getting in and doing things. She had no problems, so I figure she didn't have to have that application.. so it will be left off her computer. She is happy now again !
I noticed by going through this thread that she had Trusteer Rapport on her old hard drive installed too,(dunno why I didn't question it then ). We did have old hard drive tested and was told it was starting to fail, but I started thinking maybe this Rapport app could have been a prominent cause of her problems also, as this hard drive is brand new and experienced much of the same problems! Started doing some research on Trusteer and noticed a lot of other people had the same problems after installing it, with slow and sluggish computers.
Anyhow Just thought I would update you with this information and possibly maybe help someone else on how this was solved. Thanks again for all your help!! Have a great day !
Quote

I guess they told her it would be in her best interest to install an application called Trusteer Rapport and proceeded to walk her through installing it.

This was a particular game which was clicked on by accident. I began seeing double underlined words in my text I couldn't get rid of. I just recently removed Google Chrome from my system, now the underlines seem to be gone. However, is this just a game, or is it a virus of some sort they don't tell you about? Is there more I need to do? I hate to lose Google Chrome since I need it for so many applications. Any other suggestions?I can't find too much info about that program that indicates that it is malicious. Why not re-install Chrome and see what happens. We can always run some scans to see what's on your computer.My wifes computer recently started doing the same thing... "Double Underlined Words in text of websites etc". And I am glad i read your post here. While I am not authorized to make any suggestions here in this thread, I have some info on the Arcade YUM, as well as now KNOW what to target on my wifes system that is having the same issue.

On Arcade YUM .... My wife saw an ad for Donkey Kong Arcade Classic for free play through YUM. She installed that and then it left her at here: http://www.arcadeyum.com/ where Donkey Kong was nowhere to be found, until you manually search for it and come up here: http://www.arcadeyum.com/Search?term=donkey

She has AVG Antivirus as well as MalwareBytes Free editions. Both come up with no problems detected.

The double underlined text on the website that seems to happen now ever since she installed that game have hyperlinks to www.coupons.com and the links are just as reported at this site here: http://malwaretips.com/blogs/green-double-underlined-ads-removal/

Last night i was looking into this problem and didnt put this problem together with Arcade YUM that she installed a few days prior. So I want to thank you for sharing this info as for now I know what i will be uninstalling right away as well as hopefully the hyperlink hijacker type of adware can be easily removed with its uninstallation.

The scary part is that MalwareBytes and AVG detected no problems, yet there is a definite problem!

Please download AdwCleaner by Xplode onto your Desktop.

Before starting AdwCleaner, close all open programs and INTERNET browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to REBOOT the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows VISTA or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

Please give me an update on how your computer is working now.malwarebytes is still picking up the PUP.Optional.MySearchDial.A

Well I found out how to look at the invisible folders through "Folder Options" and traced it to "C:\Users\Saajuk\AppData\Local\Google\Chrome\User Data\Default\Prefrences" which is where malwarebytes is telling me "MySearchDial" is located at (pls look at picture)


http://i928.photobucket.com/albums/ad126/Saajuk/Capture227_zps1efcdf39.png


There are 2 preferences. Ones "Preferences~RF4cf33.TEMP" (which looks weird to me) and the others just "Preferences". Is it safe to delete one? or is one of those not suppose to be there?Could this be an add-on in Chrome?do idea, how can I check?Open Chrome and open Tools. You should see something there about add-ons where you can disabled or enable them.The only addon I had was Google Docs and I disabled it. Still did not fix the issue.Please delete that temp folder and run MBAM again and post the log.Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/26/2014
Scan Time: 4:28:33 PM
Logfile: log 1.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.26.09
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Saajuk

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317203
Time ELAPSED: 9 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.MySearchDial.A, C:\Users\Saajuk\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=irmsd0202ch&cd=2XzuyEtN2Y1L1Qzu0EzztAzy0D0FtCyE0CtByByCyC0AzzyDtN0D0Tzu0SyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1943442087&ir=" ],), ,[653ca1ffd0abf73ff4162dbae71d28d8]

Physical Sectors: 0
(No malicious items detected)


(end)







seems to not WORK. I tested on another pc with a older version of MBAM (not sure exactly which version but it was 82 days out of date) and it did not detect it. When I updated to latest version it started to pick it up. I deleted it from prefrences like you said and ran the scan a few time and it did not pick it up, I thought it was fixed but I just did it again and it picked it back up in the same location. I went back to see if the Temp file was some how restored but it was gone.

EDIT: Anyways I found an option to turn off the pop up for PUPs so that was really the only annoyances I had. Nothing seems to be affecting my laptops performance so I think we can say its fixed. thanks.

Do you use Chrome and MBAM? I am interested if you would get the same thing, just curious.

using MBAM ver 2.0.2.1012Quote

Do you use Chrome and MBAM? I am interested if you would get the same thing, just curious

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create Registry backup
• Purge System Restore Points
• Re-set system settings

Read this, starting at the big BUT...
http://blogs.angloinfo.com/i-ve-lost-my-internet/2014/04/27/avast-safeprice-how-to-remove-that-flippin-pest/I found it funny that it only allows you to DISABLE it for 24 hr period and then its enabled again.. Quote from: DaveLembke on July 19, 2014, 03:30:19 PM

I found it funny that it only allows you to disable it for 24 hr period and then its enabled again..

If an anti-virus SOFTWARE such as Avira tells you that it has detected Trojans in the System VOLUME Information of an external USB hard drive and gives you the opportunity to quarantine them - if you agree to do that will you still be able to open the drive and access your data properly ? I don't want to take a rash decision and lose access to my information.

Please advise.Quarantining the infections shouldn't affect your ability to access the drive. Why is there a System Volume on that drive?I don't know why there is a System Volume on the drive. I have read that Windows will put them on all drives if you haven't instructed it not to. The drive that has shown this is connected to the XP machine that you were helping me with recently.

I had some initial trouble with that computer yesterday when I couldn't get Control Panel to display anything when I wanted to install a program. A second try let me and I thought it was a temporary glith and that everything was OK.

Later on, when the Firefox browser was getting unresponsive and complaining about Silverlight, I decided I would try to uninstall that plug-in. Control Panel was very slow and then I couldn't get the list of installed programs to display. I wanted to select the Silverlight plug-in from there to get rid of it.

I then tried to turn off the machine but couldn't get it to switch off even when I asked via Task Manager.

In the end I had to long-press the physical computer power button.

I re-booted and it got to the log-in screen but my cursor was inoperative (this happens a LOT with both of my Lenovo T61s so I don't know if it is just a Lenovo quirk). I plugged a mouse in to request that the machine shut down again.

It said something about br_funcs.exe (0XC000142) function failed something and then closed.

I re-booted and decided to log in as a different USER to see if Control Panel and program removal would be functional under another profile. They were. I removed Silverlight from that profile and deleted some media files that I don't need. Then I took the dog for a walk and thought the machine had settled.

When I got home Avira was reporting that it had blocked access to a file in G:\SystemVolumeInformation

the file is A0068235.exe containing the virus or unwanted program TR/Drop.TDss.aeag

I am not familiar with what A0068235.exe is but the named Trojan is the same one that was identified as being linked to HoldemIndicatorSetup.exe

This is the Windows XP machine you were helping me with in an earlier thread. Avira's Real Time Protection is offering the Action "Move to quarantine". My choices are "Apply now" or "Cancel".

What do you recommend ?

Could I have been infected by a Trojan last week that got in via my mail program on drive F and then changed itself into a fake Dr Watson that is trying to regenerate itself via the System Volume Information on the G drive?

Googling System Volume Information made it look as though it is something that Windows places on all drives by default and that it is to do with Restore Points. I don't know why anyone would want restore points or unemptied trash cans on EXTERNAL drives.

Some of the random forum posts I have found regarding the topic of System Volume Information on external drives make it look like they are a route for lurgies and that they are hard to eliminate. Some people were talking about using Linux CDs to access the System Volume Information Folders in order to delete them and to stop them constantly regenerating with the same virus.Quote

Avira's Real Time Protection is offering the Action "Move to quarantine". My choices are "Apply now" or "Cancel".

What do you recommend ?

Some of the random forum posts I have found regarding the topic of System Volume Information on external drives make it look like they are a route for lurgies and that they are hard to eliminate. Some people were talking about using Linux CDs to access the System Volume Information Folders in order to delete them and to stop them constantly regenerating with the same virus.

Why did Avira see the rogue file in the System Volume Information of an external drive when I wasn't doing anything ?

Is it normal for external drives to be accessed from time to time?

It has a light on it so I can see when it is communicating with the computer. Since the problem, I have stopped actively using it but, from time to time, its light flashes so SOMETHING is going on.
Is that normal ?

I wonder if I may have been hit by a browser hi-jacking of some kind when the peculiarities with this Windows XP machine began with the file detected on drive F and then the alteration (?) of the Dr Windows file(s).

What do you think ?

How foolish is it to continue to connect to the internet with Windows XP at all ?

As MSE is no longer updated for XP, do you mean you recommend against choosing MSE on more modern OSes like Windows 7 ?

Just this morning, i was just transferring huge FILES on my hdd NORMALLY.
But just this night, plugged in my player, saw all the files and folders turned into shortcuts. I COULD still open them though. But that messed up my mp3 player. GREAT. So now i have 2 problems.

Ive asked for help and did CCleaner scan, MalwareBytes scan, adwcleaner and avira scan.

Still nothing. Every time i copy a file to a sub, gets turned to shortcuts.

What should i do?How did you transfer the files?Do you think that was to blame? When i transferred those files?
Well i transferred them normally. Just a USB connector. The other one is a bit complicated cause it is an internal hdd. i just used a sata to usb connector.

I thought everythings gonna be fine when i wake up today but its still the same. What I meant was did you copy and paste or something like that to transfer the files.Yeah I cut and paste from one DRIVE to another. Thats it. And copied one file from my desktop to the other drive. Why?Cut and paste is not a good way to do that. If something goes wrong, you've lost the file.
Quote

i was just transferring huge files on my hdd normally.

Having got in a pickle lately, as my other threads illustrate, I have run an Avira scan on hard DRIVES connected to a Windows 7 PC that I hope has no problems. It has stopped 82.5% of the way through the scan but has shown some detections that it is offering to quarantine.

It has identified a program called DeFX095.exe as "TR/Agent.65519.2"

When I click on Avira's "Virus Information" link, it opens a panel where you can type in the named threat. When I do this - NO information is returned. How can Avira IDENTIFY something that then has no entry in their database ?

I Googled the program name and it looks like it is a Plug-In for the WinAmp music player. I think it was designed to add reverb and I think I can remember downloading it and using it SEVERAL YEARS AGO on a computer I no longer use.

I won't need to install it again so I may as well DELETE the original installer - but is it REALLY a Trojan ? Did someone find out that it was a Trojan disguised as an audio effect add-on and then blacklist it ?

Other threats it has found are within "ProCalculatem.exe" and "HoldemIndicatorSetup.exe"

These sound a bit dodgy. ProCalculatem might be an odds CALCULATOR and I imagine the latter is something to do with Poker.

Are these NOT dangerous unless I run them ? I have no intention of ever installing them.

Oh - just searched for "ProCalculatem" and it may be an "essential file".

Should I just trust Avira and let it quarantine all it has found.

It got stuck at 82.5% of the scan looking at the "Q" drive - which is Lenovo's factory recovery area. Perhaps it can't get access to that and is not supposed to.

Any knowledgable insights will be much appreciated.

Probably not the done thing to reply to your own message. I have done some hard drive searching and located all the three named files. DeFX095.exe is stored as a Win-Amp plug in and both ProCalculatem and HoldemIndicatorSetup CAME bundled with a dodgy money-making audiobook. Would it be a good idea for me to "Cancel" Avira's offer to quarantine these files and for me to DELETE the original folders that contain them and THEN run the Avira scan from scratch again ?Quote

Would it be a good idea for me to "Cancel" Avira's offer to quarantine these files and for me to DELETE the original folders that contain them and THEN run the Avira scan from scratch again ?

I suppose they are no threat at all so long as I don't run them (I never will) and there is no way they could be run without my permission.

Quote

I have another question that I don't know if it is related or not. When I boot up I get a dialog box named Content Adviser asking me if I want to use the "starthelp.exe" located on the hard drive. It's publisher is unknown. The location of it is C:\program files (x86)\privoxy\starthelp.exe. I haven't been letting it start SINCE I have no clue what it is. Is this ok and how can I keep it from popping up when I boot up?

I apologize for the delay and I really do appreciate your help and patience in this issue.

You're WELCOME. I will LOCK this thread. If you need it re-opened, please SEND me a pm.

I hope not. Thank you for all of your help. Do you think the machine is clear now and I can carry on using it as normal ? Do I tell the ESET program to remove itself ?Quote

Do you think the machine is clear now and I can carry on using it as normal ? Do I tell the ESET program to remove itself ?

Just sitting using my computer only to suddenly here the PC get a little loud! So I immediately check my task manager to find a file named mrt.exe running at 30%+ CAPACITY of my PROCESSING. Following this, I found some other FILES like svchost.exe, and another that I ended the process for.....also running after mrt.exe was finished running.

I then did a file SEARCH on my computer for mrt.exe and did find the file is windows system 32 file. However, I then find a windows prefetch file mrt.exe-1b4a8d49.pf file. The LATTER file shows as a being modified today right at the time when the computer started this. Any idea if this is a virus going on, or is this a normal modification occuring?MRT stands for Malicious removal tool and is a product of MS. It's installed with almost every OS.

Try clicking on "Visit our solution center".OK, I WENT over and clicked.
It says to choose one of several problem areas options.
I choose "Top Solutions" and here is a screenshot of the options:

I also choose "Windows" problem areas, did not know what to select.

[recovering disk space, attachment deleted by admin]Select any one of them and let it run.This is not going smooth.
I downloaded:

-Diagnose and fix Windows FIREWALL service problems automatically
-Fix security issues to protect and secure Windows automatically
-Automatically fix Windows security settings to keep your PC safe

I tried to run, but got this message:

Quote

The program encountered an error trying to contact the server.
To download a utility to troubleshoot the problem, click here.
Code 80072EE7

Is it time to call this computer finished?

No, it's just a glitch. I would suggest that you try all the sites here to see if you can find a solution to that problem. But first, please run the Farbar Service Scanner in Reply # 5 and post the log.

Farbar Service Scanner Version: 21-05-2014
Ran by Johnny Ola (administrator) on 01-06-2014 at 12:00:32
Running from "G:\"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot MODE: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

I just got a used PC, and wanted to see if everything is clear.
I have pasted the logs below:


Adware
Quote

# AdwCleaner v3.211 - Report created 28/05/2014 at 20:55:26
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Trent - HAYLEY-VAIO
# Running from : C:\Users\Trent\Downloads\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v17.0.1 (en-US)

[ File : C:\Users\hayley\AppData\Roaming\Mozilla\Firefox\Profiles\2k18ffwk.default\prefs.js ]


[ File : C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\f35rwurz.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4339 octets] - [27/05/2014 22:45:43]
AdwCleaner[R1].txt - [1050 octets] - [28/05/2014 20:54:42]
AdwCleaner[S0].txt - [4492 octets] - [27/05/2014 22:46:33]
AdwCleaner[S1].txt - [975 octets] - [28/05/2014 20:55:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1034 octets] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/28/2014
Scan Time: 9:09:44 PM
Logfile: mware.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.28.09
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Trent

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334910
Time Elapsed: 10 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious ITEMS detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Sh Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 7 Update 60
Java version out of Date!
ADOBE Flash Player 13.0.0.214
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 17.0.1 Firefox out of Date!
Google Chrome 34.0.1847.116
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````[/u]
AVG avgwdsvc.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````[/u]

I am using AVG antivirus for my computer. I want to exclude a various necessary folder , FILE or URL from relevant detection by AVG. Also set the exception for a viral file such as Trojan horse, I-Worm, Worm, W32 etc.

Can anybody TELL me How to add folder , file or URL exceptions to AVG scans?

Since I don't use AVG I cannot give you a PRECISE answer but you can probably FIND that information here.

I understand that the number of objects varies with the range of the scan - do you mean that 1 object = 1 file?

hello all,

is there a WAY to get rid of PUPS PERMANENTLY ?

thank you.One way is to DISCONNECT from the internet but that's not really an option. You can try increasing the security of your BROWSER. I USE Avira and Emisoft Antimalware and I never get them.

I am 76 and retired,with limited knowledge and use of computers.I had Microsoft Sec.Ess.AV on my desktop(XP Home).I changed this to Avast Free.Next DAY I registered in Avast Forum to post a simple question:I have a laptop(Vista Home 64 b.)and a netbook (Win 7 34 b.)and asked Forum whether I could download Avast Free on these other two computers,using the same email address and password.Next day I wanted to check if there was any answer,but I found to my amazement,that I WAS BANNED FROM ENTERING THE FORUM FOREVER!UNBELIEVABLE!I have done nothing to deserve this,I am not a cybercriminal!I called their UK tel.#,called tech support,they directed me to Customer Support.Since May 5,I have 4 different "tickets',that come automatically re the above complaint,BUT NO ANSWER AT ALL FROM AVAST and of course no solution.
Can anyone help please???It would be greatly appreciated.Of course I have not downloaded Avast on my other computers,and likely won't do it-will choose another free AV.
Thank you so much for your attention to this! Go with Avira for a no-hassles installation.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.Quote from: macko1944 on May 10, 2014, 12:58:20 PM

I am 76 and retired,with limited knowledge and use of computers.I had Microsoft Sec.Ess.AV on my desktop(XP Home).I changed this to Avast Free.Next day I registered in Avast Forum to post a simple question:I have a laptop(Vista Home 64 b.)and a netbook (Win 7 34 b.)and asked Forum whether I could download Avast Free on these other two computers,using the same email address and password.Next day I wanted to check if there was any answer,but I found to my amazement,that I WAS BANNED FROM ENTERING THE FORUM FOREVER!Unbelievable!I have done nothing to deserve this,I am not a cybercriminal!I called their UK tel.#,called tech support,they directed me to Customer Support.Since May 5,I have 4 different "tickets',that come automatically re the above complaint,BUT NO ANSWER AT ALL FROM AVAST and of course no solution.

I was recently able to get rid of a thing called "Tuvaro" through the help of SuperDave. I am very thankful to him for that. However a bug or something was LEFT behind that wasn't too much of a pain at first but is getting impossible to work around. Very frequently when I am on the internet, or using "Office" features or just "Logging off" the machine goes into a mode where it just runs indefinitely and I am unable to control it or do anything except Power off. I doesn't happen if I am playing a game or on "Skype" just when I am using Word or Excel or Internet Explorer. Thanks for reading. Appreciate any help that I can get. JIMGEEK: Thanks for your reply. Yes I am pretty well backed up. I recently had to reformat my ENTIRE OS and I thought that I had everything backed up but later found that I had lost most of my pictures [ouch]. I will check out the Seagate tools. I am hoping that I will not have to reformat again. It was shortly after I reformatted the last time that I picked up the "TUVARO" thing, what ever it was, it was causing me a lot of grief.
I removed Geek's POST. This is the malware forum and nobody should be responding other than CH staff.Ok, Jim. Let's run the usual scans and we'll see what turns up.

Please download AdwCleaner by Xplode onto your Desktop.

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.

[/URL]

If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.

[/URL]

AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.

[/URL]

AdwCleaner will now prompt you to save any open files or data as the program will NEED to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

got windows 8.1 and currently just USE AVG, should I get a firewall too? (which free version do you recommend?)

what else do I need? DO i need an anti SPYWARE program too?Windows 8 comes with its own Anti-virus and anti-spyware program called Windows Defender. If you're GOING to use AVG you will need to DISABLE Windows Defender. You can use the Windows Firewall which should already be on your computer. You would be better off USING Windows Defender.

My partners HOTMAIL account keeps sending emails to her contacts list with URLs - SPAM in other words.

This keeps happening, even though her account has NOT been hacked. Many of her contacts are work related and this is a real problem for her.

After the first occasion with my help she setup two factor authentication, and her password has never been changed without her knowledge. The emails do not appear in her sent items.

So how is it someone keeps sending emails as her, to her contacts, and how can we stop it?

Thanks allHer account has been hacked. She should change her password and make it a strong alpha/numeric password.Sorry Dave, but I think you are wrong.

She reset her password to a strong password after the first time (uppercase lowercase number special characters). How would someone hack an account that has two factor authentication? Quote from: MikhailCompo on March 30, 2014, 03:56:11 AM

Sorry Dave, but I think you are wrong.

She reset her password to a strong password after the first time (uppercase lowercase number special characters). How would someone hack an account that has two factor authentication?

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that EVERYTHING is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Microsoft SELL to SPAM hackers all of your contact lists and then SELL you the software to prevent this occurring. Recently purchased a Luma 1020 running Win8. You MUST have a Outlook Account and MUST upload all of your contacts details including email address and phone numbers. More data for Microsoft to sell. I closed my Hotmail account 5 years ago, because that is the ONLY way to prevent SPAM being sent to all your contacts as if it came from you. Got an email today from someone else's Hotmail account. BIG BILL needs the revenue streams to fund his works of supererogation.

• This thread hasn't been posted in in almost a month.
• You have absolutely no evidence for what you are claiming.

Microsoft SELL to SPAM hackers all of your contact lists and then SELL you the software to prevent this occurring.

Recently purchased a Luma 1020 running Win8. You MUST have a Outlook Account and MUST upload all of your contacts details including email address and phone numbers.

because that is the ONLY way to prevent SPAM being sent to all your contacts as if it came from you. Got an email today from someone else's Hotmail account.

BIG BILL needs the revenue streams to fund his works of supererogation.

Here's a copy of the JRT.txt file. I am working on backing up my pc before I install and run Malwarebytes' Anti-Rootkit. Again, PLEASE let me know if you think any of this information might be indicative of someone putting something on my pc to monitor my activities. Thanks!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal TOOL (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Libby on Sat 04/12/2014 at 13:49:19.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully REPAIRED: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-626533540-2267483260-4042443749-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page


~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D97887C1-33F2-4518-B157-EBD20FFDA49C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D97887C1-33F2-4518-B157-EBD20FFDA49C}

~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"

~~~ Folders

Successfully deleted: [FOLDER] "C:\Program Files (x86)\coupons"

~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1c43baf1-00c2-40a8-a09e-f84cfd79546d}
Successfully deleted the following from C:\Users\Libby\AppData\Roaming\mozilla\firefox\profiles\0t1jpq6p.default\prefs.js

user_pref("id_couponscom.variablecashedNotificatio ns", "%7B%22hxxp%3A//www.dickssportinggoods.com/home/index.jsp%22%3A%22%3CTOOLBAR%3E%5Cr%5Cn%3CSETTINGS%20scope%3D%5C%220%5C%
user_pref("id_couponscom.variables.Var1", "hxxp%3A//cdn.coupons.com/couponbar.coupons.com");
user_pref("id_couponscom.variables.Var2", "hxxp%3A//couponbar.coupons.com");
user_pref("id_couponscom.variables.Var3", "hxxp%3A//www.coupons.com/coupon-codes/");
Emptied folder: C:\Users\Libby\AppData\Roaming\mozilla\firefox\profiles\0t1jpq6p.default\minidumps [21 files]

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/12/2014 at 13:55:51.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Quote

Again, please let me know if you think any of this information might be indicative of someone putting something on my pc to monitor my activities.

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions PROVIDED on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and REPEAT the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other SYSTEM issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be CREATED and saved within that same folder.
• Copy and paste the CONTENTS of these two log files in your next reply.

Hi, my computer was good to go this morning, then for some reasons the keyboard starts becoming messed up, i tried to reboot to see if that worked however each time i rebooted,the problem still persist and become worse, now all my keys stop working ,some keys when i pressed will become something irrevalant (ex: backspace = 83j, esc=$57) and even when i did nothing, my computer would keep spamming some random characters, first it was 4444444 then 9999 then hj or even spam enter or space ) , my backspace and some numbers still worked earlier but after numerous attempt to reboots, they became messed up too.

[recovering disk space, attachment deleted by admin]Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a NEW topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
You could start with trying another keyboard on the computer. That one could be defective. Please let me know if that solves the problem.
I've never seen a MBAM log like that one. Could you please run it again.
It APPEARS that you have two AV's on your computer; Windows Defender and Symantec Endpoint Protection. One will have to be de-activated or uninstall. Only one AV and one Firewall allowed on any computer.

*********************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked TOOLBAR and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > ADVANCED > MISCELLANEOUS and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Sorry, I've been under the weather the last few days and I missed your response. Let's try a couple of things. First, try booting your computer in Safe Mode with Networking and see if you can connect. Next, try these two and see if they fix the problem.

Please download and run MS Fix-it from here.
******************************************
To Run the SFC /SCANNOW Command in Windows 7
1. Open an elevated command prompt.

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.



B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is COMPLETE, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a System Restore using a restore POINT dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



5. When DONE, close the elevated command prompt.I hope you are feeling better SD. I have tried to copy and paste the log and also attach the log but it said it was too large.
It did find a corrupted file. I did a restore point BACK one MONTH and the Wifi started working again ! That's good right..? LOLL!
Let me know if there is anything else I should do. As always THANKS ! ! ! ! !

Quote

Let me know if there is anything else I should do. As always THANKS

Hello,
With support for XP ending NEXT month and after much browsing, researching, etc. apparently the only option I have with this PC is to upgrade from XP to Windows 7.. were thinking about using Windows Easy Transfer to save files, etc.. the tutorial referred to using cds, but with the limited space on the cds, were thinking about using a flash drive.. I have ONE that is 32 GB..

LarryA flashdrive or DVD's would work. I'm sticking with XP and I forsee no problems.Hello SuperDave,
Thanks a bunch for you input!!.. smile.. I am at present backing up my files and will have the Windows 7 CD at the ready in case the WORST case scenario happens and need to update..
Again, thank you for your help!!

Larry Woller
“If there is any kindness I can show, or any good I can do to any fellow being, let me do it now, and not defer or neglect it, as I shall not pass this way again” William Penn
Retired, Independent...
Veteran, SGT, USMC (Vietnam, in country 1965-66, 12th Marine REGIMENT).
COOP/SWOP Observer (since 2001 to present), NWS, ILX, NOAA, Dept of Commerce.
Member National Preparedness Coalition (Dept of Homeland Security/FEMA).
Member (since 2005 to present) BOINC Project (University of Berkeley, Calif.); Princess Margaret Cancer Center/World Community Grid, SIMAP ( Biology, Universities of Munich and Vienna)/ [emailprotected] (Biology and Medicine, University of Karlsruhe, Germany/protein research), Docking (Scripps Institute/University of Delaware)
You were lucky to get your hands on Windows 7. They're quite scarce nowdays.Got the Windows 7 Home Premium 32 bit ordered from WalMart online...had toyed with the idea of Windows 8 but after research, this computer would be borderline as to compatibility, too new to throw away, getting a new one not an option, so opted for Windows 7..have files backed up on a Kingston 32GB flash drive (using Windows Easy Transfer and some on my own) along with Norton 360...hopefully will have all my ducks in a row should the need to upgrade happen...smile

Again, thanks for your reply and input!..

Larry WollerYou're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

I have used Panda AV on my Dell Optima running Windows (now XP) since 2007. I have decided to try Vipre instead, and had no problem loading it on my Samsung laptop with Windows 8. But when I try to run the program (from the same link) on my Dell, It is finding that I have Panda 2011 on the computer. I had uninstalled the 2013 version using Panda's uninstall program, and also did a search to find any other files associated, and deleted those, yet Vipre is still detecting the program. I also tried Cclean to try to get rid of any orphan files, but that did not clear the problem, either. I called Panda tech support and was told I would need to get a "SPECIALIST" to fully uninstall the program. Any ideas?Vipre tech support PROVIDED the following solution:
download and use this program called microsoft fixit tool to try to remove panda from the computer
you can download it from this link
http://support.microsoft.com/mats/Program_Install_and_Uninstall
Here are some instructions on running this tool:

1. Click the green Run Now button on the site linked above.
2. Run the program downloaded
3. Click the Accept button
4. Microsoft Fix It will scan the machine for Windows Install and Uninstall issues
5. Select DETECT problems and let me select the fixes to apply
6. Select Uninstalling
7. Select Panda Antivirus from the programs listed and click Next
8. Select Yes, try uninstall
9. Make sure all the Listed issues are checked and click Next
10. You will get a result status notifying you that the PROCESS succeeded.
11. Select one of the feedback options and click Next
12. Click the Close button
restart the computer

This solution worked perfectly for me! Don't forget that Windows 8 comes with it's on AV called Windows Defender. If you're going to use another AV, Windows Defender will have to be deactivated otherwise, it will CAUSE conflicts.

Hello & Thanks ,
SOMEONE is hacking into my computer using their phone .
They are coming in thru my TimeWarnerCable Router/Modem .
I notice them in Network Folder .
They keep changing their MAC address .

Is there a way to stop them ?
Is there a way to track them ?

Thanks..VmHere is some INFORMATION about routers being hacked. If you're sure it's happening through your router, you should contact the company.

Hi everyone
I have an HP PAVILLON DV6 notebook with i7-2670 processor running Win-7. Outside of the fan working quite frequently, have not had any issues until couple of months ago when BLUE screen popped up and forced a reboot. Have attached the bluescreen-text information. Realize that it has something to do with drivers but not sure how to proceed.
Thanks


[recovering disk SPACE, attachment deleted by admin]Download BlueScreenView:
http://www.nirsoft.net/utils/blue_screen_view.html
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

You may as WELL try one of the RESTORE POINT to before these problems started.

DAVE: Achh, How simple is that? It worked. I had already un-installed Firefox and Chrome so all I had to mess with was Internet Explorer. Machine is working like a charm, thank you again Question; I have purchased the Malwarebytes Pro. Is it ok to RUN that together with Avast?
I can't begin to tell you how appreciative I am for your help. Thanks JIMQuote

I have purchased the Malwarebytes Pro. Is it ok to run that together with Avast?

Right now it is working, it did take a long time to respond when I clicked on REPLY though

• Extract it to Desktop and double click SREngLdr.EXE to run it
  
• Select System Repair from the left pane.
  
• Click on File Association
  
• Select all entries that has an Error status click [Repair]
  
• Refer to this image for an example:

• In your case, it would be .EXE
• Close SREng now.

Hi All,
I have a machine, windows 7 64 bit home, that had a viruses in it. I was able to clean them out with malware bytes but it deleted the windows update service. I have scrolled down the list and its not there. I was trying to restart it so I could down LOAD the lastest updates for the machine.

Anyone KNOW of a fix for this?

Thanks
http://www.microsoft.com from here have you tried to manually INSTALL latest security updates? You should be able to re-enable auto updates in properties of my computer. If I had a Windows 7 machine in front of me, I'd point out where to get to it. If no one has responded by the time I get home from work, I will describe from my Windows 7 system. Im stuck behind Windows XP Pro right now. You might have to perform a Repair Install of 7 if the Virus really killed that service, that is if its enabled, but non FUNCTIONAL!Try running your Action Center.

I started using Do NotTrack 3 days AGO. Over the past 2 days SAS has detected 166 cookies (94 yesterday, 72 today) -- with a 'quick' SCAN. Preceding this, all of my scans were clean after a 'complete' scan.

I'm starting to think there's a correlation here

Cookies are not a bad thing. Most of the time they just help to make your connection QUICKER.

I just tried it again and it turned back on. I chose to open in safe mode... should I run aswMBR?

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

I did this and it said it found "no threats" I can't find the log anywhere, even where you specified.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
• It MAY ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• Click the Report button and copy/paste the contents of it into your next reply
  

• Download RogueKiller on the desktop
  
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

UPDATE!
I think I've found the problem.
I was occasionaly seeing werfault.exe or wermgr.exe (windows prob reporting) in the Taskmgr, so I decided to turn off Windows reporting as well as HP Assist. reporting.
For some reason I decided to unplug the external backup drive after a reboot. Suddenly, everything was fine. No slowdowns or HANGS. I plugged the ext. drive back in,
bam, problems again. Unplug and reboot, no problems!

Here's the back story. A few days back, I discovered the ext. drive which is kept on top of the computer, back behind it on the floor. It must have gotten knocked down and there's an issue with the drive. Maybe that's why I also saw MS Search Indexer running in the tskmgr. Maybe it was hanging on the bad drive?

I'm going to keep it disconnected and continue to monitor things. Is there anything I should cleanup from our scans? Assuming everything continues to run well, do you
have any suggestions as far as utilities to run on the ext. drive to see if I can salvage it? Its a Seagate backup Plus.
Dave, I really appreciate your help and I've gained some addt'l knowledge thru this process.Quote

do you
have any suggestions as far as utilities to run on the ext. drive to see if I can salvage it? Its a Seagate backup Plus.

An ONLINE friend gave me an address from which to dload his pics. I have 7zip that allows me to open RAR files. However at the site the file is LISTED as rar.exe. Is it safe to dload files with exe extensions? Will my 7zip open it?

Thanks in advanceFiles with double extensions (especially if the second one is .exe) are very SUSPICIOUS and almost always dangerous - they are INTENDED to trick you into double clicking them. Many people don't change the default Windows Explorer behaviour of hiding extensions (many people don't even know about it or understand what an extension is) and these are easy targets for malware. This online person does not SOUND like much of a 'friend'.

Sometime in the last few weeks, I've picked up some sort of Adware called "Text Enhance". It follows me everywhere on the web, REGARDLESS of whether I'm using IE, Chrome of Firefox. It makes itself known by underlining certain words in the text of a webpage. If I move your curser on to the word, the adware jumps out at me. How should I go about removing it from my system? I WOULD very much appreciate any help.

See if either of these links help:

http://answers.microsoft.com/en-us/ie/forum/ie8-windows_xp/how-can-i-remove-the-malware-text-enhance-that/654cedb8-9b9d-402e-aa30-bd8299266429

http://botcrawl.com/how-to-remove-text-enhance/Removing "Text Enhance" I found this link on the web which might be very helpful:
Removal Options:
1. Block &(or) Disable & Remove Extension
2. Disallow Third PARTY Flash Storage
3. Manual Removal
4. Anti Malware
5. Restore your computer to a date and TIME before infection.

Source: http://botcrawl.com/how-to-remove-text-enhance/

I am sorry but since the PC will not connect to the internet I cannot run an online scan

I receive an error message "no connection to the internet is currently available." work offline is the only option

Do I have to wipe this PC "clean" and start from scratch?

I reran Security Check 317 and here is the log:

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
SpywareBlaster 4.4
SUPERAntiSpyware Free Edition
CCleaner
Java(TM) 6 Update 29
Java version out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````[/u]
IObit IObit Malware Fighter IMFsrv.exe
PC TOOLS Firewall Plus FWService.exe
PC Tools Firewall Plus FirewallGUI.exe
iolo Common LIB ioloServiceManager.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]








Quote

I am sorry but since the PC will not connect to the internet I cannot run an online scan

I receive an error message "no connection to the internet is currently available." work offline is the only option

Do I have to wipe this PC "clean" and start from scratch?

• Press "Scan".
  
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

my employment takes me out of town for these next three days in which I will not have access to the infected PC.

I will be offline until Friday PM.

The PC will not connect to internet through IE8 or Firefox.

• Double click the LSPFix.exe icon on your desktop.
  
• If you had to use the alternate download...double click the "lspfix.zip" file on your desktop.
  
• Use XPs Compressed File Extraction Wizard or your own 3RD party zip file program.
• Extract the "LSPFix.exe" file to your desktop... double click to start the program.
  
• Press the "Finish... button.
  
• Now...Reboot your computer, normally, to complete the process.
  

I have used AVG Anti-Virus Free for years but the newest 2013 version no longer OFFERS Identity Protection. I want to maintain a high level of security while web surfing and paying my BILLS online. So I have decided to pay and switch to AVG Anti-Virus 2013. This antivirus program offers everything AVG Free does plus it adds identity protection, a firewall, and anti-malware capability. My question is: if I install AVG Anti-Virus 2013 with built-in anti-malware protection, can I still use Malwarebytes' AntiMalware? Or WOULD those two programs be incompatible. Any advice will be appreciated. Thank you.

jandal

I use Windows XP Pro SP3, an Intel PENTIUM 3 processor, with 1.00 GHz, 384 MB RAMInstall MBAM but only use it for the occasional scan. It's not NECESSARY to have it scanning full-time.

My computer recently became infected with the Luhe.Sirefef. No anti-virus software I have tried has WORKED. AVG said it was there, and that it removed it, but it pops again SECONDS LATER saying its there. I was wondering if anyone would be able to assist me, it would greatly be appreciated. Never mind, I have RESOLVED the issue. measures were pretty drastic, but it's no problem. All I did was delete my user account on the computer, start another admin PROFILE. Ran multiple sweeps of my system and nothing has been found.

Hi folks, hope your summer went well.

I was called to a client because they said there was a security scan that was running and it showed hundreds of viruses, problems with the hard drive and Windows vulnerabilities. I knew it was a fake and went in to do battle. I was able to remove the Babylon toolbar and the fake security program. I used Security Essentials, Malwarebytes and ESET's online scanner.

I went back because the client said that there were no programs in the start menu. That was a setting in the start menu properties.

The random music started after all of the scanning was done and the computer was restarted. It LASTS 10-30 seconds and is either English, Spanish or Chinese. It plays even if there are no browsers open. It plays even if there are no music programs open. I started up Task Manager and waited for the music to play, but it did not show up in Applications or Processes.

Now to top it off they tried to use PrintShop and the program would not start. Tried to repair from the install disk and it would not start. Uninstalled and reinstalled and still the program would not start. And the kicker is the office manager says the owner installed some $500 Adobe program and they do not see it on the computer.

The computer is in a real estate office that is very busy, I can not take the machine with me.

1. has anyone had the music problem?
2. what might cause the problem with the programs not starting even after reinstallation?
3. why did the program disappear?

Thanks for any answers.Hi there...

AdwCleaner Scan
Please download AdwCleaner by Xplode onto your Desktop.

• Double CLICK on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - N is the order number.

SuperDave: Thank you OK. I did that. It seems to have disabled my ability to open up Firefox. So I am using ie. Here is the log;
# AdwCleaner v2.001 - Logfile created 09/14/2012 at 18:14:44
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : jim - PC1
# Boot Mode : NORMAL
# Running from : C:\Documents and Settings\jim\Desktop\clean computer\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

FILE Deleted : C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\ssxm3h3j.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\DOCUME~1\jim\LOCALS~1\Temp\[emailprotected]
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\qxwqi1gg.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.RadioRage_4j.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opense[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B62e0721e-525b-4a03-ac1f-cd7839cd95be%[...]

Profile name : default
File : C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\ssxm3h3j.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.RadioRage_4j.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opense[...]
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={BEB0AF7D-1E02-4C09-9612-9B62F9CBA4FF}&[...]

-\\ Google Chrome v [UNABLE to get version]

File : C:\Documents and Settings\jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3778 octets] - [13/09/2012 18:34:02]
AdwCleaner[R2].txt - [3838 octets] - [14/09/2012 08:47:37]
AdwCleaner[S1].txt - [4246 octets] - [14/09/2012 18:14:44]

########## EOF - C:\AdwCleaner[S1].txt - [4306 octets] ##########
SuperDave: OOOPS sorry, belay that last comment. I can get firefox just fine.Any more problems?SUperDave: The machine is running much better. Except for the funny business with Office 2000, it is running very well.
Also she has to stay away from uisng Internet Explorer as her browser.
It is time for me to end my visit and return to Arizona and my own problems. So what happens from now on is her problem.
I think she is happy. Thank you once again for all your patient help. You guys are great... Keep up the good work. JIMOk, thanks. We can do some cleanup now.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

I downloaded the Eset ONLINE scanner and completed the scan. This was the only log that came up:

C:\Users\Hainstocks\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\7618c040-2098c837
Java/Exploit.CVE-2012-4681.P trojandeleted - quarantined


As for how my computer is running, well none of the icons on my desktop have come back, nor have the files that are all blank come back to normal. Seems they are till hidden or moved elsewhere. As well the file recovery program is still on the computer, however it is not trying to scan everytime the computer is turned on now. Its just listed in the program files on the start menu.

How can we get all the files and icons back in the same place they were prior to this hijacking??

• Please download Unhide by Grinler from here and save it to your desktop.
  
• Double click unhide.exe to run the tool.
  
• It will take some time to go through all your files, so please be patient.
• If this tool doesn´t fix the problem, please let me know.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
• Accept the license agreement.
• Click the Open the Misc Tools section button.
  
• Click on the Open Uninstall Manager button.
  
• Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
  Copy and paste this file in your next reply.
  

As well the file recovery program is still on the computer

My buddy SAYS his AV software will protect my machine from any virus and repair anything in the event a virus does penetrate his protection.
So I made a wager with him that he may be right, but if not, he will pay for this machine. So, what's a preferable link to click to put this issue to the test?
I'm serious, he has the $ and I'm using one of my old PC's that is worth way less than his wager.
I'll post the results - maybe on one of my other machines lol!
Thanks,
Mike Call up a computer repair shop, ask for the viruses from their quarantine and they might be nice enough to give them to you, assuming they don't care about liability. You COULD also search for programs online that promise to hack online games, those are almost a sure bet to have viruses in them.

Just make sure the computer you run them on is offline -- you don't want your computer to be used by the viruses to spread themselves or be involved in credit card fraud.. or worse.I used to have a link to a site that had an RSS feed of viruses (intentionally), but it's on my home PC. I'll look for it later.Check out this site. The files are harmless but will (or should) trip your AV software into action.

Good luck. Here it is:

http://malc0de.com/rss/

Basically each exe in those links CONTAINS malware.Going to check into those links myself for malware for testing. I use to host honeypots to snag hackers and get them to plant tools etc. Then after they have taken over a system, offline it and analyze further. I would intentionally put a system up that looked like a legit business system etc and intentionally have an exploit vulnerability on it for point of entry and let them in and infect it etc. Lots used the Black VNC exploit for easy entry. After the system is done from checking into what they did, I'd push ghost image to it off of a DVD-R and bring it back to clean running with exploit ready for the next hacker to use the same way in. Lots of EXE's were snagged thru that process, but mostly kiddie scripts, malware written by someone other than the hacker. The most COMMON TSR's were keyloggers, although I stopped servving up honeypots when someone tried to turn my honeypot into a relay point for P2P. When I SAW that, I was like ok it was fun baiting them, but its now too dangerous if my honeypot can come back and bite me.

Okay, thank-you once again for all your help.Download Windows Repair (all in one) from this site
Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:



Once that is DONE then go to Step 3 and allow it to run System File Check by clicking on Do It button:



Go to Step 4 and under "System Restore" click on Create button:



Go to Start Repairs tab and click Start button.



Please ensure that ONLY items SEEN in the image below are ticked as indicated (they're all CHECKED by default):



Click on box next to the Restart System when FINISHED. Then click on Start.Thanks for the new suggestion.

Unfortunately, I was unable to run the program. I first tried with the installer version. It installed with no errors, but then, on launching the application, a message box appeared with message 'Unexpected error'. I then tried the portable version, but the same error occurred on launching the tool. Perhaps it is reliant on a damaged windows DLL? I will schedule another check disk now, via the normal windows interface.Sorry for the delay. I'm going to try one more thing and if it doesn't work I will move this topic to The Windows 7 forum.
Please go to this site and it will instruct you how to run the Action center. It's suppose to fix a lot of problems.

Hi: I don't know how to run it in safe mode. Can you explain that to me please and I will try


DrDHere's how to get into Safe Mode.Hi Dave: I'm just about giving up here. I should say that this is a computer that I use for work. As a virtual employee it's very important to me, as you can imagine. You have been very generous with your time and patient. However,, you and I are in different time zones, I think, so it's like you tell me what to do, and I do it 12 hours later, and then you tell me the next thing, and that takes another 12 hours.

ANYWAY, I can't get the computer to go into Safe Mode. It doesn't really obey commands and stuff.

Question: I have copied all my documents and desktop stuff onto an external drive. Can I just do something like reformat or whatever else would work? Whatever has gotten into the computer is still there after all this time. And I'm ready to try something drastic to fix it.

What do you think?

Dr. DOK: So I was able to start it in Safe Mode. There is not audio. I guess that's normal for safe mode? Is there anything else I should be looking for in particular? It seems to be working at a normal speed.

Thanks. What next?

Dr. D
Quote

Can I just do something like reformat or whatever else would work? Whatever has gotten into the computer is still there after all this time. And I'm ready to try something drastic to fix it.

Hi: did you see the note that said that it works fine in safe mode? Will system recovery still be the best thing to do?

Dave: In safe mode I don't have any internet to do the things you mentioned. Outside of Safe Mode, I don't think I can actually do all of that. I'm a bit stumped.

Dr. D

Yesterday I was placing copies of some pictures into a different folder. I GOT the warning that there was one with the same name in the folder and did I want to replace it with the new one. I chose to do so. Every since then, when I open the one that was to replace the other one-the other once APPEARS! When the thumbnail is on my DESKTOP it looks correct but as soon as I open it, it is the wrong one!

I ran all my adware and malware scans. I TRIED opening it in a different program. Same trouble.

Anyone know how I can fix this??

Thank you

SIt sounds like TWO different photos had the same name and you replaced one with the other.