Posts by PhilliePhan

I had tried this but it doesn't show up in my programs list, neither version does, sorry I should have said this before.

It shows in your DDS Attach log:
iTunes
Java(TM) 6 Update 15
Junk Mail filter update

Any trouble installing the updated version?

it is in the programs file....

No worries - we can deal with that. Did you try to delete it in Safe Mode?
We can just remove the associated reg keys and then pull it out - hopefully with no problems...

it's very long so I am attaching it, if you'd prefer that I paste it let me know.
It gave me an error when I ran the second one for Grisoft

Attaching is fine - actually preferable in this case.
Please try again for "Grisoft" - Let me know if any trouble.

I haven't used word lately and have only been typing online, but yes, in Firefox too now . . . . Maybe it is a keyboard issue? I can live with it, it's just frustrating and I wanted to make sure it wasn't related to anything we've been working to resolve.

Honestly, these types of problems are rarely (directly) due to malware. Sometimes they are a resulting annoyance due to system instability after a malware infestation - but that is rare.

Usually it is a keyboard/mouse or driver issue.
Are you able to try a different keyboard?

If you want to use …

what is the best way to delete the older versions of Java?

Just go into Add / Remove Programs and remove to old one - I think I saw only one old version.

It still came up and said that AVG was running, not sure what to do about that, I still have a file but it doesn't come up if I try to uninstall it.

What file?

Download Bill James’ RegSrch

Extract it to your Desktop and DoubleClick regsrch.vbs
-- if your AV has script blocking, you’ll need to allow this to run
When the dialog box opens, type AVG and Click OK.
-- Then, run it again and search for Grisoft.

-- You’ll need to save the logs that popup in Wordpad and then submit them for me.

Everything seems to be running pretty smoothly except that I still have the typing issue when typing on-line.

So, it's just online?
Does the problem occur in both Firefox and IE now?

Just in case we are done or about done, this is me http://puddleofcrumbs.blogspot.com/ in case you change your mind about a Christmas card or graphic.

I think we are about done - I'd like to take a whack at that AVG remnant and see if we can deduce the typing issue, though.

-- Wow, those look great! I especially like the penguin.
What sort of …

thank you as always, and I totally understand:) what do you think about the new 1TB Seagate? Is it worth it, if it's big enough I can supposedly use it as a scratch disk for my drawing programs. I actually priced the one you posted this weekend and was trying to decide between it and the larger one.

I have never had a problem with Seagate - have five of them and three are at least 5 years old and still as good as new.....
Haven't looked too much at the big drives, though, so I couldn't say about the TB.....

-- I think as far as protection goes, you ought to be OK with Avira as your AV. Just keep it updated.

I imagine Windows Defender is onboard, so that will give some "real-time" protection.

If you keep your SpybotSD updated and use the "immunize" feature, that will help. An alternative would be SpywareBlaster.

Keep your MBAM on hand for "on demand" scanning, as needed. Be sure to update it before scanning.

I would also suggest a decent Firewall - ZoneAlarm has an easy learning curve and is OK.
Comodo might be a better choice, but if you don't want their AV as well, you have to de-select it at install.
Or, you could remove Avira and go with the complete Comodo Suite.
Whatever you want to do.

Also, you should update your …

So I made the system freeze up. . . . .as I said this was most likely my fault, I should know better, I was trying to push her beyond her limits I think...

I think you are right - probably pushing a bit hard + Vista needs a good deal of RAM.

I think I need to get a new external hard drive, just in case, that way if I have to wipe it I don't have to rely on disks and my zip drive. Do you have any recommendations?

I am partial to Seagate (and Newegg, for that matter):
Seagate FreeAgent Desk 640GB USB 2.0 Silver External Hard Drive

Let me go over your thread and see what we need to add/update or remove in the way of security apps, etc...
I am taking on some extra work before the holidays, so posting will be spotty - please bear with me....

PP:)

only a couple of strange things now is that I keep having to reinstall programs. I try to open a program and it comes up and says this is only for an installed program.

That's odd - can you give me the exact error message? Definitely need to see that before I can make any suggestions.

On the plus side, those other logs look good, so I think you are OK as far as malware goes.
Not sure about the system instability - that can be chalked up to any number of things, not the least being the malware and all of the (powerful) tools we have run during the course of this process.

Let me know about the error messages - I'd like to get that sorted before we start adding and removing any programs.

PP:)

That is good news indeed! And, a very generous thank-you offer to boot!
Generally, I am happy if people "pay it forward" and do a good turn for somebody else in need. I figure that eventually it'll work its way back to me :)

I'd like to run a couple more tools to check for lingering malware and then we can move on to making sure everything is updated and put some additional protective measure in place.

-- Please Update your MBAM (update tab) and then run the Full Scan and have it remove all it finds.
Post the log for me.

-- Then, please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
-- If you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:
- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)

-- Then, click the Scan Button
Allow the scan as long as it needs and then click the save button and name the log GMER – 1.log and save it to where you can …

it is here :)

Finally! LOL! Lovin' that Vista!

See if you are able to install Adobe now - hopefully that will complete OK and then we can look at security again.

Typical busy Fall weekend upcoming - will check in as time permits.

PP:)

I don't have any credit card info on this computer. Thanks for the links I will look them over tonight. So, all that said... Back to the issue at hand.

AllRightyThen - On we go!

Let's try again to set up that reg key and see what happens:

Open another elevated command prompt and Copy&Paste

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS" /v "Installed" /d "1" /f
and hit ENTER

Then, Copy&Paste

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS" /ve /f
and hit ENTER

You should get a confirmation/success message each time. Then, open registry editor and drill down and verify the MSFS key truly exists.

With any luck, that will work :)
PP

So now someone has hacked my computer and has gotten all of my information, including my social, which I don't use online so I don't understand that one, and set up all kinds of accounts that charge my phone bill. This may be a completely separate issue but now I have no idea what to do. They are using my email address to do this apparently. Sorry to throw this at you too, but any idea as to what I do to stop it? Do I have to wipe the whole system or can I just change my passwords? :(

That's terrible!

Are you sure you've been hacked? There are a lot of ways to steal identities and defraud people these days....

That said, you did have traces of rootkit activity on your computer when you first posted. The steps crunchie had you perform removed those traces, but I don't think either of us dug any deeper than that. It is quite possible that you could have had a rootkitted trojan on your machine that compromised your information. It could well have been removed before you posted here. Honestly, I didn't think the logs were that bad - 'Course, baddies could have been well hidden.

-- The way you describe it, I am less inclined to think you were hacked. I mean, billing your phone bill? Why not credit card(s)?
And, I imagine your email is given out all over the place. . . .
…

thank you :)

OK - I was a bit sloppy with that batch file, but not enough to cause that error.
Let's have another go at it:

-- Download the attached FixPerms.zip to your Desktop and Extract the FixPerms Folder from the ZIP to the Desktop.

Then, open an Elevated Command Prompt
At the prompt, Copy&Paste:
"%userprofile%\desktop\FixPerms\RunThis.cmd"
and hit ENTER

Let it run for as long as it takes. A log ought to pop up. Please attach that for me.

PP:)

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#### PERMISSIONS AFTER FIX ####

it was in the correct file, and only took a minute to run?

Let me rewrite it - something's hinky.

Will post it again asap - could be tomorrow, though. Or late tonight.

PP:)

it says FixPerms.cmd is not recognized as an internal or external command, operable program or batch file

OK - Either it wasn't extracted from the zip or it wasn't located properly.

Try extracting it to the desktop and then Copy and paste FixPerms.cmd into the C:\ProgramFiles\Windows Resource Kits\Tools folder.

Open the elevated command prompt and type or copy&paste:

C:\ProgramFiles\Windows Resource Kits\Tools\FixPerms.cmd
and hit Enter

That ought to do it.

If not, I'll rewrite the .cmd file when I get home.

PP:)

Let me put together that program for the registry. I'll try to post it tonight.

OK - Let's give this a whack at it:

-- Download the attached FixPerms.zip to your Desktop and Extract FixPerms.cmd from the ZIP to the folder where subinacl.exe was installed ---> C:\ProgramFiles\Windows Resource Kits\Tools

Then, open an Elevated Command Prompt
At the prompt, type: cd "%programfiles%\Windows Resource Kits\Tools" ENTER
-- Note cd <space> "%programfiles%. . . . ..

Then, type: FixPerms.cmd ENTER

Let it run for as long as it takes - might be a while as subinacl.exe "walks" the registry.
When it finishes, press any key and a log ought to pop up. Please post that for me.

Let me know if you run into any trouble.

Best Luck :)
PP

don't know what it means but something downloaded Microsoft Office pro yesterday which corrupted my office home suite so I had to remove it and reinstall it, no idea how this happened, it was some file with the name Bootstrap... something IDK, I think the machine has a mind of it's own.

That's odd.
The "bootstrapper" kind of controls the update/install/setup, if I am not mistaken.
Not sure why it would run out of the blue unless it was set to auto-update....

If, after I update, fix or whatever needs to be done to Acrobat pro, it works properly, I will not need Acrobat reader anymore, could possibly be one of the issues according to the tech note I read today because of duplicate plugins or something. I had reader first and did not uninstall it when I installed the newer Adobe Suite. It may have nothing to do with any of it though.

We can try uninstalling Reader - let's wait for now. I'd like to try that reg key again.

Thank you for your patience. :) I really do appreciate it.

Happy to help.
I enjoy a challenge as much as the next person :)

Let me put together that program for the registry. I'll try to post it tonight.

PP:)

so I found and did this http://kb2.adobe.com/cps/331/331303.html and now I can open acrobat pro again but can't update till I get the disk from the office because with no plug ins the updater no longer works, nor the repair... progress? maybe

I am not sure how everything "fits together" with Adobe suite, so I really can't offer much there. My typical solution is to remove it all and try again - but we can't do that here.

-- I'd like to try the registry again with the tool you downloaded.
I am going to put together a little command for it. What is the exact username you log onto the compy with?

PP :)

ok, have done this, no problems

Great!

First, use the new account and see if you are able to install Adobe.

It probably won't be that easy . . . . LOL!

If that fails, try using the new account and open an elevated command prompt (as you did when creating new account) and then try the steps in posts 124 and 126.

Let me know how you fare. Back on Thursday.

PP:)

Downloaded and installed the program

Great! We'll get to that later.
I'd like to try the below first.

not sure about the admin account, how do I create a new admin account? Seems as though I may have done this before but cant' remember how or when or why

Try steps 1 2 7 8 & 9 in the linky below. Be sure to save the new password, etc....

http://www.vistax64.com/tutorials/67567-administrator-account.html

I have to get back to work - If I can't check in later, will be back Thursday.
Let me know if you have an problems with new account creation.

PP:)

It's the never ending computer issue... :( Maybe I need a Mac

LOL! . . . Macs have problems too :)

I've been unexpectedly busy this week (not that I'm complaining given the economy) so please bear with me.

-- For the registry issue, please download and install subinacl.exe

We'll have another crack at the registry. My fear, though, is that we'll finally be able to add the desired key and then Adobe will still have an issue with it..... But, I'd still like to give it a try.

-- For the other issues, we'll need another combofix log. Hold off on that for now until I can go back over some things.

-- And, just to complicate things a bit more . . . . Are you able to create a New Administrator account on the ill computer? Let me know.

PP:)

still says Access Denied... Vista is like a plague, one small thing rapidly infecting the whole system...

I do not know how much of an exaggeration that is.....
It's that bloody UAC - Now, you did say you disabled this, but I want to double-check that.
Also, there are a couple programs we can try as well.

I ought to be available to wade back into the fray this evening :)

PP

got to go to bed, sorry, hate to bail but I've got my grandson at 7:00 am and he is 2yrs old and happens to be visually impaired so I need my rest :) He's a handful. I'll check in tomorrow, thank you.

No problem! We've all got "real lives" and they take precedence.....

This freaking Vista is really annoying.

-- Try running Regedit with an "elevated command prompt" and then try the permissions change from a few posts ago (post #126).

To get the elevated prompt, Click Start > All Programs > Accessories, RightClick Command Prompt, and then click Run as Administrator.

There are a couple other options to try as well. I'll post them Tuesday if the above fails to work.

PP:)

At first i never thought vista could be so vulnerable to viruses unlike xp. I was shocked when i noticed my laptop is starting to act weird. I used to use ComboFix before,when i don't know what virus is residing in my computer. Try to use Malwarebytes,ComboFix and Removeit pro, that usually solves my problem when I'm not really sure what virus is in my computer

This situation is a bit different :)

first one says: ERROR: Access is denied, 2nd did nothing

OK - Let's try this:

Open Registry Editor and RightClick on HKEY LOCAL MACHINE and select Permissions
Select Everyone and check the box to Allow Full Control and click APPLY
Click OK

Then try the command prompt reg add step again and let me know.

I'll be back in 30 min or so.

PP :)

Sorry for the delay - I guess I'm "in demand" these days LOL!

Let's try this:
Open a command prompt (start>run>type cmd)
At the prompt, copy&paste the following and hit ENTER each time:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS" /v "Installed" /d "1" /f

then

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS" /ve /f

You should get a confirmation/success message each time. Then, drill down and verify MSFS key.

Let me know if that works.

PP :)

nope, still not there, admin doesn't come up on right click but I tried it again anyway

OK - let me double-check some things & I'll get back to you.

PP :)

I may be doing something wrong, it says error, cannot access the registry

Bloody hell - it's probably a Vista thing . . .LOL.

-- Did you try RightClicking and running as Administrator?

Also, do the drill down with registry editor and check if MSFS key exists now.
I've had users get error messages and yet still have the keys created.

If that doesn't work, we'll try another way.

PP :)

the only thing in that folder says default, Reg_SZ, (value not set), so I'm assuming that means no

OK - Let's do this:

Download the attached FixIt.ZIP and Extract FixIt.reg from the ZIP to the Desktop
-- DoubleClick on FixIt.reg and Allow it to merge into the registry.

Just to be certain, open registry editor again and drill down and make sure the MSFS key is there.

If it is there, try installing Adobe again and let me know how you fare.

PP:)

ok, got all the to the end but there is no MSFS

That's what I suspected since it did not show in previous log.

You do have the "OptionalComponents" Key? Or no?
I don't remember seeing that either....

PP:)

Anyhoo, the next step I'd like to take gets us back to hacking ( or monkeying with, in layman's terms) the registry.
While I expect no problems, I'd like to be available to help, if need be.
So, I might not post those until Monday - weekend is going to be hectic and I imagine the same for you.

Sorry I couldn't get back sooner - Let's see if we can deal with that problem key.
-- I did not see it in previous log, so I'd like to check if it exists at all.

Click START > RUN > type Regedit and hit OK to open the Registry Editor

Please "drill down" through the subkeys to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

If you need clarification, let me know. I imagine your son could do this with his eyes closed (though I don't recommend that :) )

Under the Run Key, let me know if you can drill down further to "OptionalComponents" Key and then to "MSFS" key.

Are they there?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS

PP :)

if it was something else you were asking for please let me know, I'm a little slow sometimes:)

No worries :)

I've been volunteering in Forums for a long time and one thing I've learned to do is ask, ask and ask again. It's a wonder people put up with me!

Anyhoo, the next step I'd like to take gets us back to hacking ( or monkeying with, in layman's terms) the registry.
While I expect no problems, I'd like to be available to help, if need be.
So, I might not post those until Monday - weekend is going to be hectic and I imagine the same for you.

Cheers :)
PP

sorry, the new anti spyware is the Avira, AVG is supposedly gone, which is why I thought that the message was really strange, considering it isn't supposed to be there anymore.

Yup - we'll probably need to do more digging there - low priority right now.

I was trying not to do this because of my licensing issues, ......

Then, probably best to leave it alone. Don't want to mess up any licensing.

Frankly, I'd be expressing some displeasure to Adobe support regarding this issue... :)

where do I find this?

Don't worry about that - it's my standard "canned speech." You should not have any problems.

PP :)

I think it might be a good idea to Uninstall All things Adobe for the time being.

I don't mind, this is way to long to read to go back through it. Got rid of AVG, using AVIRA, seems to be working fine. Ok, so now I'll do the Adobe thing and get back to you.

The reason I asked about AVG is because in Post 99 you mentioned:
The new anti spyware has run and hasn't found any problems.
I tried to open a pdf with acrobat pro and it still won't open at all, it did update finally last night, I think it was successful. But still won't open. If something tries to open outlook I get a strange warning that AVG has stopped it from working, then it opens anyway.

So I was confused . . . .

-- Have you tried installing Adobe offline?

I'd like two new logs for updated reference:

-- Download DDS by sUBs and save it to your Desktop
-- If your AV has a script blocker, please disable it
-- DoubleClick on dds.scr to run the tool

* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).

- Copy&Paste the DDS.txt into your next post.

that may be so, but the scales are balanced with patience and wisdom...
and as I tell my son when he feels superior, I lack the advantage of having had a computer since I was 4 years old... :)

So very true :)

This problem is vexing me....

-- So you're positive everything is being done "as Administrator?" Uggh - I hate Vista! LOL!

-- Can you link me to the version of Adobe you are installing?

-- What happened with AVG anti-virus? Remove? Reinstall? Go with Avira?
(That's the trouble with long threads - and forums in general - hard to keep updated. Much easier if I am sitting in front of the machine. I apologize for any redundancy ;) )

A couple things:
We should make sure the key exists. Did any of previous help have you check?
Are you comfortable navigating the registry? - You can really screw up a machine if not careful.

See if you can run Windows Installer CleanUp Utility
-- Run it Only for Adobe!

Let me know how you fare with that and my other questions.

Also, please do this before doing the above:
-- Please back up your registry with ERUNT
-- Here are the instructions.

Since you are using Vista, you'll need to Turn User Account Control Off before using ERUNT.

Go …

He says "this issue" is not his thing though, he doesn't like Vista.

I have yet to meet somebody who likes Vista. . . . .

Anyway, I am running IE 8.0.

Try rolling back to IE7 and see if issues remain:
http://support.microsoft.com/kb/957700

And a one click tool would be wonderful, thank you so much for taking the time to do it. :)

Actually, the more I look at this, it looks to be an Adobe issue rather than a Windows problem.
Have you tried installing "as administrator?"
RightClick and run the Adobe installer "as administrator."

Before we mess with the supposed problem key, let's have a look at it:
Please download PeekKey.zip and extract the PeekKey Folder from the ZIP to your Desktop.
-- In the folder, you'll find RunThis.bat.
-- DoubleClick on it to run it and please post me the log that pops up.

I really appreciate everything you and Crunchie have done to help me.

We are happy to try to help . . . though I suspect we are a couple of old dogs in a young dog's world.... :)

PP

My son says I should have been using firefox all along anyway.

He is a smart man :)

-- What version of IE do you have?

I will put together a little "one click" tool to try to deal with that registry key this evening and post it for you then.

Cheers :)
PP

I like the philosophy "pay it forward" and I live by it. Therefore I am poor, but happy.

Me, too - this world can sometimes be a mean place with a bunch of "I got mine, the rest are out of luck" types. But there are a lot of good people out there as well who are willing to help out of the goodness of their hearts....

Of course I would never take advantage either so next time around I will see what i can do.

You are always welcome here. No worries!

Happy holidays
NW

The same to you :)
PP

Firefox is running fine right now. The cursor thing seems to be better too. So yeah! Progress! :) Thank you! Now if I can just figure out what Acrobat's issue is... I'm going to have to go back and read my own posts to see if I am forgetting anything now. Wow, it is great to be able to type quickly again!

-- Are you still getting DEP warning?

-- Have you updated to the latest version Adobe? Did you completely uninstall previous version(s)? If need be, use REVO.
I can help you change permissions on that key, if need be.

-- Have you tried "rolling back" to a previous version of IE?
Firefox is great, but it is a workaround and not a solution. Though, if you take the time to configure Firefox to your liking with Add-ons (Themes / Plug-ins / Extensions), you'll never go back to IE . . ..

PP:)

that's fine, I.Explorer

OK - For diagnostic purposes, see if you can install Firefox Browser

Let us know if you run into the same problems as with IE.

I shall return Thursday evening (EST).

Cheers :)
PP

Everything looks fine now, AVG is gone. The AVG files are AVG 8 and AVG 9 and they are in the AVG folder. The other one wasn't but it is no longer there.

You should be able to safely delete the AVG folder.
Try that - if there are any "scary" messages, then hold off.

If you no longer have a working AV, see if you are able to install Avira Anti-vir Personal - FREE

-- What browser(s) do you use? IE / Firefox / Opera (sorry - too busy to backtrack ATM - easier to ask)

PP :)

desktop still gone the only files are in program files folder, the weird one is gone after 2nd reboot.

Is explorer.exe running?
Open task manager (ctrl-alt-del) and see if it is running. If it is, RightClick it and restart it - does Desktop come back?

PP:)

Ok, I uninstalled AVG, desktop went away but there are still several file folders and a weird one with $ in front of it. Not sure the best way to safely get rid of these. It says deleting may cause the computer to become unstable and it's unstable enough. ;) Windows updates are set to auto, so however that works, sometimes it updates when it turns on.

-- Are those AVG files in the AVG Folder?

-- Does your desktop come back after a reboot?

PP :)

it doesnt appear to be redirecting anymore...i have clicked on about 30 links and they seem to all work...thanks to you and crunchie times a million!

You're welcome - happy to hear it!

Let's remove Combofix and the files/folders it created:

• Click Start > Run
• Type or Copy&Paste Combofix /u into the Run box. (Be sure there is a space between the x and the / if you type it)
• Click OK

This will remove Combofix and it’s components from your machine.
It will also reset your clock, re-hide System and Hidden Files and hide File Extensions.
Last, but certainly not least, doing this will reset System Restore.

-- Doing the above step ought to get your clock back to normal.

Let us know if there are any further issues - otherwise I think you can mark this thread "solved."

Cheers :)
PP

alright, what did I do wrong? and it's still redirecting

Looks like there was an error copying atapi.sys to C:\

Can you navigate to C:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

Copy and paste it to your C:\ drive --> C:\atapi.sys

Then, try the Avenger step again.

PP :)

no, can't do anything with it at all, not even in safe mode

don't know if it's significant but Windows downloads and updates with no problem . . .

--How do you do your Windows updates? Do you use a browser or click the tray icon?

-- Let's see if we can remove AVG:
First, try AVG Remover (top of list on this page):
http://www.avg.com/us-en/download-tools

Then, have a go with REVO Uninstaller to clear any hangers-on.

Let us know how you fare :)
PP

There was an error when I hit execute...something about invalid script.... has to start with a command directive....i copied what you typed in red.

We seem to get this a lot.... You need to copy everything in red including the command directive Files to move:

Please have another go at it :)

PP

you guys are great.
thx a ton

You're welcome!
There's a "donate" linky at the top of the page where you log in.

Frankly, I'm happy if you just "pay it forward" and do a good turn for somebody else sometime down the road....

Cheers :)
PP

it also had steps on what to manually look for, so it looked legit. The web site is http://www.removeonline.com/
norton reports it as safe http://safeweb.norton.com/report/show?url=removeonline.com..

Hey - sorry if my previous post sounded a bit harsh - didn't mean to come across that way.... :)

Look at that site carefully - it is set up solely to sell a product. Very little actual or useful information - just tons of links to download their product. Currently SpyNoMore, but easily changed when the affiliate/owner switches product (heck, upon further review I found another borderline rogue -XSoftSpy).
Nowhere does it say the name of the tool until you go to install it -it just says "removal tool." Nowhere does it say you will need to pay to have the tool remove what it detects. You just find that out after installing and scanning - borderline extortion in my book.
This is classic affiliate behavior to rope in unsuspecting users who are desperate to remove their malware.
They are just trying to capitalize on desperate users who are not aware of the better free options available to them.

Cheers :)
PP

there is a rmoval tool here Remove Shopica

Have you tried this?
Do you know what it is?

The "removal tool" this site is pimping is a borderline rogue called SpyNoMore.
It is trialware that may or may not detect a bunch of things, but then wants you to buy their product before it will "remove" them..... LOL.

There are better free tools - If MBAM doesn't get this, I doubt SpyNoMore will. Especially a modified or infected atapi.sys....

Cheers :)
PP

if clrviddc.dll is legit or not i do not know

Apparently it is an outdated codec - clearvideodecoder.

I guess, if everything is working as it should, we should probably leave it at that . . . .

Let's remove Combofix and the files/folders it created:

• Click Start > Run
• Type or Copy&Paste Combofix /u into the Run box. (Be sure there is a space between the x and the / if you type it)
• Click OK

This will remove Combofix and it’s components from your machine.
It will also reset your clock, re-hide System and Hidden Files and hide File Extensions.
Last, but certainly not least, doing this will reset System Restore.

Let me know if there are any more issues we need to address.

Cheers :)
PP

SmitFraudFix v2.424. . . . . . . .

Well, that didn't help....

It looks like crunchie and I missed something - I thought I mentioned it earlier, but apparently not.

Please do the following:

Click START > RUN > type cmd and hit OK
At the prompt Copy&Paste the complete text in Red below and hit ENTER:

Copy C:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys C:\

You should get a message confirming successful copy.

THEN:
Please Download The Avenger v2 by Swandog46
http://swandog46.geekstogo.com/avenger.zip

-- Extract Avenger.exe from the ZIP to your Desktop
-- Highlight the complete text in Red below and copy it using Ctrl+C or RightClick > Copy:

Files to move:
C:\atapi.sys | C:\windows\System32\drivers\atapi.sys

-- Now, DoubleClick avenger.exe on your desktop to run it
-- Read the Warning Prompt and press OK
-- Paste the script you just copied into the textbox, using Ctrl+V or RightClick > Paste
-- Press Execute
-- Answer YES to the confirmation prompts and allow your computer to reboot.
In some cases, The Avenger will reboot your machine a second time. No worries.
-- After reboot, The Avenger should open a log – please post that for me and let me know if that had any affect on the problem.

Cheers :)
PP

ok, thanks, for now though, what should I do while I can't access AVG? I am running spybot and superanti-spyware nightly, do I need to do anything else? Oh and windows defender is on.

Can you uninstall AVG?
(can't remember.... :))