LibFrame.dll problem

November 24, 2014, 2:02 pm

≫ Next: Help Please!!

≪ Previous: Annoying pop up

$

0

0

viva,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
ProShield (Could be listed as "Acer ProShield" or "ProshieldTSR")
McAfee Security Scan Plus
Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Fix with OTL
Right click OTL on your desktop, and choose "Run as administrator" to open it.

• In the Custom Scans/Fixes box at the bottom of OTL, highlight, copy, and paste in ALL the following lines from the Code box (Do not include the word "Code"):
  
  Code:

  ---

  :Commands
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - [2014/04/09 15:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2011/06/05 00:15:42 | 000,195,120 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files\Acer ProShield\x86\EgisService.exe -- (EgisTec Service)
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm213^S09356^za&si=CLazzsy6g74CFTHItAodYxUAwQ&ptb=716B C68D-EDA4-4BE1-B22D-D6C8C3EEB691&ind=2014042811&n=780bdabb&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2143668272-1343592271-1051593242-1000\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm213^S09356^za&si=CLazzsy6g74CFTHItAodYxUAwQ&ptb=716B C68D-EDA4-4BE1-B22D-D6C8C3EEB691&ind=2014042811&n=780bdabb&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2143668272-1343592271-1051593242-1000\..\SearchScopes\{CC69BE04-DC1F-4401-99A9-4CDA5EAF5A91}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files\Acer ProShield\FFExt [2012/01/19 20:12:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}: C:\Program Files\Acer ProShield\FFExt20 [2012/01/19 20:12:57 | 000,000,000 | ---D | M]
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (EgisPBIE Sign-in Helper) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files\Acer ProShield\x86\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ProShieldTSR] C:\Program Files\Acer ProShield\EgisTSR.exe (Egis Technology Inc. )
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{492B6F13-B76D-4370-B07D-5F12FD73D36D}" =-
"{A382A63F-44CF-4041-A173-251D94D4B4B4}" =-
"TCP Query User{E03E775A-8639-4318-8A0F-D293745F2E4A}C:\program files (x86)\bittorrent sync\btsync.exe" =-
"UDP Query User{479FD2C1-21B8-45AA-80FF-FF3F87AD0DDB}C:\program files (x86)\bittorrent sync\btsync.exe" =-

:Files
C:\Program Files\McAfee Security Scan
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
C:\Program Files\McAfee Security Scan
C:\ProgramData\McAfee Security Scan
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
C:\Users\Johan Swanepoel\AppData\Roaming\BitTorrent
C:\Users\Johan Swanepoel\AppData\Roaming\BitTorrent Sync
C:\Users\Johan Swanepoel\AppData\Roaming\MAGIX
C:\Program Files\Acer ProShield
ipconfig /flushdns /c

:Commands
[emptyjava]
[emptyflash]
[EMPTYTEMP]

  ---

• Then click the Run Fix button at the top. DO NOT CLICK Run Scan
• Let the program run unhindered, and click to allow the Reboot when it is done.
  When the computer Reboots, and you start your usual account, a Notepad text file will appear.
• That is the FIX log file. Copy the contents of that file and post it in your next reply.
  It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.

Let me know how it goes.
askey127

---

Help Please!!

November 24, 2014, 4:24 pm

≫ Next: browsers slow

≪ Previous: LibFrame.dll problem

$

0

0

I have a virus on my computer and can't get rid of it. I have scanned with AVG, Malwarebytes, and I have tried to scan with Spybot, but I cant get it to finish. I have run the scans in safe mode, as well as normal...and they don't find anything. Currently, my computer is all but useless in normal mode....freezes, hangs, can't get anything to open. I am at a loss. If anyone can help I would appreciate it.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 Pro with Media Center, 64 bit
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 12270 Mb
Graphics Card: AMD Radeon HD 5670, 1024 Mb
Hard Drives: C: Total - 941285 MB, Free - 247821 MB; E: Total - 476937 MB, Free - 4307 MB;
Motherboard: Dell Inc., 0Y2MRG
Antivirus: AVG AntiVirus Free Edition 2015, Disabled

browsers slow

November 24, 2014, 4:47 pm

≫ Next: Laptop = Paperweight

≪ Previous: Help Please!!

$

0

0

Well, when you downloaded it, where did you put it?
It may be in your ...\downloads folder.

Laptop = Paperweight

November 24, 2014, 9:43 pm

≫ Next: adfocus.us aliexpress.com POP UP Problem!

≪ Previous: browsers slow

$

0

0

Unfortunately, I am unable to get my laptop past opening Chrome, so I am unable to download TSG SysInfo to give you a log. I was trying to do some recon on my Toshiba Satellite L855. It had started acting erratic a few months back, so I ran Malwarebytes and Windows Defender, but neither came up with anything that looked suspicious. I was still having issues with it, but I didn't really need to use it this semester, so I put it to the side for when I had time to try to work on it. Looking through the files under Control Panel/Programs, I came across a file called SavingsBullFilter. I tried to run uninstall, but was unable to have it removed from my files. I managed to come across a file in my Temp folder called InstallFilter64 and Isp2 that seem linked to SavingsBullFilter as the download/date modified are the same.

I have read several ways to remove SavingsBullFilter/InstallFilter64, but they all involve downloading programs that my laptop will not allow me to do.

Please help!!!!!!

adfocus.us aliexpress.com POP UP Problem!

November 25, 2014, 7:27 am

≫ Next: Win 7 Freezes, No Malware, Posted HijackThis Log

≪ Previous: Laptop = Paperweight

$

0

0

Hey guys..... since 2 days i have this adfocus pop up almost on 90% site links i click and it just opens up instead of the site i clicked..its gettin almost impossible to use the internet. Im having a hard time just posting this questions because everything i click here on techguy opens adfocus.us

And now the best...i formatted my pc yesterday because of this everything deleted and boom i come back install chrome to open some sites and there it goes adfocus still popin up.............Hardreseted my modem...installed different malware programs adwcleaner, malwarebytes programs,tdsskiller, antivirus adblock no results..
happens only in chrome..

ive attached a screenshot how it looks

WHAT can i do about it i lost all my nerves...almost impossible to use the internet.

Attached Images

Untitled.png (211.9 KB)

Win 7 Freezes, No Malware, Posted HijackThis Log

November 25, 2014, 9:25 am

≫ Next: malware popup on 1 website plus slowness sometimes

≪ Previous: adfocus.us aliexpress.com POP UP Problem!

$

0

0

Contrary to the administrator's post, my OS (Win 7; 64bit) continued to run, albiet with some continued crashes and screen freezes as before.

Further searching on the internet found an insidious hidden bit of malware or bad software called "PureHD" under the trade name of "Ulead". It either downloads surreptitiously with updates to Corel PaintShopPhoto Pro or possibly with Adobe Active X. I'm not sure. But others have noted that it causes conflicts and issues, so I looked for it on my HD.

Using the file/folder search, there were NO files or folders containing the names "PureHD" or "Ulead", however when I did a search of my registry (Run>>"regedit"), my registry was LOADED WITH lines of code containing these words. I've not been timid about editing and deleting stuff from my registry before and this was no exception since I was about to PUNT and reformat to "out-of-box" condition, which would mean about a day's work of reinstalling software and files.

Using the "regedit" "Find" feature (Edit>>Find), I searched first for "PureHD" (no quotes) and found around 60 or so entries. To make the task easier, I used 3 fingers: one on DELETE, one on ENTER and one on F3 key (that advances to the next item (DELETE, ENTER, F3...over and over). As I said, there were about 60 or so lines I deleted...it took forever. I then re-searched for the same "PureHD" to make sure I didn't miss any, and found a few that were missed. Next, I searched for "Ulead" and found even more, maybe 100. In fact in some places there were 40 consecutive lines containing "Ulead" so to save time, I highlighted the first entry then went to the last entry line and keyed "Shift+left mouse" to highlight the group, then DELETE, and continued the search.

In the "Find" window before starting your search, make sure "Keys, Values, and Data" are checked but NOT "Match whole string only".

Since this regedit several days ago, I am not getting ANY freezes BSoD, or "kaleidoscope" looking screens from any of my computer usage including internet videos, which were the tripwire for the problem. I"m not sure what "PureHD" was intended for, and don't care. I think it was to "help" display HD graphics on the monitor, but am not certain. Anyway, the problem seems to be solved FINALLY, without a reformat and even with deleting the "missing files" using "HyjackThis" as posted previously.

My HD and/or processor fan are not SCREAMING as before and I'm smiling!!

I'd be interested in hearing from anyone else with similar issues with this.

Cheers,
4eric

malware popup on 1 website plus slowness sometimes

November 25, 2014, 1:35 pm

≫ Next: Browser adware I can't get rid of.

≪ Previous: Win 7 Freezes, No Malware, Posted HijackThis Log

$

0

0

My issue is I get an error and popup from Avast saying that the page on qualtrics is harmful. I do paid survey's using qualtrics. The other issue is sometimes my computer bogs down and gets very slow, but I think that is from taking screenshots and pasting them into paint. I go into task manager and end processes on anything to do with Catalyst Control Center. I also have many scripts installed on firefox / chrome (actually deleted from chrome today) that has to do with the work I do online.

I scanned (full system) with Avast and malwarebytes last night. There were some 'locked' files that malwarebytes couldn't scan. They were under a hidden file on Drive C that had to do with installing flashplayer.

I personally think it's just an issue with the qualrics website because it doesn't happen all the time but you never know...

It happened just now so:
Avast warning: http://imgur.com/BYtRMeU,0ljaQ6Q#0

Waited a minute and could use it after that...

My Log:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Sempron(tm) 140 Processor, AMD64 Family 16 Model 6 Stepping 2
Processor Count: 1
RAM: 1790 Mb
Graphics Card: ATI Radeon HD 4200, 256 Mb
Hard Drives: C: Total - 293485 MB, Free - 219902 MB;
Motherboard: Dell Inc., 04GJJT
Antivirus: avast! Antivirus, Updated and Enabled

Browser adware I can't get rid of.

November 25, 2014, 3:25 pm

≫ Next: Can't connect to certain websites on my pc (virus-aftermath)

≪ Previous: malware popup on 1 website plus slowness sometimes

$

0

0

Welcome. :)

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:

• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Launch and Update Malwarebytes Antimalware.

• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Scan Now".
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click on Quanrantee All,.
• When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
• Upon restart, launch Malwarebytes Antimalware and select History.
• Double click on the last scan done, then on Copy to Clipboard.
• Right click on your next reply and select Paste.
• Submit your reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

---

Can't connect to certain websites on my pc (virus-aftermath)

November 25, 2014, 4:09 pm

≫ Next: Internet Explorer cannot display the website issue

≪ Previous: Browser adware I can't get rid of.

$

0

0

Hello DeathMau5,

Welcome to TSG.

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

Internet Explorer cannot display the website issue

November 25, 2014, 5:29 pm

≫ Next: Chrome is overrun with ads

≪ Previous: Can't connect to certain websites on my pc (virus-aftermath)

$

0

0

No problem and same to you. :)

Chrome is overrun with ads

November 25, 2014, 6:37 pm

≫ Next: Need help for dell latitude

≪ Previous: Internet Explorer cannot display the website issue

$

0

0

I knew I was in trouble when I jumped from Kmart's website to porn.


Buynsave, other ads popping up, words that send you to other pages when the cursor glides over...Chrome is virtually unusable. I thought my troubles would be solved when I found Buynsave in my installed programs and uninstalled it. Hardly.


Here's my info:


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 8174 Mb
Graphics Card: AMD Radeon HD 6450, 1024 Mb
Hard Drives: C: Total - 935589 MB, Free - 846557 MB;
Motherboard: Dell Inc., 0GDG8Y
Antivirus: Microsoft Security Essentials, Updated and Enabled


What to do next?


--Ellen

Need help for dell latitude

November 25, 2014, 10:02 pm

≫ Next: Stalling internet connection

≪ Previous: Chrome is overrun with ads

$

0

0

about an hour ago my computer screen just froze and these vertical dotted lines appeared all over the screen. Now I can only start the computer in safe mode and i need an easy fix. ive already tried a system restore but the blue lines appears on my desktop again.

Stalling internet connection

November 26, 2014, 6:15 am

≫ Next: Chrome opening multiple windows and multiple ads

≪ Previous: Need help for dell latitude

$

0

0

Stalling internet connection


Dell 4600 desktop. XPS3


I’m hoping someone can help with a problem I’ve had with a windows xp machine for over a year now. My internet connection just stalls and I can’t load any pages for a few minutes and then it just starts again. My ISP says I’m not disconnecting from the internet and I get no notification of wires unplugged or reduced internet speed. I’ve tried a new ethernet adapter, different browsers, resetting the TCP stack, removed anti virus software and firewalls, and it still happens sometimes 3 times a day sometime 30 times a day. Anyone got any ideas?...I have noticed if I disable and then enable the internet connection it clears the fault until it reappears sometime later. I've posted below the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:52:57, on 26/11/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Blaze Media Pro\NMSAccess32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKCU\..\Run: [replay_telecorder_skype] C:\Program Files\Replay Telecorder for Skype\replay_telecorder_skype.exe /start_context sys_auto
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1220945662-152049171-682003330-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x081b -f video -m logitech -d 13.51.823.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x081b -f video -m logitech -d 13.51.823.0 (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.dell.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1270035855640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1344190590328
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

--
End of file - 11330 bytes

Chrome opening multiple windows and multiple ads

November 26, 2014, 7:59 pm

≫ Next: Popup Hacked by Syrian Army

≪ Previous: Stalling internet connection

$

0

0

Please help. My computer has been taken over. Multiple windows are opening, redirecting me to other sites and I am getting multiple pop up ads, including ads from snipsmart.

Here is my information:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 2, 32 bit
Processor: Intel Celeron processor, x86 Family 6 Model 22 Stepping 1
Processor Count: 1
RAM: 1015 Mb
Graphics Card: Intel(R) 82945G Express Chipset Family, 128 Mb
Hard Drives: C: Total - 147330 MB, Free - 125534 MB; D: Total - 5284 MB, Free - 1838 MB;
Motherboard: ELITEGROUP, 945GCT-M3
Antivirus: None

Popup Hacked by Syrian Army

November 27, 2014, 7:19 am

≫ Next: Neighbours Laptop

≪ Previous: Chrome opening multiple windows and multiple ads

$

0

0

Hi,

I was browsing online on the Benjamin Moore site when I received a popup that my computer has been hacked by the Syrian Army and their logo also popped up. I can't seem to get anywhere since then. I ran a scan and no threats showed up. I am not sure what to do next. I don't see the pop up anymore but I pages are still stalling..

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 8
RAM: 4055 Mb
Graphics Card: NVIDIA GeForce 310, 512 Mb
Hard Drives: C: Total - 704491 MB, Free - 339456 MB; K: Total - 476268 MB, Free - 65544 MB;
Motherboard: Dell Inc., 0T568R
Antivirus: PC Matic Super Shield, Updated and Enabled

---

Neighbours Laptop

November 27, 2014, 2:50 pm

≫ Next: Samsung All-in-One PC Needs Help

≪ Previous: Popup Hacked by Syrian Army

$

0

0

I've been able to resolve the problem.It was a sector on the hard drive.boot manager was missing .Replaced hard drive and installed new o/s .

Samsung All-in-One PC Needs Help

November 27, 2014, 8:19 pm

≫ Next: adfoc.us redirect virus

≪ Previous: Neighbours Laptop

$

0

0

Hi all,


I am writing regarding a PC that belongs to my niece and nephew. I came to visit for the Thanksgiving holiday and they wanted me to look at their PC. It had gobs of malware (I ran Malwarebytes Antimalware and Spyware Blaster 5.0). It had Avast antivirus installed; however, it hadn't been updated in over a year. There were numerous programs such as Optimizer, PC Speed Pro, etc. that the above programs found and cleaned. The browser is extremely slow and performance in general is terrible.


Windows Updated performed an auto update to 8.1. Here is the info from TSG SysInfo:


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i3-3220T CPU @ 2.80GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 6032 Mb
Graphics Card: Intel(R) HD Graphics, -1984 Mb
Hard Drives: C: Total - 452094 MB, Free - 393331 MB;
Motherboard: SAMSUNG ELECTRONICS CO., LTD., DP500A2D-A01UB
Antivirus: Windows Defender, Disabled


I was told that Avast Antivirus uninstalled itself, after a game was downloaded. I tried to install AVG antivirus but received an error (see attached file).


At this point, I'm uncertain what to do. I'm not terribly familiar with Windows 8 and wanted to ask for help before proceeding any further.


Thank you.........Shonda

Attached Images

avg.JPG (39.1 KB)

adfoc.us redirect virus

November 28, 2014, 2:08 pm

≫ Next: Pro PC Cleaner...cant remove

≪ Previous: Samsung All-in-One PC Needs Help

$

0

0

Something must be interfering with Combofix. Turn Off all your security programs, close all windows and try again.

Remember to allow the application to run unhindered. Do not click on anything while it is running.

Pro PC Cleaner...cant remove

November 28, 2014, 5:18 pm

≫ Next: Edeals Adds

≪ Previous: adfoc.us redirect virus

$

0

0

Congratulations.

We need to remove the tools we've used during cleaning your machine

1. Download Delfix from here
2. Ensure Remove disinfection tools is ticked
   Also tick:
   
   • Create registry backup
   • Purge system restore
   
   
3. Click Run

Manually remove all other tools used.

Here are some suggestions.

1. Always keep your JAVA updated. Older versions will make your computer vulnerable.
   
2. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
3. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes!

Edeals Adds

November 29, 2014, 12:38 am

≫ Next: GeniusBox error message

≪ Previous: Pro PC Cleaner...cant remove

$

0

0

Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted


NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.




Then tell us if the problems still carry on or if they are cured
Which browser are the ads appearing in