Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Mouse moving and opening files out of my control

This is a discussion on Mouse moving and opening files out of my control within the Resolved HJT Threads forums, part of the Tech Support Forum category. Firstly I would like to say I tried to run the dds scan, but it's not working. It say's dds


 
 
Thread Tools Search this Thread
Old 09-27-2016, 10:40 PM   #1
Registered Member
 
Join Date: Mar 2011
Location: Vancouver, Canada
Posts: 28
OS: windows vista



Firstly I would like to say I tried to run the dds scan, but it's not working. It say's dds not meant to be run in compatabilty mode when I try to install it, google didn't help me figure out what to do here.

I am running window 8.1 and have a wirelsee mouse, Logitech M310, Lenovo Y510P laptop.

I've had two incident now where my mouse started moving uncontrably, the first one happened late at night a few weeks ago while i was doing stuff on my computer and suddenly my mouse wandered off and opened my budgeting spreadsheet and started cliicking on things in there, it felt like someone was messing with me and trying to show me they know how much money I have, pretty creepy, I ran some spybot software and malware bytes when they happened and they said I was all good, so I didn't know what to think and moved on. I just reformated my computer a week or two before this happened, mostly because I wasn't too happy with how it was running and I wanted a fresh start.

The incident happned again tonight, I wasn't home and my girlfriend was using my computer and she said the mouse started moving around trying to close the apps she had running, she got scared and shut down the computer manually.

The other thing to mention is that my mouse pointer turns green sometimes since I reformatted my computer a few weeks ago, I have no idea why, when I try to change it in the settings it tells me I am already using the defauly white settings, and I can't get it to tchange back, it just does so randomly.

Please help!! Thanks!!
afaubert is offline  
Sponsored Links
Advertisement
 
Old 09-30-2016, 02:47 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-01-2016, 12:48 AM   #3
Registered Member
 
Join Date: Mar 2011
Location: Vancouver, Canada
Posts: 28
OS: windows vista



Hello Chemist,

Thanks for getting back to me, I appreciate it

Couple things to note since my last post. Today, my antivirus told me pokki was infected and quarintined the program (I think). My start menu (home button) disapeared after that happened, I then downloaded classic shell so I could have a start menu again, I then restarted my computer and this app showed up on my desktop called "homegroup". I immediately went in to my programs to try and uninstall "homegroup" but no such program exists.

Here are the logs;

# AdwCleaner v6.020 - Logfile created 01/10/2016 at 00:34:55
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-30.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Alex - IDEA-PC
# Running from : C:\Users\Alex\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Alex\AppData\Local\SweetLabs App Platform
[-] Folder deleted: C:\Users\Alex\AppData\LocalLow\pandasecuritytb
[-] Folder deleted: C:\ProgramData\pokki
[#] Folder deleted on reboot: C:\ProgramData\Pokki
[#] Folder deleted on reboot: C:\ProgramData\Application Data\pokki
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Pokki
[-] Folder deleted: C:\Program Files (x86)\pandasecuritytb
[-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
[#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki


***** [ Files ] *****

[-] File deleted: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PC App Store.lnk
[-] File deleted: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_8c0fb60d03e3ff6fd84a1ee0ac970f06a99b8304
[-] Key deleted: HKU\S-1-5-21-2586994315-2367697403-3552760162-1002\Software\Classes\pokki
[#] Key deleted on reboot: HKCU\Software\Classes\pokki
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\pokki
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
[-] Key deleted: HKU\S-1-5-21-2586994315-2367697403-3552760162-1002\Software\SweetLabs App Platform
[-] Key deleted: HKU\S-1-5-21-2586994315-2367697403-3552760162-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Key deleted on reboot: HKCU\Software\SweetLabs App Platform
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Key deleted on reboot: [x64] HKCU\Software\SweetLabs App Platform
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key deleted: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Directory\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Drive\shell\pokki
[-] Key deleted: HKCU\Software\Classes\lnkfile\shell\pokki


***** [ Web browsers ] *****

[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://search.conduit.com/?ctid=CT3309350&octid=EB_ORIGINAL_CTID&SearchSource=61&CUI=UN10181448731745441&UM=2&UP=SP2BE7913A-B23F-4171-A810-6A4AF4687103


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3492 Bytes] - [01/10/2016 00:34:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [3497 Bytes] - [01/10/2016 00:33:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3638 Bytes] ##########
Attached Files
File Type: txt Addition.txt (24.6 KB, 74 views)
afaubert is offline  
Sponsored Links
Advertisement
 
Old 10-01-2016, 12:51 AM   #4
Registered Member
 
Join Date: Mar 2011
Location: Vancouver, Canada
Posts: 28
OS: windows vista



It says the FRST.txt file is too long to post. I'm going to attach it here.

Let me know if any issues.
Attached Files
File Type: txt FRST.txt (138.0 KB, 75 views)
afaubert is offline  
Old 10-01-2016, 03:10 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello afaubert.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...backup-restore

------------------------------------------------------

Quote:
Running from C:\Users\Alex\Downloads
Please note that tools are best Run from the Desktop. Save to the Desktop and then Run from the Desktop.

Easier to find and perform specialized functions which may be required. Thanks.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {5C38AF96-8A1E-4082-BC3A-8AB2BDD3E64E} - \{E82271C9-BAA2-469A-828F-BADEE79D51DB} -> No File <==== ATTENTION
    Task: {954E8BE3-7943-469B-96FE-974673BA3520} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
    Task: {96A49E8E-61BC-4132-AC04-F89F31F39B4C} - \UMonitor Task -> No File <==== ATTENTION
    Task: {C30B153A-9BBA-4839-9845-9D71B50A6F40} - \User_Feed_Synchronization-{6150347D-D6EC-43A1-B88B-6E721872A1B5} -> No File <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-2586994315-2367697403-3552760162-1002 -> DefaultScope {84F6F669-B6FF-4BD3-81EB-920D0387B947} URL = 
    BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File
    Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
    FF Extension: (Avira Browser Safety) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\CFaCjhWY.default\Extensions\[email protected] [2016-09-10]
    FF Extension: (Avira SafeSearch Plus) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\CFaCjhWY.default\Extensions\[email protected] [2016-09-10]
    CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3309350&octid=EB_ORIGINAL_CTID&SearchSource=61&CUI=UN10181448731745441&UM=2&UP=SP2BE7913A-B23F-4171-A810-6A4AF4687103
    CHR StartupUrls: Default -> "hxxps://webstart-page.com/?s=lenovo&m=start&brw=ch"
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
    2016-09-18 14:43 - 2016-09-18 15:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-09-18 14:43 - 2016-09-18 15:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-09-18 14:43 - 2016-09-18 14:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2016-09-18 14:40 - 2016-09-18 14:41 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Alex\Downloads\spybot-2.4.exe
    Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /f
    Reg: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /t REG_MULTI_SZ /d autocheck autochk * /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-01-2016, 08:41 PM   #6
Registered Member
 
Join Date: Mar 2011
Location: Vancouver, Canada
Posts: 28
OS: windows vista



Hello Chemist,

I think I followed the instructions successfully. Here is the log;

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016
Ran by Alex (01-10-2016 20:33:11) Run:1
Running from C:\Users\Alex\Desktop
Loaded Profiles: UpdatusUser & Alex (Available Profiles: UpdatusUser & Alex)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {5C38AF96-8A1E-4082-BC3A-8AB2BDD3E64E} - \{E82271C9-BAA2-469A-828F-BADEE79D51DB} -> No File <==== ATTENTION
Task: {954E8BE3-7943-469B-96FE-974673BA3520} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {96A49E8E-61BC-4132-AC04-F89F31F39B4C} - \UMonitor Task -> No File <==== ATTENTION
Task: {C30B153A-9BBA-4839-9845-9D71B50A6F40} - \User_Feed_Synchronization-{6150347D-D6EC-43A1-B88B-6E721872A1B5} -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2586994315-2367697403-3552760162-1002 -> DefaultScope {84F6F669-B6FF-4BD3-81EB-920D0387B947} URL =
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
FF Extension: (Avira Browser Safety) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\CFaCjhWY.default\Extensions\[email protected] [2016-09-10]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\CFaCjhWY.default\Extensions\[email protected] [2016-09-10]
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3309350&octid=EB_ORIGINAL_CTID&SearchSource=61&CUI=UN10181448731745441&UM=2&UP=SP2BE7913A-B23F-4171-A810-6A4AF4687103
CHR StartupUrls: Default -> "hxxps://webstart-page.com/?s=lenovo&m=start&brw=ch"
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
2016-09-18 14:43 - 2016-09-18 15:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-18 14:43 - 2016-09-18 15:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-18 14:43 - 2016-09-18 14:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-09-18 14:40 - 2016-09-18 14:41 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Alex\Downloads\spybot-2.4.exe
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /f
Reg: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /t REG_MULTI_SZ /d autocheck autochk * /f
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C38AF96-8A1E-4082-BC3A-8AB2BDD3E64E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C38AF96-8A1E-4082-BC3A-8AB2BDD3E64E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E82271C9-BAA2-469A-828F-BADEE79D51DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{954E8BE3-7943-469B-96FE-974673BA3520}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{954E8BE3-7943-469B-96FE-974673BA3520}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{96A49E8E-61BC-4132-AC04-F89F31F39B4C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96A49E8E-61BC-4132-AC04-F89F31F39B4C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UMonitor Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C30B153A-9BBA-4839-9845-9D71B50A6F40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C30B153A-9BBA-4839-9845-9D71B50A6F40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{6150347D-D6EC-43A1-B88B-6E721872A1B5}" => key removed successfully
HKU\S-1-5-21-2586994315-2367697403-3552760162-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => key removed successfully
"HKCR\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => value removed successfully
HKCR\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => key not found.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\CFaCjhWY.default\Extensions\[email protected] => moved successfully
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\CFaCjhWY.default\Extensions\[email protected] => path removed successfully
FF Extension: (Avira Browser Safety) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\CFaCjhWY.default\Extensions\[email protected] [2016-09-10] => not found
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\CFaCjhWY.default\Extensions\[email protected] => moved successfully
FF Extension: (Avira SafeSearch Plus) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\CFaCjhWY.default\Extensions\[email protected] [2016-09-10] => not found
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp" => key removed successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\WINDOWS\System32\Tasks\Safer-Networking => moved successfully
C:\Users\Alex\Downloads\spybot-2.4.exe => moved successfully

========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /t REG_MULTI_SZ /d autocheck autochk * /f =========

ERROR: Invalid syntax.
Type "REG ADD /?" for usage.


========= End of Reg: =========


=========== EmptyTemp: ==========

BITS transfer queue => 25165824 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13268606 B
Java, Flash, Steam htmlcache => 610 B
Windows/system/drivers => 3499171 B
Edge => 0 B
Chrome => 750755055 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 486282 B
NetworkService => 0 B
UpdatusUser => 0 B
Alex => 389655908 B

RecycleBin => 832962 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:33:23 ====
afaubert is offline  
Old 10-01-2016, 11:46 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, afaubert. Any improvement in behavior?

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-02-2016, 01:14 AM   #8
Registered Member
 
Join Date: Mar 2011
Location: Vancouver, Canada
Posts: 28
OS: windows vista



Hello Chemist,

The computer seems to be running well. The cursor hasn't randomly become green, which was happening pretty regularly before hand, haven't noticed anything unusual, and the machine seems to be running faster and smoother.

Appreciate your advice regrading utorrent, a lot of my enjoyment from my computer comes from the services it provides, but I do understand it is not fair to come back here for help if I get another virus from sketchy p2p programs, I also understand it puts me at risk considering I do a bit of important personal stuff on the computer, I'll give it some thought, thanks!

Here are the logs;

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-10-02
Scan Time: 12:03 AM
Logfile: scanlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.02.03
Rootkit Database: v2016.09.26.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alex

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349346
Time Elapsed: 4 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

C:\AdwCleaner\quarantine\files\vmmehdddsclgzkpatnvhxmoxlbxhyuyv\pandasecurityDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\AdwCleaner\quarantine\files\vmmehdddsclgzkpatnvhxmoxlbxhyuyv\pandasecurityDx64.dll a variant of Win64/Toolbar.Visicom.A potentially unwanted application
C:\AdwCleaner\quarantine\files\vmmehdddsclgzkpatnvhxmoxlbxhyuyv\pandasecuritytb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\AdwCleaner\quarantine\files\vmmehdddsclgzkpatnvhxmoxlbxhyuyv\ToolbarCleaner.exe a variant of Win32/Toolbar.Visicom.E potentially unwanted application
C:\AdwCleaner\quarantine\files\vmmehdddsclgzkpatnvhxmoxlbxhyuyv\uninstall.exe a variant of Win32/Toolbar.Visicom.E potentially unwanted application
C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringc.dll a variant of Win64/NetFilter.A potentially unsafe application
C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringd.sys a variant of Win64/NetFilter.A potentially unsafe application
C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win64/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application,a variant of Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A potentially unsafe application
F:\Reformat Sept 09 2016\movies\Microsoft Office 2013 Professional Plus.[Full]\Microsoft Office 2013 Professional Plus [Full].iso multiple threats,a variant of MSIL/HackKMS.G potentially unsafe application,a variant of Win32/Virut.NCS virus
afaubert is offline  
Old 10-02-2016, 11:02 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, afaubert. Why do you have a crack for MS Office on your machine?

Downloaded using torrents, no doubt? Notice the type of infection that crack has:

Quote:
F:\Reformat Sept 09 2016\movies\Microsoft Office 2013 Professional Plus.[Full]\Microsoft Office 2013 Professional Plus [Full].iso multiple threats,a variant of MSIL/HackKMS.G potentially unsafe application,a variant of Win32/Virut.NCS virus
This is one of the most malicious type of infections you can get:

miekiemoes' Blog: Virut and other File infectors - Throwing in the Towel?

------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-02-2016, 01:10 PM   #10
Registered Member
 
Join Date: Mar 2011
Location: Vancouver, Canada
Posts: 28
OS: windows vista



Hello Chemist,

Thanks for posting that link regarding virut, a good eye opening read, gives me a better idea of the type of dangers that are out there and helps me better understand the risks of using p2p programs.

CKScanner only came up with this;

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.USNAVZ
----- EOF -----
afaubert is offline  
Old 10-03-2016, 11:17 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, afaubert. You're welcome. You still didn't answer my question.

------------------------------------------------------

Most of the ESET finds are already quarantined by AdwCleaner. Except for the Office crack, the others appear to be false positives as they belong to Panda.

Make sure your external F:\ drive is connected.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "F:\Reformat Sept 09 2016\movies\Microsoft Office 2013 Professional Plus.[Full]"

A DOS window will open and close again, this is normal.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Reg: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk *" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-03-2016, 06:02 PM   #12
Registered Member
 
Join Date: Mar 2011
Location: Vancouver, Canada
Posts: 28
OS: windows vista



Hello Chemist,

Sorry for not responding to your questions, I had interpreted as more of a rhetorical question, allow me to provide an explanation here.

I had downloaded it some time ago (via torrents yes) back when I was a student, I have been packing it around on my harddrive through a couple reformats, I dont remember the last time I tried to install it on my computer, it is currently not installed, and I do not distribute it, and of course now I would really like to get it out of my machine.

I realize you are probably not fond on providing this service to people who meddle in torrenting cracked software, I imagine you do not want to enable this by keeping our computers clean when we run into trouble. I can say that I have learnt a good lesson through this process and plan on staying away from torrents, I think what you guys do is really cool and I would appreciate it if you stick it out with me and help get my machine clean.
afaubert is offline  
Old 10-03-2016, 06:03 PM   #13
Registered Member
 
Join Date: Mar 2011
Location: Vancouver, Canada
Posts: 28
OS: windows vista



One thing to note, when I fired up my computer this evening, my mouse cursor was green once again, after following your instrucitons and rebooting the mouse cursor is white again.

Here is the log from the FRST fix;

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-10-2016
Ran by Alex (03-10-2016 17:51:46) Run:2
Running from C:\Users\Alex\Desktop
Loaded Profiles: UpdatusUser & Alex (Available Profiles: UpdatusUser & Alex)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Reg: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk *" /f
EmptyTemp:
end
*****************

Restore point was successfully created.

========= reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute /t REG_MULTI_SZ /d "autocheck autochk *" /f =========

The operation completed successfully.



========= End of Reg: =========


=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6360777 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 10671 B
Edge => 0 B
Chrome => 512761581 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6578 B
NetworkService => 0 B
UpdatusUser => 0 B
Alex => 1192839 B

RecycleBin => 0 B
EmptyTemp: => 508.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:52:01 ====
afaubert is offline  
Old 10-03-2016, 07:46 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, afaubert. I'm not sure if the green cursor problem is malware related.

Reboot and see if it turns green again. If not, use the machine for another day or so, and see if it turns green again.

If it does, can you post a pic of it?

If it does, please run FRST64.exe again and post/attach the FRST.txt/Addition.txt logs as before. Thanks.

Make sure you tick the Addition.txt box before clicking 'Scan'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-03-2016, 11:15 PM   #15
Registered Member
 
Join Date: Mar 2011
Location: Vancouver, Canada
Posts: 28
OS: windows vista



Okay, so the computer went to sleep while I was out and when I got back home the mouse was indeed green, I've attached a photo of the green mouse and I did do some troubleshooting, here is what I found out.

If I reboot my computer, mouse is white every time, if the computer falls asleep, mouse seems to turn green 75% of the time. My main monitor is my TV, so I checked the actual laptop screen and the mouse was white on the laptop screen and simultaneously green on the TV.

Attached are the logs and photos;
Attached Thumbnails
Click image for larger version

Name:	IMG_0017.JPG
Views:	96
Size:	117.4 KB
ID:	293825  
Attached Files
File Type: txt FRST.txt (138.3 KB, 67 views)
File Type: txt Addition.txt (25.9 KB, 71 views)
afaubert is offline  
Old 10-04-2016, 08:39 PM   #16
Registered Member
 
Join Date: Mar 2011
Location: Vancouver, Canada
Posts: 28
OS: windows vista



My mouse cursor was moving again on its own tonight. It only moves around for about 10 seconds, moves over here, click this click that, zoom in. There really isnt enough time to do any trouble shooting when it happens (like turn off the wifi, or unplug the mouse). What do you think it could be if not malware? Another wireless mouse in the building interfering, or something to do with my touch pad is my guess.
afaubert is offline  
Old 10-04-2016, 09:05 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, afaubert. If the cursor is only green on your TV, malware isn't the culprit.

We don't have a dedicated forum for monitors, but when we are done here, I suggest you seek help in our Other Hardware Support Forum

Let them know you were here first and were cleared of malware.

------------------------------------------------------

It appears some Chrome entries returned since the first FRST fix. Did you change anything since then in Chrome?

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3309350&octid=EB_ORIGINAL_CTID&SearchSource=61&CUI=UN10181448731745441&UM=2&UP=SP2BE7913A-B23F-4171-A810-6A4AF4687103
    CHR StartupUrls: Default -> "hxxps://webstart-page.com/?s=lenovo&m=start&brw=ch"
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

-----------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-04-2016, 10:55 PM   #18
Registered Member
 
Join Date: Mar 2011
Location: Vancouver, Canada
Posts: 28
OS: windows vista



Hi Chemist,

Nope, I definitely didn't change anything in chrome during this process. I haven't been doing anything on my computer other than routine use and following your instructions.

Here is the fixlog;

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by Alex (04-10-2016 22:47:35) Run:3
Running from C:\Users\Alex\Desktop
Loaded Profiles: UpdatusUser & Alex (Available Profiles: UpdatusUser & Alex)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3309350&octid=EB_ORIGINAL_CTID&SearchSource=61&CUI=UN10181448731745441&UM=2&UP=SP2BE7913A-B23F-4171-A810-6A4AF4687103
CHR StartupUrls: Default -> "hxxps://webstart-page.com/?s=lenovo&m=start&brw=ch"
EmptyTemp:
end
*****************

Restore point was successfully created.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 16777216 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8454332 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1601744 B
Edge => 0 B
Chrome => 494209776 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5756 B
NetworkService => 0 B
UpdatusUser => 0 B
Alex => 2895391 B

RecycleBin => 0 B
EmptyTemp: => 499.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:47:45 ====
afaubert is offline  
Old 10-05-2016, 11:52 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, afaubert. Please run FRST64.exe again and post the FRST.txt log as before. Thanks.

I don't need to see the Addition.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-05-2016, 05:44 PM   #20
Registered Member
 
Join Date: Mar 2011
Location: Vancouver, Canada
Posts: 28
OS: windows vista



Hello Chemist,

I have attached the FRST txt log.

One thing to note, when I started up my computer today I received a warning that my computer is low on memory and I need to clear memory in order to ensure programs run properly. Seems a bit strange, I am pretty sure my computer is not low on memory.
Attached Files
File Type: txt FRST.txt (138.3 KB, 30 views)
afaubert is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
ASUS TP550LA - Screen flickering when on battery after Win 8.1 to Win 10 upgrade
Hello, Thank you in advance for any ideas you can throw my way. I've been scouring Google in my spare time for a couple weeks without any success. I bought an ASUS TP550LA last year for my girlfriend to use for school. It came with Windows 8 home basic (64-bit) and worked properly using...
Dubz Driver Support 8 01-03-2016 11:11 AM
Suspected malware disabled Keyboard and Trackpad
Hi, 2 months ago, my home laptop got infected with a nasty little piece of malware. I could not login to windows (neither regular nor safe mode), since both the keyboard and the trackpad were disabled. Keyboard worked fine on Bios menu, but was somehow disabled when Windows booted. An IT guy...
roy.fokker Virus/Trojan/Spyware Help 18 07-16-2015 01:59 PM
How can one prevent errors when moving files?
I was trying to organize my files on my Windows 7 service pack 1 PC. I tried to move my "users" folder, but when I tried to move it, the "moving" window came up but the folders weren't moved. When I tried to cancel, it wouldn't work, so I stopped the attempted move with the task manager. I also...
Kythirith Windows 7 , Windows Vista Support 4 10-18-2014 11:02 AM
Folder Lock files hidden (i know i know its not a good system!)
Hi guys A newbie on this forum, long time lurker and have found it very useful to date :-) I know folderlock seems to get a lot of talk on here and I have tried to find a solution reading old threads. I am hoping someone can help -and seriously I really think either I am dumb or my problem is so...
bill91817 Security and Firewalls 7 05-12-2013 07:18 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:10 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts