4832 + Interview Questions in Computer viruses and spyware in Software Page 86 InterviewSolution

4251.	Solve : Msn Photo.zip virus......PLs help?
Answer» HI evil, the cleanup!.exe free up an addition of 32mb. Here is the lastest hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:07:08 PM, on 3/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed LAUNCH.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! ANTIVIRUS - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6459 bytesThe log is clean. 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 This is a good TIME to clear your infected system restore points and establish a new clean restore point: Go to Start > All Programs > Accessories > System Tools > System Restore Select Create a restore point, and click Next. Next, go to Start > Run and type in cleanmgr Select the More options tab Next to System Restore click Clean up... This will remove all restore points except the new one you just created. Here are some great tools to help you keep from getting infected again. Spybot Search & Destroy - A safe and effective spyware scanner. * Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers AVG Anti-Spyware Free Edition - Very reliable with a high detection rate. * AVG Anti-Spyware User Manual SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware Comodo BOClean - Stops trojans and many more malicious attacks. Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. * Click here for a list of free firewalls. * Why WOULD I consider a third party firewall? * Understanding and Using Firewalls UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. * Help with Windows updates Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first PLACE? Let us know if anything else comes up.You are great!!! and you guys rock!!! Thank you evil No problem, glad it worked.

4251.

Solve : Msn Photo.zip virus......PLs help?

Answer»

HI evil, the cleanup!.exe free up an addition of 32mb.

Here is the lastest hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:08 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed LAUNCH.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! ANTIVIRUS - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6459 bytesThe log is clean.

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

This is a good TIME to clear your infected system restore points and establish a new clean restore point:

Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and click Next.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Next to System Restore click Clean up...

This will remove all restore points except the new one you just created.

Here are some great tools to help you keep from getting infected again.

Spybot Search & Destroy - A safe and effective spyware scanner.
* Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

AVG Anti-Spyware Free Edition - Very reliable with a high detection rate.
* AVG Anti-Spyware User Manual

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware

Comodo BOClean - Stops trojans and many more malicious attacks.

Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over.
* Click here for a list of free firewalls.
* Why WOULD I consider a third party firewall?
* Understanding and Using Firewalls

UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer.
* Help with Windows updates

Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first PLACE?

Let us know if anything else comes up.You are great!!! and you guys rock!!!

Thank you evil No problem, glad it worked.

4253.	Solve : WINDOWS folder in Reclying Bin??
Answer» Hello all, new here. I would say that I know QUITE a bit about computers, considering I am studying them but I am having a computer problem that I've only seen once before that for some reason I can't shake it. I now for some reason have my windows folder in the recycling BIN, with hidden files shown there is nothing inside the recycling bin, the icon shows as stuff in it. ESET Nod 32 can't find any problems, nor spybot. Any ideas? Edit: Please move this to the virus section. My fault.Welcome to the CH forum Trent. Start here and post the info required. If you SUSPECT an infection you can then go through the STEPS here.

4255.	Solve : firewall settings change after every boot. help?
Answer» for some REASON every time after i boot my vista home PREMIUM sp1 laptop after a couple of minutes of windows started, firewall and network SHARING settings change. every time i have to change it back. dunno why this is happening. appreciate any info. dunno if its related but have tis event viewer logs tat looked strange to me (among like 400 different ones in one minute -!? and even if its not related is it something ok? wat is it saying?) by the way, some time ago my computer was infected by backdoor:win32/refpron.A. supposedly it was removed. A Windows Filtering Platform filter has been changed. general tab Subject: Security ID: LOCAL SERVICE Account Name: NT AUTHORITY\LOCAL SERVICE PROCESS Information: Process ID: 1644 PROVIDER Information: ID: {decc16ca-3f33-4346-be1e-8fb4ae0f3d62} Name: Windows Firewall Change Information: Change Type: Delete Filter Information: ID: {0aa8b2a7-d8e6-4574-8b79-5389071e8fa2} Name: Port Scanning Prevention Filter Type: Boot-time Run-Time ID: 68324 Layer Information: ID: {7fb03b60-7b8d-4dfa-badd-980176fc4e12} Name: Outbound ICMP Error v6 Layer Run-Time ID: 34 Callout Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Additional Information: Weight: 18446744073709551615 Conditions: Condition ID: {632ce23b-5167-435c-86d7-e903684aa80c} Match value: No flags set Condition value: 0x00000001 Condition ID: {0c1ba1af-5765-453f-af22-a8f791ac775b} Match value: Equal to Condition value: 0x0001 Filter Action: Block --------------------------------------------------------------------- details tab + System - Provider [ Name] Microsoft-Windows-Security-Auditing [ Guid] {54849625-5478-4994-a5ba-3e3b0328c30d} EventID 5447 Version 0 Level 0 Task 13573 Opcode 0 Keywords 0x8020000000000000 - TimeCreated [ SystemTime] 2009-05-24T19:44:53.406Z EventRecordID 483055 Correlation - Execution [ ProcessID] 636 [ ThreadID] 1004 Channel Security Security - EventData ProcessId 1644 UserSid S-1-5-19 UserName NT AUTHORITY\LOCAL SERVICE ProviderKey {DECC16CA-3F33-4346-BE1E-8FB4AE0F3D62} ProviderName Windows Firewall ChangeType %%16385 FilterKey {0AA8B2A7-D8E6-4574-8B79-5389071E8FA2} FilterName Port Scanning Prevention Filter FilterType %%16386 FilterId 68324 LayerKey {7FB03B60-7B8D-4DFA-BADD-980176FC4E12} LayerName Outbound ICMP Error v6 Layer LayerId 34 Weight 18446744073709551615 Conditions Condition ID: {632ce23b-5167-435c-86d7-e903684aa80c} Match value: No flags set Condition value: 0x00000001 Condition ID: {0c1ba1af-5765-453f-af22-a8f791ac775b} Match value: Equal to Condition value: 0x0001 Action %%16389 CalloutKey {00000000-0000-0000-0000-000000000000} CalloutName - -------------------------------------------------------------------- --------------------------------------------------------------------log2 general tab A Windows Filtering Platform filter has been changed. Subject: Security ID: LOCAL SERVICE Account Name: NT AUTHORITY\LOCAL SERVICE Process Information: Process ID: 1644 Provider Information: ID: {decc16ca-3f33-4346-be1e-8fb4ae0f3d62} Name: Windows Firewall Change Information: Change Type: Delete Filter Information: ID: {0aa8b2a7-d8e6-4574-8b79-5389071e8fa2} Name: Port Scanning Prevention Filter Type: Boot-time Run-Time ID: 68324 Layer Information: ID: {7fb03b60-7b8d-4dfa-badd-980176fc4e12} Name: Outbound ICMP Error v6 Layer Run-Time ID: 34 Callout Information: ID: {00000000-0000-0000-0000-000000000000} Name: - Additional Information: Weight: 18446744073709551615 Conditions: Condition ID: {632ce23b-5167-435c-86d7-e903684aa80c} Match value: No flags set Condition value: 0x00000001 Condition ID: {0c1ba1af-5765-453f-af22-a8f791ac775b} Match value: Equal to Condition value: 0x0001 Filter Action: Block ------------------------------------------------------------------------------ details tab + System - Provider [ Name] Microsoft-Windows-Security-Auditing [ Guid] {54849625-5478-4994-a5ba-3e3b0328c30d} EventID 5447 Version 0 Level 0 Task 13573 Opcode 0 Keywords 0x8020000000000000 - TimeCreated [ SystemTime] 2009-05-24T19:44:53.406Z EventRecordID 483055 Correlation - Execution [ ProcessID] 636 [ ThreadID] 1004 Channel Security Security - EventData ProcessId 1644 UserSid S-1-5-19 UserName NT AUTHORITY\LOCAL SERVICE ProviderKey {DECC16CA-3F33-4346-BE1E-8FB4AE0F3D62} ProviderName Windows Firewall ChangeType %%16385 FilterKey {0AA8B2A7-D8E6-4574-8B79-5389071E8FA2} FilterName Port Scanning Prevention Filter FilterType %%16386 FilterId 68324 LayerKey {7FB03B60-7B8D-4DFA-BADD-980176FC4E12} LayerName Outbound ICMP Error v6 Layer LayerId 34 Weight 18446744073709551615 Conditions Condition ID: {632ce23b-5167-435c-86d7-e903684aa80c} Match value: No flags set Condition value: 0x00000001 Condition ID: {0c1ba1af-5765-453f-af22-a8f791ac775b} Match value: Equal to Condition value: 0x0001 Action %%16389 CalloutKey {00000000-0000-0000-0000-000000000000} CalloutName -

4258.	Solve : Taking charge?
Answer» HI everyone! Today I read about BOT nets, and got an idea: (Purely THEORETICAL:) Would it be possible to use an infected computer to take control over, and destroy the entire network? Would it also be possible to trace the origin of the bot NET? Thx! //RG0D SIGH

4262.	Solve : remove spyware removal, trojan rootkit?
Answer» Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.The rescue cds didn't work. But I will tell you this I was finally able to boot from my Windows cd and do a fresh INSTALL thank you guys for everything.You're welcome. It's too bad it had to come to that but some infections damage the FILES so badly that there's no other option. I will lock this thread. If you need it re-opened, PLEASE send me a PM.

4264.	Solve : McAfee app installed?
Answer» I've just installed the LATEST FOXIT Reader - this download included "McAfee Security Scan Plus", which I suppose is a virus checking program. I am a bit wary of this - I already have Avira Anti Virus, and Malwarebyte, and Super Antispyware - I don't want to have a conflicting AV program. Is the McAfee app. any good or would it be best to uninstall? Advice appreciated. Uninstall it.McAfee Security Scan Plus actively CHECKS your computer for anti-virus software, firewall protection, and web security, and threats in your OPEN applications. Thanks for replies - I'll uninstall.

4266.	Solve : Stupid Virus Removal Question?
Answer» I have to sort through some old files and DISKS for WORK... But they were downloaded from a sketchy source. If I set a System Restore POINT before I download, copy, or OPEN the suspect files... If I go back to the restore point once I'm done, will I have mitigated any damage?If you create an image or your "clean disc" with Disc Imaging software you will have no problem. System Restore only copies/restores certain files & foldersThat's what I was afraid of. Thanks. rjbYou should be using disc imaging software on a regular basis anyway. It is without question the best and most reliable means of system BACKUP and restore.You can run some scans on the disks before you do anything else.

4268.	Solve : Cannot view hidden files.?
Answer» Hi when I go into RIBBON and attempt to view hidden FILES it un-ticks itself. I have gone in file options STILL does not WORK and I have changed the regedit still not working. I had hear this may be caused by a virus so I did a system scan with bitdefender total security 2016 but the problem still persists. OS is win10.What ribbon? What exactly are we talking about?Ribbon as in the one in file explorer. ThatAre you logged in as admin?Yes I am admin. I already said I attempted to change it in the ribbon and in file explorer options.Anyone GOT any idea?Okay so seems as though no one knows then...

4269.	Solve : Question about ransomeware?
Answer» I've just listened to an item on radio about "ransomware" and the effect it has on pcs attacked by this malware. I gather that it completely locks the pc and demands are made for money to unlock. I appreciate that common sense and good av and malware protection, kept up-to-date, can help avoid problems but if your pc does GET infected what can you do yourself about it? What would be the best course of action - if the SYSTEM is locked then presumably you're stymied? There are program that you can download to a USB and use them to start up your PC. If it ever happens to your PC, you will need EXCESS to ANOTHER PC or laptop and a USB stick, preferably a 1GB one. Of course, if you only download or access reputable sites and do not click on anything for the sake of it, you'll be fine. Safe surfing works wonders. Thanks for comments. This was new to me - the radio report was the first I've heard of it and it does seem to be serious criminality.I have never seen or heard about any sort of ransomeware personally. I've only heard about it on the internet. I don't doubt it exists but there is no more to be worried about than there is in the case of malware infections which destroy everything. Very few of them are difficult to circumvent anyway. I have only heard of one that actually ENCRYPTS the data and tells the user to send money to a certain address to get the key. But iirc the perpetrators were found and are in prison.

4270.	Solve : browser redirecting to a site?
Answer» this is what happens, when i type a key word onto the address bar of google chrome.and press enter it directs me to this http://www.questbasic.com/b.cgi?bk=H8QuaD58wP9ZQYyXDXDpufl1zTeBcpDHoS4ZrDzh1DMZLDM-JCByOf4SXPJ0TtJcmKW01AKi4xS-ZKb28*yZI8OMOn6laSdo26f3lF8xeXCnnwNUkZw5qFNcA8ONrthKG1EA1Q i posted this problem on the browsers area.but they told me my pc is infected.but my esset anti virus doesnt detect any virus.this happened when i DOWNLOADED and install wamp from this site http://www.wampserver.com/en/ im using windows 7 home PREMIUM 64bit and on the OPTION my search is set to google. any one please HELP me fix thisand questbasic.exe is on my processes.and i cant end process.how to fix this??found the folder then deleted it. Do you still NEED help?

4272.	Solve : Can't Update Windows Updates?
Answer» Is there still a problem with updating?Yes. It gets to "installing NUMBER 7 of 86" then freezes.I was speaking to a friend last NIGHT who re-furbishes COMPUTERS for schools and he said for almost a month they have been having trouble downloading updates for Windows 7. He said sometimes if you leave the computer on long enough you will get the updates.I'll give it a try. I'll leave it on all night.Just to give you a update, I restarted my computer and STARTED 80 updates over again. It's been 4 hours and its still at "installing update 1 of 80". By the way, my updates are DOWNLOADED, they just don't get installed for some reasonThis appears to be a problem with your computer that, unfortunately, I cannot solve remotely. All I can suggest is that you take a look at some of the suggestions here. I upgraded to Windows 10 and up updating problems went away. Just thought I'd pass it along. I'm glad for you. Thanks for the update.

4277.	Solve : Unreal situation with ASPIRE M?
Answer» Hello, My problem with laptop acer aspire M is kinda weird. I took the comp from my gf (idk how many days she didnt shutdown it, even weeks or months) and i shutdownit then a few hours later i lunched it and computer started to work slowly. But its unreal slow, its hard to open any FILE, even cmd but SOMETIMES its like he wake up and starting work normally. I tried everything what i know. I cant just format and install windows 7 again COS theres no partition recovery and i don't have recovery disks, also theres a lot of important data. What i already discovered: - explorer.exe randomly stopping work - most ussage is dwm.exe ( i shutdown it and STILL problem) - sometimes theres icon with information "intel rst stopped working" and computer then working normally. Rst is Intel Rapid Storage Technology, i tried to shutdown it in mscofing on start but theres still problem. - temperature of ram and processor are OK (max 5-30%). - if comp working normally (1-2mins) and i open anything like chrome+youtube its like something start work in background and slow him, if i watch hd video then every few seconds my mouse frozen for a 0,5sek or something and i hear that the music in speakers crash. What i already done: -scanned by avira -scanned by malwarebytes -scanned by hijackthis (adding logs) -scanned by securitycheck (adding logs) -scanned by adwclear -used ccleaner -scanned by hdtune (adding photos cos i cant make printscrean on deadcomp) -tryied to find anything in autorunsc microsoft tool that i downloaded but shiet Please find any way to help me bros! [attachment deleted by admin to conserve space]Looks like that HDD is on it's last legs... Pull it out of there and connect it as a slave to a working PC to retrieve any important data...

4278.	Solve : Help with installing a free antivirus offline...?
Answer» I need to install an antivirus on a laptop that does not have INTERNET CONNECTION. I need to transfer this file to it via pen drive. I have tried various antiviruses like Avast, Bitdefender but these require internet connection during installation. What can I do?If it doesn't have internet connection you shouldn't need an AV. Do you intend to go on-line after the AV is installed? What OS is on that computer?Most, if not all antivirus producers make offline installers available, for EXAMPLE Avast: https://www.avast.com/download-software Bitdefender: http://www.bitdefender.co.uk/support/how-to-install-bitdefender-2015-using-the-offline-installation-kit-1330.html Eset: http://support.eset.com/kb2885/?locale=en_US Google "product name offline antivirus installer", to find others, but be aware it is safest to get these things direct from the app official website. Save offline installer to a pen drive or burn to a CD-ROM or DVD-ROM to install on offline machine. ^Yes you're RIGHT, after this starting this thread I immediately tried GOOGLING one and found Avast on FileHippo. Thanks

4282.	Solve : Malware Bytes & emergency update?
Answer» my inbox has a message about MB's. emergency update concerning a threat, & they SUGGEST new installs for protection. Is this real, or a scam ? do the suggested updates COST anything ?SOUNDS like a scam. Rule of thumb is if any E-mail gives you a link and TRIES to get you to go to it, it is a scam.

4287.	Solve : Phone call from Microsoft 2nd time??
Answer» I received a phone call today (same type of call as a couple of months ago) from someone claiming that Microsoft has been receiving several error reports from my computer. He guided me to my event viewer log to show me the errors etc. 2853 of them as you can see in the attached screen shot. Then he guided me to: https://secure.logmeinrescue.com/Customer/Code.aspx Then he asked me to enter a 6 digit code into the box and I refused, then hung the phone up. This just smells fishy to me. Could this be legit or some scammer trying to gain ACCESS to my computer? Funny thing is that I got this same type call (even from the same person I believe) a couple of months ago when I was running Windows 7. I have since upgraded to Win 10 with no problems. And if this is legit, then how do I prevent all these errors being created and sent to Microsoft? As always, thanks for any help. Mike [attachment deleted by admin to conserve space]Also my CALLER ID reports this call as being an individual (name is displayed) in 443 area code. I have the full name and number if needed.It is a scam. They know nothing about your system and they aren't Microsoft. The events are standard log MESSAGES written by MANY Windows components. The scam involves installing malware onto your system (backdoor remote-access trojans, I presume) in order to (presumably, again) get details like your bank information by looking through the data on your PC. Your phone number wouldn't be in the error reports! That's what I expected and I'm glad I didn't bite the bait. But I'm sure there are others that will. I've got this caller ID information so should I report it, and if so how / where? Thanks BC!This is a really well known scam. The callers use random dialling systems. The caller doesn't know you or your computer. There is no point in reporting it to anyone. The call centre is in India or the Philippines. Nobody will do anything.Area code 443 is from the Maryland state but it most CERTAINLY is a scam.The scammers often use caller ID spoofing so the victim sees an area code in their own country.

4276.	Solve : how do I get driver robot off my computer????
Answer» I do not KNOW who in my family put this program on our desktop (hp windows vista) but I did LOOK up what files are in it and wow takes up a lot of space, I don't know how to get it all off. I tried uninstalling it. There are so many files and some show up as windows this and that. What is this? and how can I get rid of it safely? thanks Can you SEE it in Start, All Programs. Sometimes they have their own uninstaller. It was probably loaded with some other SOFTWARE.

4279.	Solve : Help !! ReImage has taken over our PC?
Answer» Can anyone help me get this fecking ReImage MONSTER off my PC !! It has completely taken over our PC and even prevents us from talking via Skype to our son in Florida . ReImage seems to grow , very fittingly , like a CANCER !! It can't be removed using the usual route of program removal as it doesn't even seem to exist according to the PC searches . Even when I TRY finding programs to try off the HippoDownload site it ReImage somehow BLOCKS every attempt to search for a fix .... It just keeps opening LOADS of different Windows until the PC CRASHES or freezes ... Can someone please HELP and send me a PM with some advice ? https://malwaretips.com/blogs/remove-reimage-repair/Thanks . I'll give it a try but everything I try to load up or install is immediately taken over by ReImage. I have no idea how they're allowed to do this to our PCs . ... If they had a local branch office I'd be in there causing some serious restructuring of their building !Thanks, Allan. Zincubus, you may have to do the uninstall in Safe Mode.Ah ... I'll try that tomorrow if I get chance ... I tried downloading the adwCleaner program but the PC froze as I CLICKED on the link and restarted . I actually think the ReImage software has evolved and improved since the days of the advice threads I've been directed to by your fellow forum users .I've tried downloading Hitman pro and CWD CLEANER but ReImage prevents the PC from downloading / installing either /both programs by opening new windows advertising ReImage software options and then FREEZES the PC completely and then restarts the computer !!!Download them on another computer and transfer them to the infected computer.

4280.	Solve : Windows 7 virus cant find D drive?
Answer» Hi, I have a dell notebook with Windows 7 Ultimate. Its infected with a virus whic has shut down the firewall and all anti virus programs. the D drive showed 0 files/empty, but when i tried to scan the drive, it was full. The D drive is HIDDEN, now I CANT even get it to BOOT = just a black screen. I cant even get it to boot from an external drive using USB port! Help, PLEASE... Thanks! JMDid you TRY booting in Safe Mode?

4283.	Solve : Malwarebytes Restore Browser Page??
Answer» I have recently installed Malwarebytes and ran a couple of scans with it last NIGHT. It has only found two PUPs (That I qurantined) and nothing else so nothing really serious. I try to BROWSE with Firefox this morning and I recieved this page. https://www.malwarebytes.org/restorebrowser/index.html?gd=&ctid=CT3319613&octid=EB_ORIGINAL_CTID&ISID=MAD8C5E6E-38AD-43F4-8882-886428E16D57&SearchSource=55&CUI=&UM=5&UP=SP6F33A9C3-4797-4240-8BB9-45CB8480CBC0&SSPV= It tells me that I potentially have infections on my browser that has made changes to my system. It has given me instructions on manually altering them but I decided it would be better to seek advice from more experienced users here who may interpert these instructions better than me and know what to do. Is this something I should not ignore? If not, what would occur if I decide to let these potential infections in my Firefox browser stay? What other browsers do yhoou have? Do they work? Iff you install FireFox again, it should save your settings.I have no other browsers on this PC. I do have a laptop that has both Firefox and Google Chrome but I do not use that one as much as this PC. Do you reccomend uninstalling and then a re-install? Since you posted in our malware forum I suggest you ignore advice from anyone except Super Dave, our malware specialist.Ok. Should I PM him?No, you should wait until he responds.You can EITHER FOLLOW the advice or uninstall and re-install FF. It was just a warning that the infections may have altered the settings in FF.Ok thanks.Let me know if you have more problems.

4284.	Solve : Please help me clean my daughters laptop?
Answer» You're welcome. I will LOCK this THREAD. If you NEED it re-opened, PLEASE send me a pm.

4285.	Solve : Free Virus Protection.?
Answer» Dell desktop PC running Windows 8.1 with malwarebytes. My free Mcafee virus protection is about to run out, has anyone got a link to a decent free virus protection. Many THANKS.Windows 8.1 comes with its own AV called Windows Defender. Just uninstall McAfee and enable WD and you're good to go.Cheers for speedy reply, all done and SORTED, is there any other protection worth downloading to run along side it or should that be ok. Thanks,You can INSTALL MalwareBytes from here. There is a free trial period which enables MBAM to ACTIVELY scan your computer full-time. After the trial period is over you will need to scan your computer periodically.

4288.	Solve : Infection damaged functionality of internet?
Answer» So I believe I cleared it all out because the internet is the only issue so maybe the damage was left over. I can only RUN the internet on the Tor BROWSER now. When I tried mini TOOLBOX it says this "the procedure entry point DnsGetPolicyTableInfo could not be located in the dynamic link library C:/Windows/SYSTEM32/NETIOHLP.DLL" "the procedure entry point DNSResolverOp could not be located in the dynamic link library C:\Windows\SysWOW64\ipconfig.exe" I tried disabling the connection and reenabling it. I also tried reinstalling the NETWORK drivers. I want to avoid refreshing/reseting my computer if I can..partly to be more an advanced user as I'm always LOOKING to learn new things on the computer and also because it's a complete pain to reinstall everything What was your initial problem?

4289.	Solve : zone alarm software not compatible with Vista Home Basic ??
Answer» Zone Alarm SECURITY suite works on my XP PC right now, but will not work with my Vista PC even if it says Vista ready. Does that mean that I NEED to upgrade to Home Premium or ULTIMATE Vista maybe ? I talked to ZA. support they said to DOWNLOAD their lasted updated version which I did , but got the same results. I all ready bought this second archive ZA. version, so it would be great to get it run like my other XP ZA version running now If you can't get it to work on Vista you could always download and install MicroSoft Security Essentials ( below) It's free and very good. It's all I use on all my computers. MicroSoft Security Essentials All versions and all LANGUAGES.

4292.	Solve : Online Shopping Trouble?
Answer» I have been having problems with ONLINE shopping. The last TWO orders I placed never arrived at the mail. After that I got a totally random audio message telling me to call the phone number provided and not to shop online until I did. This was while visiting a PORNOGRAPHY website.You could try calling the number but do not GIVE them any personal information. If it is legit they should already have all the information. You should also contact the company where you placed your purchases and INQUIRE about your orders.

4293.	Solve : Cannot enter to some websites?
Answer» I cannot enter to some websites except FACEBOOK and Google websites etc. But it normal when I using internet with my other DEVICES in same 4G wifi router. Do you think that it is a malware issue? PPZ help me to fix this.Your post is not clear. 1) Are you saying you can ONLY get into Facebook and Google? 2) What do you mean by "other devices"? 3) What happens when you try other sites? 4) Have you tried another browser? 5) What is new or different since the last time everything worked properly (ie, new hw, new sw, virus, error, etc)? You need to provide as much INFORMATION as possible before we can offer intelligent assistance.

Explore topic-wise InterviewSolutions in .

Solve : Msn Photo.zip virus......PLs help?

Solve : New Virus?

Solve : WINDOWS folder in Reclying Bin??

Solve : hijackthis?

Solve : firewall settings change after every boot. help?

Solve : Need help removing invisible virus files?

Solve : Possible Virus Infection on Laptop?

Solve : Taking charge?

Solve : Norton Anti-Virus2011?

Solve : Question about AVG Free 2012??

Solve : Google redirrection virus?

Solve : remove spyware removal, trojan rootkit?

Solve : relevant knowledge is back 3rd time?

Solve : McAfee app installed?

Solve : IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe?

Solve : Stupid Virus Removal Question?

Solve : whitesmoke toolbar virus trouble?

Solve : Cannot view hidden files.?

Solve : Question about ransomeware?

Solve : browser redirecting to a site?

Solve : Sony VAIO Shut Down Today...Help?

Solve : Can't Update Windows Updates?

Solve : Question - Scan a HDD as an external drive??

Solve : Windows Infected... Trojan.Sharpro Nvidia??

Solve : 'Your computer is not protected!'?

Solve : how do I get driver robot off my computer????

Solve : Unreal situation with ASPIRE M?

Solve : Help with installing a free antivirus offline...?

Solve : Help !! ReImage has taken over our PC?

Solve : Windows 7 virus cant find D drive?

Solve : Too many file threats?

Solve : Malware Bytes & emergency update?

Solve : Malwarebytes Restore Browser Page??

Solve : Please help me clean my daughters laptop?

Solve : Free Virus Protection.?

Solve : Help with RCA Apollo?

Solve : Phone call from Microsoft 2nd time??

Solve : Infection damaged functionality of internet?

Solve : zone alarm software not compatible with Vista Home Basic ??

Solve : Seems as though Firefox is now being targeted by phishers?

Solve : IE webrep loader?

Solve : Online Shopping Trouble?

Solve : Cannot enter to some websites?

Solve : Files ending in .enc?

Solve : Forgive me for "bumping my thread, but: I lost track of Allan?

Solve : Is windows live mail dead??

Solve : How to dissociate an already-hacked computer from your real identity..??

Solve : Cannot get rid of pop-up?

Solve : Got a problem in my folder that i cant open?

Solve : no connection?

4294.	Solve : Files ending in .enc?
Answer» The problem now is - I am in the middle of a newsletter done on publisher 2003, if I try to open it in publisher 2010 it is not up to DATE - in fact none of my 2003 newsletter will open now it is not installed. Hmmm. What to do - the newsletter is DUE to go out today or tomorrow Ok, good luck with that.Strange things happen, after I re-installed M/Soft Professional 2003, I then re-installed it, and all the problems vanished. The one thing that bugs me, is I can't EASILY find M/S Outlook Publisher 2003. By searching, it is in c: ProgramData-Microsoft-Windows-Start Menu- Programs-0Microsoft Office - Publisher 2003 - but once I shut the search - I can't find it anywhere - ProgramData is not shown for some reason. When I try to open the newsletter, it automatically opens in 2010 Publisher, but tells me to browse for what I want - and that's when I cant find the above thread (c: ProgramData-Microsoft-Windows-Start Menu- Programs-0Microsoft Office - Publisher 2003) If you could please tell me how to locate it to make it my preferred program, I would be very grateful. Other than that, consider the thread CLOSED, and many thanks for your help. (DAVE)Is it not in All Programs?Thanks, I've found a way around it now, longer, from All Programs. Can you close this thread now and thanks again for your help.You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

4295.	Solve : Forgive me for "bumping my thread, but: I lost track of Allan?
Answer» I wanted to tell Allan just how wonderful his help was. My computer is running like new and my printer is working again. I know I am suppose to post this on the 'end' of my THREAD ; but I can't find it... So THANKS ALLAN I feel almost so grateful I thought of SENDING money; almost... And the teck that I got when I called abouit Malware Bytes, said I should THROW my puter out... THANKS again, Ivan CopasFor the future with help finding a thread, click the PROFILE link. Under your profile picture you will see Show POSTS. The newest post is at the top.All I did was point you in the right direction, but you're welcome.

4299.	Solve : Got a problem in my folder that i cant open?
Answer» C:\ProgramData is always closing everytime i open it, i thing its a kind of VIRUS, anyone knows how to remove it? i cant open regedit and task manager too.And everytime i PUT the word ProgramData or programdata in anywhere like browser, NOTEPAD, mword etc, it always closed, like the word ProgramData and Task Manager is BLOCK in my pcOh its fine now, thanks, i just restart my pc, thanks, already thank you in that Thank Geek-9pm button hehe, thanks ^_^