• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.

Rocket Grannie

Administrators
  • Content count

    7,454
  • Joined

  • Last visited

About Rocket Grannie

  • Rank
    SWI Australian Rebel
  • Birthday

Contact Methods

  • Website URL
    http://rocketgrannie.spywareinfoforum.org/

Profile Information

  • Gender
    Female
  • Location
    Australia

Recent Profile Visitors

41,157 profile views
  1. Instructions for posting requested logs Welcome to the SpywareInfo (SWI) Forums. We specialize in removing malware from people's computers. Please read this entire post carefully before doing anything else and follow all guidelines. Pay particular attention to the instructions in bold. Following our directions helps us to help you. Please keep in mind that all of the helpers are volunteers doing this for free in their spare time. We are human beings with jobs, families, and other lives. We also come from many different time zones around the world, and are not always synchronized with your schedule. Please be patient. -------------------------------------------------------------------------------------------------------------------- Preparation before posting Please download and install the free program Malwarebytes' Anti-Malware. Follow the directions here to run a complete system scan with Malwarebytes' Anti-Malware and please post the report from the scan! We will want to see it.Next: FRST Please download Farbar Recovery Scan Tool and save it to your Desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Press Scan button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste log back here. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach it to your reply. Next: Security Analysis Please download Security Analysis by Rocket Grannie Save it to your Desktop. Close your security software to avoid potential conflicts. Double click RGSA.exe Click OK on the copyright-disclaimer It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere. Please copy and paste the contents of that log in your topic. Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk. Please copy/paste all logs into your post unless specifically asked to attach one. Note: You might also run one or two other scans while you are waiting for a helper to take a look at your logs. The more information we have, the better we can diagnose your problem. If so, please run one or two of the following: ESET online virus scan BitDefender online virus scan Trend Micro-House Call online virus scan F-Secure online virus scan and post the logs from the scans for us to see. Follow the guidelines below to compose your post in the forums, then copy and paste the entire FRST.txt log - the Malwarebytes' Anti-Malware log - SALog.txt log, along with any other logs from the scans above for us to see. When you post your logs, please do not edit them. That specifically includes the top of the log including version information. WE NEED THAT INFORMATION! Please copy and paste the logs directly into your post. Do not put them in a CODE or QUOTE box since that makes them much harder to read. Use Add Reply to post your logs. If you run out of room in one post, please just continue with another. ------------------------------------------------------------ Forum and posting guidelines Please describe your problem in as much detail as possible. The more specific you are, the better we can diagnose the problem. Do you have popups? If so, where are they from? What do they say? Are they advertising a particular product? Has your browser been hijacked? If so, to what URL? Does your antivirus detect an infected file? If so, what file, and what is the infection detected? Is your system sluggish? Is there a particular process using a lot of the CPU? If so, what is it? Does your firewall give alerts about a process trying to access the internet? If so, what is it? Have you already tried certain steps to fix your problem? If so, what have you tried? Please also mention that you have read this FAQ and followed the directions, or else someone is likely to ask you to come back here. The title of your thread should briefly describe your problem. Please be patient. We receive hundreds of requests for help every day and try to answer the older ones first. Our helpers are volunteers and are not online 24 hours per day. If you have not received a response after three days, post a reply to the topic Not Getting Help with your Log?. Please be respectful. This is a family-friendly forum, and shouting insults or obscenities at our helpers will not get you help any faster. Please do not 'bump' your post with empty replies. It won't get help any faster as we go by time of first post. If you want to add information to your post then do add a new reply. Please post only in your own thread; do not post your log file in a thread started by someone else, even if you are having the same problem as the original poster. This is confusing, and will only delay both of you receiving help.When following up with your topic after a helper has responded, please use the button to reply. Please do NOT start a new topic. Please also do NOT use the button. Duplicate topics will be deleted. Please do not send personal messages (PMs) to any of the helpers. We will not answer PMs containing logs or questions. Please post questions in the open forum instead. Finally, once you have fixed your problem, PLEASE POST BACK SAYING SO. We like to hear that a problem has been solved! --- and we move resolved topics to the "Resolved or Inactive" forum.-------------------------------------------------------------------------------------------------------------------- Thank you in advance for following these guidelines --- doing so helps us to help you more accurately and efficiently. We hope you will find SWI a friendly and helpful environment. If you have any questions feel free to ask. If you have not yet registered, please do so here: Create Account Then click the button below to begin your post: Start New Topic -------------------------------------------------------------------------------------------------------------------- Please subscribe to your topic so that you are notified when you receive a reply. See this thread for more information about subscriptions and notification. DO NOT USE THE "Subscribe to this forum" LINK ON ANY SUBFORUM HERE! You will begin receiving several hundred emails a day if you do.Please do not post your email address anywhere in the forums without first obscuring it by replacing @ and . with [at] and {.dot.} or something similar. Spambots may search these boards looking for email addresses.If you do not believe you are infected, but just want to check for anything suspicious or ask about slow performance, post your logs in the PC Troubleshooting forum instead.If you are interested in becoming a helper here, see The Boot Camp Here.Please read the pinned threads at the top of each of the subforums, and also familiarize yourself with the SWI Search at the top of the page: . Many common questions are already answered somewhere in the forums.
  2. Glad we could help. If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  3. Due to the lack of feedback this Topic is closed. If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  4. Glad we could help. If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  5. Glad we could help. If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  6. Glad we could help. If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  7. Glad we could help. If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  8. Hello bpete67 It appears that you have a hard drive problem. Please see below for steps to test for failing hardware http://www.makeuseof.com/tag/how-to-test-your-pc-for-failing-hardware/ Rocket Grannie
  9. Hello bpete67 If the freezing still only occurs when you are using Chrome then please uninstall it and see if that fixes it. To completely remove Chrome: Please download and install Revo Uninstaller (Freeware) from here. Run Revo Uninstaller and select Google Chrome Click Uninstall icon and follow the prompts When finished choose Advanced and delete all highlighted Registry items, folders and files listed by Revo and reboot your computer when the Revo Uninstaller is finished. Have you recently changed anything on the computer? Does it freeze in Safe Mode? To reboot into Safe Mode Restart your computer, and just before Windows begins to load, please tap F8, then highlight Safe Mode on the list and press Enter Rocket Grannie
  10. Since the issue appears to be resolved this Topic is closed. Reopened at the request of the owner.
  11. Hello bpete67 You're good to go. If the computer should start to freeze up again I suggest you remove Google Chrome and reinstall it. For windows Live you can export e-mails and contacts. To help keep malware off your system: Keep Windows updated at Windows Update or Microsoft Update. Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others. Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available at http://www.javacools...m/products.html I recommend reading Tony Klein's article So How did I get Infected in the First Place? Safe surfing Rocket Grannie
  12. Hello bpete67 Well done! Your logs appear to be clean. Now some tidying up. A number of your programs are out of date and out of date programs contain vulnerabilities and can lead to more infections. Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities. You can manually check your present version and update as recommended https://java.com/en/download/ Be careful not to install malware posing as Java update! Important read this blog. http://blog.trendmic...java-0-day-fix/ Once you have installed the newest version, please remove the old version using Programs and Features in Control Panel. Thunderbird is out of date. Please go here and update it to the latest version. Windows Live Essentials is out of date Please remove all the old versions. Please go https://support.microsoft.com/en-us/help/17779/download-windows-essentials Scroll down and install the program for your Windows version. Select from the list the programs you want to install. Download DelFix (by Xplode) and save it to your Desktop. Close all running programs and start delfix.exe. Make sure that all available options are checked. Click on Run DelFix should remove all our tools and delete itself afterwards. I don't need to see the log file. Any further problems? Rocket Grannie
  13. Hello bpete67 Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps. Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy. Paste this into the open Notepad. Start CreateRestorePoint: CloseProcesses: EmptyTemp: HKLM-x32\...\Run: [] => [X] CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKU\S-1-5-21-1611290313-1242176260-2634870398-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie FF user.js: detected! => C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\g0jwgcjv.default\user.js [2013-02-23] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1611290313-1242176260-2634870398-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File Task: {F080C1E9-0CF0-47F4-A5C4-364B5F2CEC22} - System32\Tasks\DSite => C:\Users\Home\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION End Save the files as fixlist.txt in to the same folder as FRST64 Run FRST64 and click Fix only once and wait. When finished FRST64 will generate a log on the Desktop (fixlog.txt). Please post it to your reply. NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. Please scan your computer with ESET Online Scanner. Click on this link to open ESET Online Scanner in a new window.Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop. Close all your programs and browsers. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use. Check mark Download latest version of ESET Online Scanner and click the Accept button. Click Yes to accept any security warnings that may appear. Under Computer scan settings, check mark Enable detection of potentially unwanted applications. Then click Advanced settings and check mark the following options: Enable detection of potentially unsafe applications Clean threats automatically Click the Scan button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, click List Threats. Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Click the Back button. Click the Finish button. Note: If nothing is found, it will not produce a log. Please re-enable your antivirus program. Your AdwCleaner log was cut off, please post the complete log. Please post the contents of fixlog.txt and the ESET log (if it produced one). How is the computer running now? Rocket Grannie
  14. Hello bpete67. Welcome to SWI. You have Spybot installed. I suggest you remove it as it will conflict with your other antivirus program. Also, it is considered to be ineffectual. Please see here and here for reviews. Your MBAM log is imcomplete. Please open MBAM - click History - click Application Logs - highlight the top Scan Log and click Export Copy to Clipboard and post it back here. Please also post the contents of Addition.txt that was created by Farbar Recovery Scan Tool (FRST). It should be on the Desktop. Please download AdwCleaner by Xplode and save it to your Desktop. Close all open programs and internet browsers. Right click on the AdwCleaner icon and chose Run as administrator. Click Yes to accept any security warnings that may appear. Click I Agree on the disclaimer to accept the Terms of Use. Click the Scan button to start the scan and wait for the process to complete. Click the Logfile button and the report will open in Notepad. NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner. Click on the Clean button and follow the prompts. A log file will automatically open after the scan has finished and the PC has rebooted. Please post the content of that log file in your next reply. You can find the log file at C:\AdwCleaner[sn].txt (n is a number). Rocket Grannie
  15. Glad we could help. If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.