# Stupid mistake has my computer all messed up, HELP!



## Hears The Water

So, below is a post that I put up a couple of days ago on facebok about what happened to my computer. I am still having lots of problems. There are ads on my facebook wall, between posts, not just on the side. Also when I go to try to play scrabble an ad will run then too, but this one will always be a video ad. The others are about equally divided between video ads and just plan stationary ads. Also, some words are now highlighted in blue, and if I click on one it takes me to an ad for what ever that word was. When I try to watch a video from the site Project Free TV, they stop and start a lot, for buffering and the movement is choppy. But then again, sometimes it is not that way. Last night I watched several hours of stuff with zero problems, and today I can't even make it through a full 45 min program without it buffering and then starting back over if I try to pause the video for it to "catch up". I can't watch youtube videos at all anymore, but I can hear the audio, and when I stop the video, I have about a two second flash of the image on the screen. 

I reset my homeage to Yahoo, but when I open up a new tab, it goes to some page that I had not seen until all of this, and it has a small "WS" in a blue circle next to a search box, but if I search through that box, it goes to bing. 

I have a Dell Inspiron 1501. I am running Firefox on it. I don't know how to find how much memory I have, but if someone can tell me how to look that up I would be happy to. I know I have too may things running on here when I start it up, but don't know which ones to get rid of, and which ones are important. 

And with all of that, on to the explanation. Please don't laugh at me, I know it was stupid. *GRIN* Can anyone help me clean house here? It is a mess!
God bless you and yours
Deb 



UGH. OK, so earlier today I did something stupid. I was trying to watch a video and I downloaded the thing that they told me to so I could watch. Stupid. I know better. It wasn't even anything to help watch a video. I couldn't figure out how to use it so I called their customer service. The man told me what the program really was, but not before he told me to go to a different site. I did, but what he didn't tell me was that he was going to remotely access my computer. Once I figured this out, I wasn't that upset about it as I have had this done by customer service people a couple of times. So he zipped around in here looking at stuff, and said that he was going to run a diagnostic test. Once it was done he said that there were 815 warning messages and that they were making my computer run slowly. He then ran another diagnostic in a small black screened box which showed a bunch of c prompts and a Trojan horse virus. Then he started to tell me about how he could fix this for me. That was when I finally figured out what he was doing. I was just flabbergasted that he would do that. And even more that I just let him, unsuspectingly. So I have removed all of the stuff that I uploaded, and the things that he uploaded. I have done a systems restore, and reloaded java. I am getting ready to download AVG, because apparently my AVAST anti-virus just plain stopped quite a while ago. UGH> As frustrated as I am and even with the ads that are now on my Facebook and with all the work, I know I got off very fortunately.


----------



## katheh

Download and run McAfee stinger, it is free: Stinger | McAfee Free Tools

Reset your home page to anything but Yahoo. Google is cleanest.

Go to Start --> Control Panel
Click whatever says "software" or "program" in it. Mine says "uninstall a program" (I have windows 7).

When the list of installed programs comes up, Google the name of each one in turn, if one of them is a trojan or a virus, the search results will let you know. If so, uninstall it from the Programs window.

Do download AVG (the free version is fine). I have used it for over 10 years and it has saved my behind many many times. it is at free.avg.com

Also go into the properties for Firefox and check which extensions or add-ons you have listed. To start over I would delete everything (is not even a bad idea to uninstall Firefox altogether to get a clean install) and add back what you find you need as you browse.

Hope that helps.


----------



## Hears The Water

Thank you for the suggestions. What is McAfee Stinger do?
God bless you and yours
Deb


----------



## legacy

We've got some really smart people on HT when it comes to computer stuff, and I'm not an expert when it comes to this sort of thing, but I've got some experience.

I must say that your situation got really complicated when you explained that an unknown person had obtained remote access your computer. That's something I won't address here, and it may very well be that this should require a swipe of your hard drive and reinstallation of your hardware. But let's assume that won't be necessary (because you don't have highly sensitive information on you computer -- especially financial information.)

Here's what I would do, and let's hope the guy who got into your computer wasn't a malicious sort.

(You didn't tell us what type of system you are on, so I'll assume Windows XP or more recent.) 

1) Check your IP address and write it down. (Get on Google and figure it out. It's easy but instructions will depend on your operating system.)

2) Download the Microsoft Security Essentials SETUP PROGRAM (Don't load it yet. Just save it to your desktop.)

3) Disconnect from the internet. That means completely unhooking from your DSL or cable.

4) Go to START + CONTROL PANEL + PROGRAMS, and click on "Uninstall programs." 

5) Look up on the right-hand, topside of the page and you'll see, "Installed on." Click on that tab to see what was recently installed. (It will list them from the latest-to-oldest items when you toggle the tab.) 

6) Uninstall _*everything*_ that was recently installed, or at the very least, what got accidentally installed when you started having these problems. Also uninstall _any and all /I] antivirus programs, such as AVG, McAfee, etc. Be sure to get rid of anything like Yahoo, Google, or Bing, and anything else like them, that are in the programs list.

(More than likely, you can easily reinstall anything you need. Make extensive notes of what you uninstall. 

8) Go to START and type into search programs and files all of the names of all the programs, associated names, numbers, etc., associated with everything you just uninstalled, and delete any reference to them you find. (Usually just looking for the title of the program is fine, but look hard for anything at all and delete it.)

9) Go to Internet Explorer and change your Homepage to Blank. 

10) Empty your recycle bin.

11) Reboot.

11) Install Microsoft Security Essentials and run the most extensive scan.

12) Run AdAware and Malwarebytes (the most extensive scan.)

13) Hook up your computer, say a prayer and get online.

14) Check your IP address again and see if it's changed. (If it hasn't, call your ISP and get it changed.)

15) Set your Homepage._


----------



## katheh

McAfee Stinger scans for trojans and repairs/removes them if found.


----------



## WhyNot

Hears The Water said:


> I couldn't figure out how to use it so I called their customer service.


Customer service of what? Dell? Facebook? Mozilla? The program you downloaded? Your ISP?



Hears The Water said:


> The man told me what the program really was,


What did he tell you it really was?




Hears The Water said:


> but not before he told me to go to a different site.


What site did he tell you to go to?
What did you uninstall that you had installed before this all started happening?
What did this other guy install that you uninstalled?


If this is a rootkit, virus or a trojan, system restore does nothing to help you out. Neither do long, arduous scans.

The above questions I put up there are actually really important at this time, from the sounds of it...there is probably a very simple solution..but the above questions would have to be answered.

Anyway...for everyone who ever has the suspicion that you may have a browser hijack, virus, trojan, rootkit, etc. Don't do system restore. At the least it will give you a false sense of security...at the worst it can compound your issues times 100.


----------



## Hears The Water

Sorry that my post was ambiguous. Let me try to answer your questions. I appreciate your help. And to answer another question from above, I am running XP. 

What I downloaded was actually a video converter. I thought it was a plug in to help me watch a video. The customer service I called was for the company that made the video converter. The site that he had me go to was one that facilitated his accessing my computer remotely. It was called cyber experts dot com. 

I uninstalled the video converter that I had installed, and some other program that I recognized that he had loaded, called White Smoke, along with its toolbar. I am pretty sure that he loaded several others at the same time, but I don't know what they would be. 

I did do a systems restore, thinking it would help. I have since read the post at the top of this room that talks about how to get rid of spyware, so I realize that it might not have been a good decision on my part. 


I appreciate your help on this. I had thought that the article mentioned above might be a good choice for me, but I will wait until I hear back from you before I do anything. I have a paper for school to write anyway so I wasn't going to do anything that might mess up my computer until later. Thanks again, and thank you to the other people that have chimed in on my problem and didn't make fun of my stupidity. 
God bless you and yours
Deb


----------



## WhyNot

Okay Deb. I'm going to give you some tips for the future:

NEVER let ANYONE who is NOT an actual technician....someone you know...or a LEGIT service that you pay for from a REPUTABLE company, remote into your computer. By legit and reputable company I mean one that you know, can look up and research, call directly, one that other people know of and recommend, etc. Anyone can make up xyz company and make a webpage and a fancy looking piece of software.

Second of all...there are a lot of tricks people play. It may just be that the video converter program was a bait to actually get you to call, and then the buttheads actually infect your computer (or infect it worse) and then want your CC to fix it...meanwhile it will not get fixed and they are going to start buying stuff with your CC.

ALSO...for future reference...NEVER give any information to anyone who calls you and says they are from your ISP, Microsoft or any legit or legitimate sounding antivirus or security company. They also just want into your computer and your CC number.

IF your ISP really does have an issue with your computer, you will get a formal letter. Microsoft and other security companies NEVER call the end user to "warn" them of anything or anything like that. Same as banks NEVER tell you to change your password and etc by clicking on a link in your email unless you have actually requested it. When a bank has an issue with your account or your cc, they lock your account and then try to contact you OR...as has been happening more recently...they lock your account down and they wait for YOU to call THEM.

If someone calls you about anything to do with your computer, tries to scare you with a bunch of scary sounding security, legal or financial problem....then hang up...and you call the accounts with the numbers off of your bills and stuff...never the numbers they give you.

Just FYI. They are getting sneakier and bolder, these buttheads...one of the reasons I'm working on getting into computer forensics...fascinating field.

Anyway...yes...please do go through the spyware section if other things haven't worked. If the whitesmoke thing is what I think it is...you should be able to get rid of it using the directions in that section..if not, then it will be cleaned up enough to take the next step. (here's a mysterious piece of info..just because you "uninstall" something, does not mean it's gone)

Something good to note is everything you do, write it down...it's difficult to walk someone through an assessment via phone or text so anything you can supply can help any technician deduce the issue. With computers it's not always a black and white scenario...the computer doing "X" doesn't always mean "Y" will fix it.

So...write down your process...doesn't have to be too detailed..just steps and then what happened. Such as:

Installed whatchajiggy program, ran scan, the results were "blah blah", I got this error "error! error! no worky!"...

Like that. That way..if you do run into problems going through the steps we can see where, what error messages,etc and hopefully figure out the issue. In troubleshooting anything, one should always take a systematic approach and take notes..it's the only way you can see mistakes and patterns..patterns are what can define the underlying issue or the issues that haven't been resolved yet. It sure beats stabbing in the dark when none of us can actually sit at your computer and look at it's behavior and see what it is doing.

BUT! Before you do all that...do what you need to get done for school and make sure you print it...just in case.

BTW: You aren't stupid. Crap happens. We learn and move on. Anyone who would make fun of you for this will eventually have their ego handed to them on a silver platter once the computer gnomes carry out mucho grande karma on 'em.

Sorry I didn't get back with you sooner...I've been having internet issues today...darn gnomes!


----------



## Hears The Water

Thank you for all of the advice WhyNot. I just tried to start the process mentioned above, but can't get past the first step, "see all files." I have found Windows Explorer, but once I open it there isn't anything that says "Tools" for me to click on. There is, at the top, the word "Views" but within that there isn't anything that says "show hidden files and folders." Any suggestions?


Typical of how it is for me, nothing is ever as it should be. LOL 
God bless you and yours
Deb

ETA, got the report written and emailed to my professor, so we are good to go.


----------



## Kung

Go to the Control Panel --> Folder Options --> Click on the 'View' tab --> scroll down, and under "Hidden Files and Folders" the option should be there.


----------



## Hears The Water

Thank you Kung. I finally found it and now I am onto step 3. Since I had not installed any of those programs that you mentioned I am trying to manually dump my trash files. I see the listed files I am supposed to manually delete, but as before, I don't know where to do this. I have clicked on "computer" and it shows me the different drives, but then I am not sure what to do. Do I put it into the search box after I click on the C drive? And the name that is on my computer is "BAILEY-PC" Do I include the -PC part?
God bless you and yours
Deb


----------



## Hears The Water

So I downloaded "SuperAntiSpyware" and it has been running for 41 minutes now. It has 533 "Threats detected." And it is still going strong. 

I didn't figure out how to do step number 3. So that may be making this run so long. So I hope I didn't mess things up too much by going out of order. 
God bless you and yours
Deb


----------



## WhyNot

Hi Deb

It's not actually a really big deal if you could not complete step 3, but yes it would be one reason why the scan took/is taking so long to complete. Did it actually complete?

If you still want to dump your temp files and cookies manually, when you look at the directions for #3 and see the path such as: C:\Documents and Settings\[your username]\Cookies

These are the individual folders you want to click on to navigate to the files to be dumped. So in the above example you would go to my computer (double click on), find Documents and Settings folder (double click on), your username folder (double click on) and in there you should find the cookies folder (double click on) then you would select everything in there and press delete and say yes when it asks you if you are sure.

That's how to read/navigate those path directions.

Let us know where you are at. Regadless of where you are at in this you should do two things at this point. First empty your prefetch folder, you find this by going to my computer (double click) your C drive (double click) double click on the windows folder find the prefetch folder, double click and delete everything in there. These are instructions for windows to load apps at start up and other things....often, trojan, rootkit and virus instructions are in there. Then turn your system restore back on and restart the computer.

And again, let us know where you are at now.

Also, if you can...list some of the threats that SAS (super anti spyware) detected. It could go a long way into finishing up for you. Just because SAS or any program similar to it removes a thread in normal and in safe mode doesn't neccessarily mean you computer is clean. To be sure, we should follow up with the main nasties it found to be sure. There are some pretty sneaky/slinky trojans out there.

And...what do you have for anti virus software?

Plus if that guy really did load the whitesmoke trojan on your comp, there are other things you need to do.


----------



## Hears The Water

Why Not: Yes, the SAS finally did finish loading early this morning. It took just under two hours and found 1638 threats. Below is a list of the different threats it found, and I had it take care of. 
Adware.Gamevance
PUP.StartNow Toolbar
Adware.180solutions/Seekmo
Adware.zango Toolbar/HB
Adware.Zango /ShoppingReport
Adware.Zango Tracking Cookies (over 1000 of those)
Trogan.Agent/Gen-Rogue Av
Adware.InstallCore

There were only a few of the trojan, but each of the others had something like forty or fifty of each, with the exception of the one that had over a thousand of. 

I am going to try going in again to complete step 3, with your instructions and then continue on with the rest of the directions because there are still ads popping up when I click on something within a normally clear website. Like when I came on HT, and clicked on the link for this forum, a new window opened up with an ad in it. 

I have Avast for my virus protection, but it doesn't seem to be on, and I can't turn it on, nor can I remove it. I did upload AVG, but then I saw that Avast is one that y'all recommend above AVG so I think I will try to re-load it and take AVG off. And, yes Whitesmoke is still on here. When I click on a new tab, the whitesmoke search bar is there. 
God bless you and yours
Deb


----------



## WhyNot

Yes you are going to have to go through the rest of the directions for spyware removal...and run SAS in safe mode with networking.

And also you are going to have to remove the whitesmoke addon for mozilla

When you are in Firefox, hit the ALT key. This will bring up the menu at the top of the window. In the view menu...toolbars, you can disable it. 

Then go to control panel then and add/remove programs...scroll through there and see if you can find the toolbar addon and remove it.

There might be one more thing to do yet, but I want to see if it's in the program list or not.

You are also going to need to remove and reinstall avast...because it's not protecting you. Here is the program and directions directly from Avast on how to go about using the avast removal tool...and then you will need to reinstall it....

avast! Uninstall Utility | Download aswClear for avast! Removal


----------



## Hears The Water

Obee kaybee. I am going to put a movie on the TV and spend today taking care of my computer. I'm going in Cap'n. I will post on here between events, if I can. Going to start by going back to step 3. 

Oh, how to I turn on "safe mode with networking" on SAS? 
God bless you and yours
Deb


----------



## Hears The Water

When I finally found my cookies folder, (I found it by clicking on my name rather than "computer" but it got me to where I could see a folder named "cookies") and I tried to double click on it I got the following error message: C:\Users\Mom.Bailey-PC\Cookies is not accessible. Access is denied. 

Well. I guess I now know how my computer feels about me. Any suggestions? I am going to go on the next thing to search for the prefetch folder. 
ETA: I could not find a folder named "prefetch". I got as far as finding a "windows folder" to click on. I am not sure that that means. I did look through all the floders and file names that came up when I double clicked on the C drive. I even checked the D drive too. Nothing with that name. 

ETA #2: I cannot "fix" the Avast program even though it gives me two options for fixing on the error message. I cannot remove the broken program, nor can I download a new one. 

God bless you and yours
Deb


----------



## WhyNot

Please tell me you have turned system restore on again though. Please.



Hears The Water said:


> When I finally found my cookies folder, I tried to double click on it I got the following error message: C:\Users\Mom.Bailey-PC\Cookies is not accessible. Access is denied.





Hears The Water said:


> I could not find a folder named "prefetch". I got as far as finding a "windows folder" to click on. I am not sure that that means.





Kung said:


> Go to the Control Panel --> Folder Options --> Click on the 'View' tab --> scroll down, and under "Hidden Files and Folders" the option should be there.


You should see the prefetch folder in the windows folder if you really do have windows XP and also if you really did the above, to show hidden system files and folders.

IF you did show all hidden and system files & folders, you should see the prefetch folder inside the windows folder IF you have windows XP. You should also have access to the cookies folder IF you have windows XP.

BUT here is the good news. You really don't have to waste time dumping the temp files or the prefetch files....later, after your computer is cleaned up for sure, then you can just use IE to dump it all or use another program from the list. It's really not all that important, technically.

The not so good news can be that IF you really did all those things and you really do have WindowsXP and the prefetch folder really is missing....we need to get you into safemode and run SAS from there asap...something is very wrong.



Hears The Water said:


> Oh, how to I turn on "safe mode with networking" on SAS?


This is in the spyware walk through you are supposd to be going through, or at least how to get into safe mode. Here are the instructions for it:

1. You should print these instructions before continuing. They will not be available after you shut your computer down in step 2. 

2. Click Start and then click Shut Down.

3. In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.

4.As your computer restarts but before Windows launches, press F8. So...basically, when the computer starts to come back on, immediately start pressing the F8 key as fast as you possibly can until you get a black screen with white words on it. 


5. Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER. In your case, the appropriate safe mode option will be Safe Mode with Networking.



â¢ If Windows launches before you can choose a safe mode, restart your computer and try again.

â¢ In safe mode, you have access to only basic files and drivers (mouse, monitor, keyboard, mass storage, base video, default system services, and no network connections). You can choose the Safe Mode with Networking option, which loads all of the above files and drivers and the essential services and drivers to start networking, or you can choose the Safe Mode with Command Prompt option, which is exactly the same as safe mode except that a command prompt is started instead of the graphical user interface. You can also choose Last Known Good Configuration, which starts your computer using the registry information that was saved at the last shutdown. 

â¢ Safe mode helps you diagnose problems. If a symptom does not reappear when you start in safe mode, you can eliminate the default settings and minimum device drivers as possible causes. If a newly added device or a changed driver is causing problems, you can use safe mode to remove the device or reverse the change. 

â¢ There are circumstances where safe mode will not be able to help you, such as when Windows system files that are required to start the system are corrupted or damaged. In this case, the Recovery Console may help you. 

â¢ NUM LOCK must be off before the arrow keys on the numeric keypad will function.


----------



## Hears The Water

Oops, I didn't see your second way of removing and reinstalling Avast. I will try that now. 
God bless you and yours
Deb


----------



## WhyNot

Hears The Water said:


> ETA #2: I cannot "fix" the Avast program even though it gives me two options for fixing on the error message. I cannot remove the broken program, nor can I download a new one.


How did you try to remove the program? Did you download the avast REMOVAL tool from Avast like I suggested? If so, what is the SPECIFIC error the removal tool gave you?


----------



## Hears The Water

Ok, Please keep in mind that you are dealing with someone that has had a brain injury as I tell you this next thing. I think I actually have Vista. I am sorry if I said XP. And I probably did, knowing me. How do I tell for sure, so we are not relying on my faulty memory. You know, that would really account for all of the issues I am having trying to fix this with your instructions, me telling you the wrong OS. I am sorry for causing your frustration. I really do appreciate your help!

ETA: It is Vista. I figured out how to find that. No wonder nothing was making sense. Again, I am sorry for any frustration I have caused. 
God bless you and yours
Deb


----------



## WhyNot

I didn't see your post before my post about the removal program....no worries. I'm not trying to be chewing you out or anything. It's just that sometimes, it's exactly like you just said...memory or not being sure of what you are being asked.

heck, I've had people swear they have vista and when I keep asking are you sure...they find out they don't have it..they were just going by what someone else said they might have had.

The times when it does make a difference is during times like this...Windowx vista, xp, + have a prefetch folder. If you can't find it/see it there is an issue. But it didn't work right in vista and they made it do something a little different in 7 & 8...the only one it seems to matter in removals is xp. So if you don't have xp then we don't need to worry about whether we can find it or access it or not. Not at all.

You probably do have vista...and that might actually change some of our solutions.

To find out what operating system you have for sure:

Press the windows key and hold it down and then press the break key. The break key will be somewhere on the top of your keyboard after all the F keys Usually it's by the delete key somewhere in there. 

**The windows key is to the left of the spacebar and usually has a picture of a little flag on it.


----------



## Hears The Water

Oh, I didn't think you were chewing me out, I am just sorry for the aggrivation this must be causing you. 

Yes, I do have Vista, not XP. How does that change the instructions for me?


Thanks!
God bless you and yours
Deb


----------



## Hears The Water

Oh and I did turn the system restore back on. Thanks for reminding me. 
God bless you and yours
Deb


----------



## WhyNot

Hears The Water said:


> Yes, I do have Vista, not XP. How does that change the instructions for me?


Well for one we don't have to worry about the prefetch reloading your trojan. And now I know how your system is supposed to act...so...

Let's just refresh and start with a different tactic here.

I'd like to get rid of all your temp files like you had tried to earlier but we are going to do it through Firefox instead...easier...and if there are issues it will give an error message and then I can know exactly what is happening if there is an error message.

Then I'd like you to get rid of that crazy toolbar for whitesmoke...because if we don't get rid of it, after we do the next things in safe mode, it's just going to come back when you go back online.

Then we are going to go into safemode with networking and run SAS...it should run much quicker that way...and it will also be able to actually get the stuff off of your computer...the rest of it anyway. Then you'll be almost done!


To get rid of all your temp file baggage.

1. At the top of the Firefox window, click on the Firefox button and then click Options On the menu bar, click on the Firefox menu and select Preferences...

At the top of the Firefox window, click on the Edit menu and select Preferences

At the top of the Firefox window, click on the Tools menu and select Options...On the menu bar, click on the Firefox menu and select Preferences...At the top of the Firefox window, click on the Edit menu and select Preferences...

2. Select the Advanced panel. 
3. Click on the Network tab. 
4. In the Offline Storage section, click Clear Now. 
5. Click OK to close the Options windowClick Close to close the Preferences windowClose the Preferences window

1. At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP) and then click OptionsOn the menu bar, click on the Firefox menu and select Preferences...At the top of the Firefox window, click on the Edit menu and select PreferencesAt the top of the Firefox window, click on the Tools menu and select Options...On the menu bar, click on the Firefox menu and select Preferences...At the top of the Firefox window, click on the Edit menu and select Preferences...

2. Select the Advanced panel. 
3. Click on the Network tab. 
4. In the Cached Web Content section, click Clear Now. 
5. Click OK to close the Options window
Click Close to close the Preferences window
Close the Preferences window

Next we are going to see if we can get rid of the toolbar addon in firefox

1.At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-onsOn the menu bar, click on the Tools menu, and then click Add-onsAt the top of the Firefox window, click on the Tools menu, and then click Add-ons. The Add-ons Manager tab will openAt the top of the Firefox window, click on the Tools menu, and select Add-onsOn the menu bar, click on the Tools menu, and select Add-onsAt the top of the Firefox window, click on the Tools menu, and select Add-ons. The Add-ons window will open.

2.In the Add-ons Manager tabwindow, select the Extensions panel.
3. Select the toolbar you wish to remove. 
4. Click the RemoveUninstall button. When prompted, click Uninstall to confirm.

5. Click Restart nowRestart Firefox if it pops up. Your tabs will be saved and restored after the restart.

If you can't remove the toolbar, use the 'Disable" option as a workaround.


Let me know how all this goes then we'll do the safe mode things...and should have you done and fixed up in a little bit after that.


----------



## Hears The Water

WOOT! Success. That got rid of the WhiteSmoke toolbar, as well as the search bar. I also took off another toolbar, that was loaded when I tried to work for Cha Cha. I also disabled Real Plaer and PC Sync since there were warning messages on both of those that said that each of them were known security problems. I hope that was OK. 

I did the other two things you told me to. There weren't any warning messages or anything. .

I think we may be ready to move ahead. Thank you again for your help. 
God bless you and yours
Deb


----------



## WhyNot

YaY!

Okay.
Now...we are going to go into safe mode with networking by following the directions below. Some things to remember.....safe mode is gonna look funny. It's okay.

It MAY want you to select between Administrator or your own regular normal account. IF you are given a choice to enter safe mode as Administrator...PICK ADMINISTRATOR....if it doesn't give you a choice, then don't worry about it...but if it does...logon as administrator.

After you get into safe mode...all I would like for you to do is start SAS, check for updates for it, then scan. Go ahead and do a full scan.

here is how to get into safe mode:

1. You should print these instructions before continuing. They will not be available after you shut your computer down in step 2. 

2. Click Start and then click Shut Down.

3. In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.

4.As your computer restarts but before Windows launches, press F8. So...basically, when the computer starts to come back on, immediately start pressing the F8 key as fast as you possibly can until you get a black screen with white words on it. 


5. Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER. In your case, the appropriate safe mode option will be Safe Mode with Networking.



â¢ If Windows launches before you can choose a safe mode, restart your computer and try again.

â¢ In safe mode, you have access to only basic files and drivers (mouse, monitor, keyboard, mass storage, base video, default system services, and no network connections). You can choose the Safe Mode with Networking option, which loads all of the above files and drivers and the essential services and drivers to start networking, or you can choose the Safe Mode with Command Prompt option, which is exactly the same as safe mode except that a command prompt is started instead of the graphical user interface. You can also choose Last Known Good Configuration, which starts your computer using the registry information that was saved at the last shutdown.


----------



## Hears The Water

Ok, I ran SAS in safe mode. It took an hour and it found 116 adware.tracking-cookies. It got rid of all of them. 

Another thing checked off the list. Woot. 

I am feeling more and more confident as we go along. What's next?

God bless you and yours
Deb


----------



## WhyNot

Good. Now we just need to sort out your anti virus stuff 

So.... need to go to that link for the avast removal tool. Remove avast and then download a new version of it and install that, then update it and have it do a scan...it probably will not find anything but you should always run it through a scan when you install and update.

You are sure that you didn't install any other antivirus right? There wasn't maybe another antivirus installed when you installed avast?

It's very important to only have ONE antivirus program installed on your computer at a time. Even if you never see another installed one running...even if it's old...doesn't matter...only one should be installed at a time.


----------



## Hears The Water

Sorry it took me this long to get back to you. I finally got the old Avast! off my computer, and got the new one on. Then I rant it. I chose to run both the quick version and the full version. The quick version ran for 3 hours and found 2 Trojans. The full version ran for 4 hours and caught the same 2 Trojans plus 4 malwares. 

I am still having ads in the middle of my Facebook wall posts, and when I click on a link. Some words on a page will be hotlinks to more ads. And some times things are running choppy. So I am thinking that I may need to take that last step on the "removing spyware" thread. The one that is run whenever nothing else works. I won't be able to do anything until tomorrow since most of my day was spent in a car today, and I need to do some more schoolwork. 

So away we go! I can't wait to see what we do next. 
God bless you and yours
Deb


----------



## WhyNot

Okay...I'm going to look up some more things but when you have a minute....follow this link and see if going through your addons and disabling any that seem like advertisementware help you.

There are a few programs I can suggest, I have some things to do myself tonight so after a while I'll check over the spyware removal post and see what might best fit your situation...I don't have that post memorized.

But when you have a minute read this page and see if disabling the addons helps...if there are any...then we will know what to look for to uninstall.

Your scans shouldn't be taking that long so I think also we need to get a program best fit for you (a free one) that is going to clean out all that crud and best optimise your Windows Vista.

I'm seeing ads all over my news feed or timeline. How do I remove them? - Facebook Help Centre | Facebook

I have a few calls to make but after that, even if you haven't had time to look at and do the above, I'll come up with an action plan for ya


----------



## WhyNot

Is that trojan that it keeps finding and taking off the same one from before? The Rogue? Whether it is or not, we probably will have to go back to safe mode for that...but we are going to do this first...because you probably have some junk on there that keeps downloading the trojan. So between getting rid of your adware and toolbars and cleaning it up, then we should get to a spot that allows permanent removal. But it sounds like your computer just keeps reinfecting itself. Luckily, it's not all that serious..more like annoying.

ok here we go....

Go here CCleaner - PC Optimization and Cleaning - Free Download

In the middle you will see a program called CCleaner, this is a program that will help us clear up the rest of your overloaded cooties and also will help us uninstall some of the addons you have a little bit better than the add/remove programs does.

In the middle under the description of CCleaner there will be a green download button. Click that baby. You will have a page with a chart on it. You want the left column and on the bottom where it says Download from:, select FileHippo.com.

When you get to filehippo, over on the right there will be a square green button with a down arrow on it, click where it says Dowload Latest Version.

When the bar shows up and asks if you want to run or save it, select Save As, usually by clicking the down arrow by the word save, you can select save as....keep the name the same, just make sure you make note of where it is going so you can find it again...if you aren't sure if you are going to be able to find it again, tell it to save to the desktop.

Run the program and install it.

Once you run it the first time, it's going to show you a webstite for the release notes...just close it. On your screen there will be a window that says "Intelligently scan for cookies to keep?" USUALLY we say yes...right now for you we will say no though.

When the main program is open you will see a column on the left in the main window with two tabs on it. The Windows Tab is what will be showing by default. There is another tab titled Applications...I would like for you to click on the applications tab...and I would like for you to send me a list, either in a public post or in PM...whichever you are more comfortable with...with every single program on that Applications list that has a check mark next to it.

Go back to the Windows tab by clicking on it:
Leave everything how it is checked and we are going to add one more check...scroll down in that column and under Advanced click in the box next to "Old Prefetch Data" Then click the button on the bottom that says Analyze.

For you, this is going to take probably a long time. Let it run. When it is done it will give you a report...but it hasn't actually done anything yet...then select the button Run Cleaner...this is going to get rid of everything it found....which probably is going to be a lot. And it will also probably take quite a while.

After it is done, close the program and restart your computer.

What you have just done here is 1. Furnished me with list of some of your programs so I can get an idea of what else might be going on with your system and 2. Just weeded out most if not all of your cooties.*

There is more we can do with this program, but I'd like to wait until you have given me that list and also so we see the results of the facebook link I gave you and to find out what addons you ended up disabling. 

*When I say computer cooties I just mean junk


----------



## Hears The Water

Ok, I will start working on the big, long scan here in a bit. 

As far as the add-ons. Below is a list of the ones that I took off, but there are still some that I am not sure about but left alone just in case. 
Took off:
Coupons Inc, coupon printer (2 of these)
IGN Download Manager Plug In
Nexon Game Controller
Pando Web Plug In
Real JukeBox Plug in
Real Networks Chrome Background Plug In
Silverlight Plug In


The ones I am not sure of:
QuickTime plug in
Real Player Plugs in (there are 3 of those)
Shockwave Flash
Windows presentation

I know to keep the plug ins for the things I want, like Google EArth, Facebook, Java, etc. It was those 7 above that I am just not sure of. 

Did I do it right?
God bless you and yours
Deb


----------



## WhyNot

There is no right or wrong here _technically_, so you did just fine, Deb.

The best thing about plug ins, if you need them, it's easy enough to get them again because wherever you visit that needs one will download the newest version of it.

Technically you may have wanted to keep Silverlight...but it will just download again the first time you need it or, more likely, the next windows update that goes on. Nothing to worry about.

In fact, the ones that you kept because you weren't sure about...the same thing goes for them...if you need them again at some point, wherever you are at will prompt you to download them, and they will be the newest versions.

Sometimes, it's good to dump all of our addons once in a while just so that the ones that might be old or maybe they installed a bit off, but not off enough to cause an apprent issue.

So you can keep them or leave them....but at some point here...if we continue on and you are still having browser issues, I may suggest that you dump all of them...even the ones you want to have, because it could be that they got all wonky due to your other spyware/adware situation(s).

However, you don't need to dump them now.

Ya done good, Lady!


----------



## Hears The Water

Thank you. 

Ok, so I did the other thing you suggested. I thought that it would take the rest of the day, but surprisingly enough, it went fairly fast. Here is the list that you requested. 

Firefox:
Internet Cache
Internet History
Cookies
Download History
Session

Google Chrome:
Internet Cache
Internet History
Cookies
Download History
Session

Applications:
Adobe Acrobat 10.0
Adobe Acrobat 8.0
Adobe Acrobat 9.0
Adobe Reader 10.0
Google Earth
McAfee Antivirus
MS Office Picture Manager
Office 2007

Internet:
Audacity
Skype
Yahoo Toolbar

Multimedia:
Adobe Flash Player
Macromedia Shockwave 10
Macromedia Shockwave 11
Media Player Classic
Microsoft Silverlight
Quick Time Player
Quick Time Cache
Real Player 15
Real Player SP
Windows Media Player
Windows Media Certa

Utilities:
Avast! Antivirus 6
AVG Antivirus 9.0
Super Anti Spyware
Windows ?efrda? (can't read my handwriting)

Windows:
MS Management Console
MS Paint
MS Search
Reg Edit (Registry or Regular? again with the handwriting)

I don't understand why there are so many antiviruses on there. I know I removed the AVG, and I thought that I removed the McAfee. In any case, here is the list.


----------



## WhyNot

List of AVG remover tools from AVG. If you need help determining which tool for which version and windows version, let me know.

AVG | Download tools and utilities

Mcafee removal tool...it is NOT the big blue download button...read the text...there is a download link 

McAfee Removal Tool - McAfee Uninstaller


yeah we need to get rid of the anti virus that are installed but you are not using.


----------



## Kung

*slides in like Kramer*

Looks like I got here in time to...oh....well, I guess you guys got it taken care of. 

Seriously, I've been reading over the thread, but we're in the middle of a number of initiatives on our base:

- implementing hibernation
- " " Bitlocker
- enabling 802.1x

and so on and so forth...and I've lost 3 or 4 lbs just doing my normal work. LOL Between that, CrossFit, my 2 college classes and a foundation repair on my house, I've been a TAD busy.


----------



## Hears The Water

Kung, thanks for that mental image! LOL
God bless you and yours
Deb


----------



## WhyNot

Kung said:


> *slides in like Kramer*
> 
> Between that, CrossFit, my 2 college classes and a foundation repair on my house, I've been a TAD busy.


Geez, Boss, that's quite a bit. I've got a week or so yet before I start a new position so thought I'd jump in somewhere.

I wish I could slide in like Kramer. *pout*


----------



## Kung

WhyNot said:


> Geez, Boss, that's quite a bit. I've got a week or so yet before I start a new position so thought I'd jump in somewhere.
> 
> I wish I could slide in like Kramer. *pout*


And that's not even a fourth of what we're dealing with. I spent a ton of time solving a 'disappearing DVD-ROM player' problem that occurred in conjunction with hibernating PCs over the last few days. 

I suspected it was SATA/AHCI based; a buddy confirmed it when he said all the cases he'd seen were computers that appeared to use the same chipset.

The whole problem was the fact that the SATA/AHCI drivers loaded were what we call the 'good enough' drivers - the standard vanilla Microsoft substitute drivers. In some cases, their drivers work fine, and are even preferable to the manufacturer's drivers.

NOT the case with AHCI/SATA drivers. The drivers are six YEARS old......and we discovered that they do NOT like hibernation. (Even though they were supposedly "HP certified." )

I found out the chipset (AMD 785G), found the specific AHCI/SATA driver, updated that driver, rebooted, and now it can hibernate and come out of hibernation all day long with no problems. Our organization was just about to ask Microsoft for an onsite technical assist...so considering that's now taken care of - as well as another problem I solved involving our HIPS software and an error that completely prevented logging onto any system - I've got a bit more geek cred today. :l33t:


----------



## WhyNot

LOL...wheeew! Get it all out, sweety. Funny that HP doesn't have that issue documented by now...Dell has a hibernation/driver/chipset issue like that as well...erm..well at least ONE that I know about...probably more. Glad you got it all sorted, sounds hectic for sure. I'm cringing at what I am about to walk into with this new company...but I don't run from challenges, whether people or machines so it should be interesting. I still have a week or so to prepare...but sometimes it doesn't matter how much prep ya got.

*Deb*,
I'm going to be relocating myself to ...well..where I am going...it will take a few days but I will check in and keep up with ya.


----------



## Hears The Water

Why Not, that actually sounds good since I have a paper due tomorrow that I haven't even started writing, going to be out of town on Friday and busy over the weekend. My adult son will be out of town and I am "black bagging" his room. He was warned. Bwahahahaha. All that to say, I am going to be busy for a few days, too. I will check back in when I am ready to start all of this again. 
Thank you so much for your help. My computer is better, not perfect, but better. 
God bless you and yours
Deb


----------



## ceresone

i think the smartest, and nicest people in the world are on HT. Thanks for all the help thats been given me over the years too.
Good luck, Deb.


----------

