Are you struggling to figure out if a file listed in FreeFixer's File Database is malware or a legitimate file that you want to keep on your computer? Hopefully this guide will help you:
Let's look at firefox.exe, which is a legitimate file, and compare it to olhrwef.exe which is malware. These two files are great candidates for typical legitimate and malware behaviour:
firefox.exe was added to FreeFixer's database on the 30 Mar 2009. The most recent search for this file was done on 30 Mar 2009. firefox.exe is located in the 'C:\Program Files\Mozilla Firefox\' folder and has a size of 307704 bytes.
So far there has been 2 searches for firefox.exe.
olhrwef.exe was added to FreeFixer's database on the 13 Mar 2009. The most recent search for this file was done on 13 Mar 2009. olhrwef.exe is located in the 'C:\WINDOWS\system32\' folder and has a size of 106199 bytes.
So far there has been 1 search for olhrwef.exe.
File names and folder information is what appears on top for each file in the file database. Legitimate software developers give their files meaningful names that users recognize, while many malware programs use names that seems to be a number of randomized letters. Malware use this technique to avoid detection based on filenames. Legitimate programs are in most cases installed under 'C:\Program Files\', while malware has a tendency to end up in the Windows system directory 'C:\WINDOWS\system32\'. Please keep in might that there is nothing that prevent a malware author from giving their files meaningful names, or even the same name as another legitimate file.
Now, let's have a look at the version information for firefox.exe and olhrwef.exe:
The following is the available information for firefox.exe:
Property | Value |
---|---|
Product name | Firefox |
Company name | Mozilla Corporation |
File description | Firefox |
Internal name | Firefox |
Original filename | firefox.exe |
Legal copyright | ©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable. |
Legal trademark | Firefox is a Trademark of The Mozilla Foundation. |
Product version | 3.0.8 |
File version | 1.9.0.8 |
This file does not have any version or vendor information.
The vast majority of legitimate software developers take the time to fill in the version and vendor data for each file in their product, which the developers of Firefox have done. Version information is missing for olhrwef.exe, which I would say is typical malware behaviour. But keep in mind that there is nothing that stops a malware author from adding version information that seems legitimate. Also keep in mind that there are a few cases where legitimate software is missing version information.
This file has a valid digital signature.
Property | Value |
---|---|
Signer name | Mozilla Corporation |
Certificate issuer name | Thawte Code Signing CA |
Certificate serial number | 1ee2bfb90ae659c80cb7ea4c606ff03e |
This file is not signed.
The digital signature is a great tool for determining if a file is legitimate. Nowadays many of the big software publishers, such as Microsoft, Adobe and Google are signing their files. firefox.exe has a valid digital signature, which means that firefox.exe files comes from the company/person listed as "Signer name", in this case the Mozilla Corporation. A valid digital signature also implies that no one has manipulated the file in any way. The absence of a digital signature does however not imply that the file is malicious. Many small scale software developers, like myself, does not yet sign files.
Now you should have a pretty good idea if the file on your computer is legitimate of malware, but there is more you can do:
There are a few great free online services that will scan suspicious files. I highly recommend using these online scanners to further investigate the files on your computer. These scanners will run the file through a big number of anti-virus engines:
Well, now you have loads of information to determine if that file on your computer is malware or legitimate.
Me and all other FreeFixer users would greatly appreciate if you share your findings by posting comments or voting on the
keep /
remove
polls for each file you investigate. Thank you!
I found your web site very informative and much easier to understand than other sites,it is also straight forward and to the point. thanks I WILL recommend it to others in need. thanks again Craig
# 26 May 2009, 4:07
Hi i need to download keenfinder.exe because every time i open my computer an error box appears saying keenfinder.exe not found. Please help me to fix this. Thanks
# 6 Jun 2009, 7:01
Thank you for the labor of love that you have invested in this very informative, clear and understandable site. You answered my need. I am very grateful.
I live only by the grace of GOD in His Beloved Son JESUS who came into the world to save sinners, even tjhe worst. Praise be to HIM forever.
Jim Vermillion
# 5 Aug 2009, 11:54
THANKS for your helpful website! I'm not sure about a file named ld12 that just began appearing as an error as I was shutting down my pc yesterday, and again this a.m., after an Avast antivirus update was installed. The error made me wonder what this file (new to me) was for so searched Google and found your review. I deleted it and now hope it isn't one I may need somewhere. Does anyone have info on it, or suggestions of where else to look?
# 19 Aug 2009, 8:21
Your website gets 5 *'s from me. I can actually understand what your talking about. This is going on my favorites list. I would put it in my google bookmarks, but for some reason my booksmarks and my form filler disappear everytime I download the google toolbar. I even made google my homepage, but those two things are gone.
# 29 Aug 2009, 16:19
Hello folks and thanks to the person who brought that information to all of us. Here is my question. I am using Webroot spy sweeper for cleaning viruses and other harmful n suspicous files. So far i am so happy about the work of that small and not that famous anti-viruses program. However recently i don't know how but i catch on my pc an adware which pops up so many different advertisments which kill the speed of my pc. So when i ran the program it finds that adware but when i put in quaranteen i still receive those pops up advertisments. Hope you can give me some advices which program will it help me because i have tried the famous anti-viruses programs and i end with the conclusion that there is no any anti-viruses program which can find all of the harmful files and viruses.
Thanks for you help and advices
# 29 Aug 2009, 16:43
Pchopat
try http://www.malwarebytes.org
hope this helps your situation.
# 29 Aug 2009, 17:57
Your wonderful site has now been bookmarked...wonderful clear information that actually answers my questions..Refreshing!! Thanks
# 1 Sep 2009, 5:06
seems pretty good so far i will test it further. also good is old macdonalds farm auto eater and spybot search and destroy both free programs ... the auto eater stops the malware from executing .. spybot is not good at removing all malware
# 7 Nov 2009, 18:16
i am having the error of MSVMCLS64.exe what is this and why do it occur?
having problem.
thanks
# 10 Dec 2009, 2:41
is yahooservice.AU a virus? or will it Block me from going in my E-mail if I block access?
# 14 Dec 2009, 2:28
My virus software has told me that I have an infected file c:\windows/system32/sshnas.dll. I cannot find this file anywhere. Is it a legitimate file that is infected or a malware file?
# 20 Dec 2009, 14:45
I just happened to be cleaning out my Temp folder when I came across several files that I didn't recognize. This site provided information on the files in question in a way that was clear. I was able to feel comfortable with my decision to delete the files.
Thanks for providing this service.
# 18 Feb 2010, 12:14
I appreciate your page on legetimate vs malware, and I did learn a few things, but I am still stuck with the same question-to remove sfc_os.dll or not. My Mcafee calls it possibly unwanted- possible password stealer. but the last time I removed a dll file, I killed my C drive. FREAKIN'OUT!
# 22 Mar 2010, 15:03
To Roger Karlsson, thank you very much for your reply. I will give that a try. I really appreciate it. Thanks.
# 23 Mar 2010, 17:27
I get a Fatal Execusion Engine Error (Ox7927f26e)as soon as I turn my comp. on. How do I get rid of this?
# 27 Mar 2010, 13:05
To Roger Karlsson, hi, I took your advice and uploaded 2 suspect files to virus total, and I recieved the following 1)W32/Patched.F!tr and 2)Disabled system File Check DLL. I don't know what they mean, but I don't think it sounds very good. Any ideas- Please. Thanks.
# 29 Mar 2010, 13:10
To Roger Karlsson: I don't mean to waist your time with stupid questions, but I recieved an email with the results from virus total, I don't know what you mean by the links?
Sorry, but thanks.(I'm not very computer-savvy).
# 31 Mar 2010, 8:28
thanks for a great friendly site. i just got 'Security Tool' virus in my machine and believe me it is a very unwelcome visitor and extremely difficult to get rid of.
# 7 Apr 2010, 6:04
I'm getting a Missing library file notice for "cryptscruntime.dll" every time I boot my Win7 machine. This file was deleted by my CalmWin antivirus since it was flagged as a threat. Any ideas?
# 7 Apr 2010, 6:32
I keep getting a warning message that tells me that ie3sh application has stopped working, what is this?
# 9 Apr 2010, 8:12
Hi Roger, I am wrestling with a virus problem at the moment and just found your site. It looks like a breath of fresh air to me - straightforward and accessible to us non-techies.
Will report how I get on! Rick
# 9 Apr 2010, 19:44
ROGER !!! You are a GOD SEND !! This is the best site I have come across in regard to viruses,ad/spyware,and detailed PC trouble shooting. You are AMAZING !! You explain the info so concisely and clearly that even a Caveman can do it !!! Ha Ha!!
Thank you for all your hard work in keeping this site available. I will be donating in the future....( need to wait for next paycheck...)
With Much Appreciation,
MARY*
PS: I am sending this site to all my friends!!
# 2 May 2010, 10:59
when i start my pc, a text-box appear inwhich it is written that DLL run as an app,windows has some problems with it. Plz, tell me about this problem.Another problem is that my pc does not eject the pendrive. when i tried to eject the pen drive, it always said that it is used by another program
# 14 Jan 2011, 7:41
bonjour j'ai un disfonctionnement dans windows microsoft
il me marque OUCore.exe windows a trouvé un problème mais ne me donne pas de réponse pour le réparer merci pour votre aide je ne suis pas une spécialiste en informatique
# 6 Feb 2011, 3:56
Hey, Free Fixer, where do I send my donation? Your website is awesome. Thanks and keep up the great work.
# 20 Mar 2011, 9:08
thank you verymuch for ALL your info, it was so very helpful, easy to read & understand. I will definately tell everyone!
# 21 May 2011, 14:50
Great Site! Thanks! Now, can you tell me what happened to Post-it Pal?
# 20 Sep 2011, 3:32
Congratulations on such an interesting website. My apologies in advance for my total ignorance on the issue of adware, malware, spyware and all those critters planted on the web. The answers offered here seem a bit ambiguous to the point that leaves me with the enormous question of what to do. Scott's case is the same I have: sfc_os.dll. The last time I ventured to delete files suggested by a review of Hijack Emsisoft cost me to reinstall the operating system and some days not dedicate to my work..
If you could be so kind and tell me exactly what I do based on the VirusTotal report here the link:
http://www.virustotal.com/file-scan/report.html?id=d55f4984bd5c619fa1af495f03577d60029968aec56b94ae185722262a0cc8de-1316840198
For the attention you kindly give to my request, I am very grateful
# 23 Sep 2011, 23:16
I agree with the fact that this is very understandable haven't tried any suggestions yet will let you know
# 11 Oct 2011, 8:26
Hello Roger,
I have registry errors on my mother's laptop that I am trying to correct. My sister told me of a legitimate virus protection site to download a free trial, Kaspersky, but while downloading their virus scanning system, I received this message: 9798428.exe - Unable To Locate Component This application has failed to start, because FLTLIB.DLL was not found. Re-installing the application may fix this problem. Please help I borrowed my mother's computer and would like to fix this for her. I need help as I have spent almost 1-week trying to fix this issue. One omitted registry or defect sends me from one place to another, and I have absolutely NO idea, if these sites are legitimate! I believed this computer got these registry errors that have corrupted the harddrive when the old Norton protection expired, and these problems will not let me download any protection. And Firefox keeps sending me messages that it keeps crashing. Can you help me fix this re-installation problem, so that I can download protection. I've gone to microsoft downloads, but things can get complex. I have found www.DLL-files.com, but when I tried to download I rcv'd a message of its legitimacy. I sincerely NEED to fix this to help run my business, until I receive my own computer.
Sincerely,
Need Sleep (Help!)
# 4 Feb 2012, 23:42
Hej Roger,
Jag har inte kollat min pc (malware!)med "freefixer.com" annu. Men jag har STORA forhoppningar, att jag kan fixa pc fran att "boot" upp sa langsamt!
To be continued!
# 1 Apr 2012, 12:47
i have a 64bit dell running vista .. my flash player crashed and i can't find a compatable one to replace it .. any ideas?
# 30 Apr 2012, 15:37
It was easy to understand, as I am about as unknowledgeable about this type of thing as a cat!
I ran it, but I never did find anything about the "LxrAutorun" that appeared on my PC....however I'll keep trying.
I am thankful for people as yourself who care about others and try to help. Ben
# 6 Oct 2012, 11:29
HI: I have been researching this DTUPDATE.EXE and so far nobody knows anything? Thats pretty amazing? So, I guess I'll try AVG as my firewall alert window asks me to confirm it but only because its not in my list of safe networks? Well if you can't help with that, maybe you can try telling me, why do I "Frequently get a popup window to download I.E.8, when in my list of software programs I am using I.E.8? Why is I.E. server always telling me I'm not running it already? NOW, that really is weird. Thank you and I hope you'll help.
# 10 Oct 2012, 14:43
Windows File Protection wants the Windows Professional CD. This is a used computer that was not accompanied by any CDs. I'm trying to follow your suggestion to run sfc /scannow, but I cannot exit the program and I do not have any CDs to give it. I have to unplug the computer to get out of it. All because I downloaded Firefox. I got the DATAMN~I.EXE after I left the computer on overnight, the first time after getting Firefox. I always leave it on...
# 24 Oct 2012, 9:46
THANKS FOR THE INFO ON THE FILE YOUR SCANNERS WERE VERY HELPFULL IN MAKING ME FEEL BETTER THAT THIS FILE WASN'T MALWARE. AGAIN THINK YOU.
# 23 Jan 2013, 0:47
Roger,
The file "C: Program Files (x86) OApps\SelectionLink dll." is missing. DoI need to replace it? If so how?
Thank you
Gus
# 12 Jun 2013, 15:55
certificate details: Not reachable.
To me it is Malware, until proves otherwise.
# 12 Nov 2013, 14:34
My PC ist invaded by DO SEARCHES. Have erased Mozilla Firefox and Google Chrome.In Internet explorer I was unsuccessful...I can not get rid,you can erase it but it will come up again ! I am searching for HELP.
# 19 Nov 2013, 16:03
i was more looking for an answer explaining how widevinecdmadapter.dll was loaded onto my computer without my permission
# 26 Nov 2013, 12:26
When I log on I get this error message:
Windows is missing file
C:\Users\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
Is this file necessary? If so how do I load it?
Thanks for your help, Morris Fox
# 29 Nov 2013, 9:49
REF: S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433
File version: 16.4.4406.1205
Microsoft.windowscommunicationsapps_16.4.4406.1205_x64_8wekyb328bbwe
Shared: bici.dll, bici.xml
Feature: "DynamicConfiguration"
Replicator (https://g.live.com/lrecfg/md?!/~Live.ConfigServer.ModernMetadata
In SECURITY this is shown as UNKNOWN APPLICATION. However it appears impossible to delete it.
My NETWORK SECURITY MAP (Norton 360) keeps showing unknown computers - all unknown. Most IPs appear to be Virgin Media customers but two regular are 'unidentified protected networks' with IP info totally untraceable.
Norton 360 is not identifying any problem but the version handling the virus protection and scans is not the version I purchased.
Could my SYSTEM have been hijacked? Any ideas as to what I should do. Thank you for any help.
Zolushka
# 24 Dec 2013, 3:42
some junk from microsoft is junk and makes my mechine crash or over work system(spy ware)can't stand the madness
# 6 Feb 2014, 13:03
I love this site. I'm telling everyone I know about it.
*Actually I am searching for answers to two problems. The first being an error I receive stating a problem starting backgound container.dll. It is related to "Conduit" which I am not familiar with. How can I get rid of this error?
My 2nd question is related to my screen. The left half has a normal appearance, brightness, etc., but the right half is shaded and although you can still read text, etc it puzzles me as to whether this is a hardware issue or if I have a virus which is causing it. When I hook to external monitor, the problem goes away. Please help if you can.
# 6 Mar 2014, 19:08
You are an honest help provider. Your business will well blessed and grow strong and on good footing. I will proceed to use the clear cut information passed on to me. God bless you.
# 7 Mar 2014, 6:48
I am not blaming you but I still don't get what the messageIType,Exe has stopped working means. I am not a computer geek and don't know what to do about it. It comes up evertime I go on the net then disappears. I am on Vista and I use Explorer as my browser. Does it have a purpose or? if it is eliminated will I lose something?
# 15 Mar 2014, 14:01
when i open the computer.it shows disk checking,finally recoving the word is non stop running.if i not giving disk checking it show in notification mystart anti pishing corrupt file.
# 8 Apr 2014, 23:27
no puedo iniciar mi computadora dice un mensage que necesito el archivo sl2.dll que lo instale y lo vuelva a intentar alguien me puede ayudar
# 26 May 2014, 13:17
is the remove Malware-free program below a legit File im leary to download it,what say you? any info would be greatly appreciated,sincerly Paul v Hyland, please feel free to respond to my email for me,on this peice o' shit.
# 2 Jun 2014, 22:52
This website is useless. I came to find information about LMI_RESCUE_SERV.EXE.
Is it malware? How to remove it?
This website talks a lot about it but says nothing about what it is, if it is malware, or how ro remove it.
# 20 Jul 2014, 15:11
You have a wonderful informative site, hoping you can and will help me too. the following msg comes up
C:\Progra~1\Common~1\System\SysMenu.dll
Do i need this if so where can i get it. My computer is win 7
hp and when i leave my computer up and come back with in 15 min or longer it will not come back up i have to hard boot and then it runs thru all the dll files and come back up.
# 12 Aug 2014, 22:51
You have a wonderful informative site, hoping you can and will help me too. the following msg comes up
C:\Progra~1\Common~1\System\SysMenu.dll
Do i need this if so where can i get it. My computer is win 7
hp and when i leave my computer up and come back with in 15 min or longer it will not come back up i have to hard boot and then it runs thru all the dll files and come back up.
# 12 Aug 2014, 22:52
I have clickfree on windows 8.1 installed on new Toshiba pc.
AVG continually pops a window to say Threat found Win323/DH{gRHBEQOEuE3E}\clickfreeSoftware\BoxSoftware\SacReinder.exe
Can you please tell me what to do.
Thank you Polly
# 15 Aug 2014, 20:11
Hi just want to know about dock bar keeps coming up stopped working ,do I need this in my computer, if not how do I remove same many thanks Sue.
# 30 Nov 2014, 5:46
So my security has had to protect my computer from smdmfservice.exe, five or more times now, and it is saying it is a high risk. Would deleting this file do anything to my computer? I honestly don't need my computer crashing, cause it is only a couple months old.
# 19 Dec 2014, 8:05
Hi, Roger I have been reading the questions and answers, but have not seen anything related to my issue. Periodically a message shows up as follows: "Status Monitor Application has stopped working". I looked it up on google and I discovered that has to do with devices and printers. I have a Brother MFC 736ON Laser printer and I believe this is what the message alludes to. However, I have no idea what to do to fix the issue. can you help? Btw I recently purchased Malwarebytes Anti-Malware software, but I think this message was appearing before that.
# 10 Jan 2015, 7:15
e-mail with virus attachment detected by Kaspersky. Not opened but seemingly activated and these are coming quite regularly from apparent different sources. Removed by Kaspersky but now have message every time computer is booted; "can't run application because MOUDL31A.DLL is missing". How to stop this message appearing would be useful. Any ideas?
John Kaye
# 20 Jan 2015, 4:14
Yes; mouse32a(dot)exe. I see that it could be quite safe but suspect it may be a screen logger as Kaspersky identified it in an e-mail and removed the DLL file and my wireless mouse and keyboard are still working.
# 24 Jan 2015, 9:29
I don't know if this really deleted pmropn.exe or not, but here is how I did it: I searched my computer for it, right clicked and from the pop up window I selected "delete." Like I said, not sure it is gone but it isn't showing up anymore.
# 1 Mar 2015, 16:11
i cant paly dayz because i have started geting this error pop up can you help me c:/windows/syswow64/plsapp.dll
# 3 Apr 2015, 15:22
Hi Roger,
First of all, all my gratitude and congrats for this generous and helpful website. Going to the point...
1.- After running SFC /SCANNOW this similar message appeared:
"Some errors not repaired; check CBS.LOG file for further data"
2.- Editing/reviewing CBS.LOG I discovered something wrong with SYSTEMSETTINGS.EXE.MUI file; summarizing the error:
this file is located into two different folders, both within C:\Windows\..., and there are mismatches between them.
3.- Could you please guide me on how trying to solve this issue?
Thank you
# 4 Apr 2015, 15:39
Thanks much for the information. Not only helps with the standby.exe file but with others I have encountered. I have removed it from my system. Thanks for the online scanner information.
# 18 Apr 2015, 17:01
does it affect my current antivirus on my computer?
# 20 Apr 2015, 21:17
thank you for providing such a easy to understand help site
# 3 May 2015, 22:29
Brilliant website along with the freefixer software, I only found it recently, I wish I had known about it years ago. So easy to use and does nothing unless you want it to, much better than other apps which delete things automatically. Have already sorted out PCs for two friends with badly affected machines
# 6 May 2015, 5:12
If I delete malware 3.4.3_40298.exe from bit torrent - torrenting com etc, will it effect the use of the site? I still like the site - but - I've had some issues that are reallly sneeeeaky. Also, Malwarebytes, also a cleverbridge company, detected this program as outbound malicious - yet after running a full scan? Not a darn thing was present as malicious - rather, that needed to be quarantined. Please advise as what to do here -
# 16 May 2015, 14:15
If I delete malware 3.4.3_40298.exe from bit torrent - torrenting com etc, will it effect the use of the site? I still like the site - but - I've had some issues that are reallly sneeeeaky. Also, Malwarebytes, also a cleverbridge company, detected this program as outbound malicious - yet after running a full scan? Not a darn thing was present as malicious - rather, that needed to be quarantined. Please advise as what to do here -
# 16 May 2015, 14:18
Jeg har en fil på min bærbare computer, der hedder host app service pokki
Og jeg har nogle problemer med at lukke internettet ned, er der en sammenhæng til ovennævnte fil? Skal jeg bare slette den?
Knus fra en lidt uøvet bruger
Jane
# 13 Jun 2015, 2:36
HI,I RECEIVE THE SEARCHBASE POPUP EVERYTIME I SWITCH MY COMPUTER ON. IT SAYS SEARCHBASE ENCOUNTERED A PROBLEM AND NEED TO CLOSE.I NEED TO REMOVE OR CLOSE IT.PLEASE MAIL ME AT diaslegal@mweb.co.za; THANKS, David
# 24 Jun 2015, 5:52
My last apparent usage was several yrs ago so deletion is my
next step
# 13 Jul 2015, 19:59
I run windows 7 and surf IE. Can you steer me to a clue as to why some of my favorite favorites stop working?
# 2 Aug 2015, 13:18
every since i tried to up grade to windows10 i have been getin pop up sayin need to back up all info hard drive is bad but only apperred after the 4rth time of failing to install all the wayi went and finally found it its called DFDWiz and when comparded with the right way the sisciption should look there are some differences like there was things out of order and things that didnt match like file dissciption one i got says DFDWiz.exe and not DFDWiz.exe.mul so what do i do delete or keep i would think malwear if someone could help u would owe you one .
# 16 Aug 2015, 10:09
unresponsive favourites are in IE-I see no errors. just click and....nothing happens. Fishy enough to make me wonder if somethings up.
# 18 Aug 2015, 17:18
ever since i got the windows 10 ive been having problems with my laptop. i have some malware on it and im not sure if it was from before windows 10, but among my problems i have mant versions of "cuttheprice" putting extentions on my web browsers, i did however find them in my laptop under windows (C:) but i have "internetpirt3" that is giving me some trouble, i have no clue what it is but it put more malware and what not on my laptop... i also let one of my family members use my laptop and they downloaded movies off of some movie download whatever. torrents or what not. im sure that has alot to do with it as well. does anyone have any clue? i really dont have the money to spend to take it to some computer tech o buy subscriptions for anti malware stuff.
# 25 Sep 2015, 21:07
I am not really good at computers...........however, yours is the first sight that explains everything very understandably! It is a really unique sight , thankyou immencely........bill rice
# 7 Oct 2015, 15:10
Greetings! Last week I started getting the following RunDLL error message box at startup:
"There was a problem starting C:\User\%username%\AppData\Local\Video Ball\zBin\VideoBall.dll"
The specified module could not be found"
Computer is running Kaspersky in the Detailed Reports/Application Control section reads:
Application added to the Low Restricted group;C:\Users\%username%\AppData\Local\Video Ball\zBin\VideoBall.dll;
on 11/20/2015 16:32:46
There is a Video Ball program (by Junimong Corp) listed in the control panel's list of programs. Looks like it got installed on the same date as my Windows 10 upgrade installation. Every attempt to uninstall it produces the same RunDLL error as above.
I've tried searching for Video Ball, Junimong Corp, nothing relevant appears.
It looks like Kaspersky made the .dll unaccessible or I may have inadvertently deleted it.
This problem started last week after I mistakenly allowed a program to download which also had malware/adware which attacked my computer with every browser I opened. So it's possible during my attempts to remove suspect files I may have removed the required registry file.
Did the Video Ball get downloaded with Windows 10?
What is Video Ball?
Where/How can I get the missing VideoBall.dll file?
Please Help!
Thank you to all for your help
# 1 Dec 2015, 21:59
bsdriver.sys is a nasty virus/trojan horse program, that creates ads, etc. It is as far as I tried not removeable on anyway, even not with administrator rights in windows 10! Even Freefixer can´t remove it, with reply: Access denied. Error code: 5.
So the problem is still in my computer at C:\windows\system32\drivers}bsdriver.sys
# 27 Dec 2015, 7:48
Your site seems the best for clear understandable information on problems with our computers, that confound us, however, It puzzles me that absolutely no one can tell us what XPATLCOM.dll is, or what it actually does? my Norton 360 on my Satellite laptop with windows 8.1 shows it was found, and was downloaded 2 days ago, but gives no more info, bad good or ugly. I seems that someone somewhere should have at least some information about what it is for, or why its there. If we cannot determine if it is malware, perhaps someone knows what it could relate to, or what function it could possibly have? If it could not possibly have some needed function, then I will get rid of it. but I frankly hate windows 7,8, and the key logging, Orwellian, 10, they are both designed to force us into using against our will. They give us no System Disk, no info and no way to determine what's happening on our own computers, or to deal with it ourselves, and Microsoft seems poor at dealing with it. Additionally they block us from booting from other media, in an attempt to repair things that do often go wrong in these systems.
# 6 Feb 2016, 9:25
why can't the software companies put something in place to show which file belongs to which program? It's the same with the virus programs, it throws up a named file that it does not recognise and asks whether I want to allow, or, block. If it told people what program it is from, it would save a lot of time.
# 7 Mar 2016, 3:02
Thanks for providing this forum to help the IT community better understand and resolve issues. Great!!! I have a number of issues on my Window7 HP but I'll start with this one...
What is comsurrogate? I have an account on my PC that when used, several instances of comsurrogate launch and more instances continue to launch. I would end each process from the Task Manager but another starts up and starts eating memory. I had to create a new account. So far, comsurrogate hasn't resurfaced after several months; I avoid using that account. Any ideas?
# 22 Mar 2016, 4:03
Is the format package published by Qi Wang safe? It appeared on my desktop after an update and I'm not sure if it is safe.... I don't want to uninstall it if it needed to make the system run better
# 2 May 2016, 14:39
I am SO GLAD I found your website it is a source of well written information. Thank you for this.
I want to read it all before I ask a question just in case it was already addressed.I am hanging on to Win7 but I will have to give it up as Microsoft keeps trying to kill it with falsely named updates. The poor OS is in shamble.
I will be back soon.
[Merci Beaucoup]
# 2 Aug 2016, 19:36
The pest again. I have to do this over as I don't think I downloaded it right. Plus what do we do when we don't know which choice type make as I don't know anything about registries ...... so what are we supposed to say. I don't
know what to say on a lot of my errors.
I apologize if this is the wrong place to be asking these types of questions but it's not clear where we SHOULD be asking them, plus this has been a lot of work.
Warmly,
Corinne
P.S. Plus I wish we could copy and paste as there are so many things I'd like
to take notes as it's simply too time consuming to stop, type some notes and
then go back as there's so much information, it would take forever without
copying and pasting.
# 10 Aug 2016, 21:56
I've had a hard time ever since I went to Windows 10 .... I really don't like it and I know I shouldn't but I've kept part of IE11 as I didn't know stupid me that you should never change the home page in the old Internet Explorer. I always, always find this stuff out AFTER I've done something as I would always go to Google anyway but I really miss Internet Explorer 11 now plus Windows 8.1. I just might go back as I'm not technical at all and for me, Windows 10 and even 8.1 and 8 Microsoft expects us to know too much about technical things. Joe's Mother doesn't even try to do anything on the PC except email as she's 80+ years old and very smart, but this stuff is way beyond her. Plus I do resent Microsoft pretty much forcing us to get Windows 10. I would have been perfectly happy to stay with Windows XP ....... I don't know why Microsoft keeps trying to make things better as most people don't know this kind of stuff.
Thank you for your kind comment.
Warmly,
Corinne
# 12 Aug 2016, 13:28
gostei da página, porém vim em busca de uma informação(anerwut.exe) e consta que não é malicioso. escaniei minha máquina com MALWAREBYTES e ele acusou positivo.
# 1 Dec 2016, 17:36
HitmanPro identified
nvvad64v.sys as suspected malware because
The file is hidden from Windows API. This is typical for malware.
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows.
C:\WINDOWS\system32\drivers
This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
entire report in case you want more info
Properties
Name nvvad64v.sys
Location C:\WINDOWS\system32\drivers
Size 44.9 KB
Time 207.3 days ago (2016-06-09 18:09:56)
Entropy 6.4
Product NVIDIA Virtual Audio Driver
Publisher NVIDIA Corporation
Description NVIDIA Virtual Audio Driver
Version 3.40.1
Copyright (C) NVIDIA Corporation. All rights reserved.
Service nvvad_WaveExtensible
LanguageID 1033
SHA-256 D0BE8343784DDD2B7CADFC85779CC72C78D49601E9C746D13D8134CE38DD920F
Scoring (45.0)
The file is hidden from Windows API. This is typical for malware.
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\nvvad_WaveExtensible\
Maybe I'm a bit paranoid, but maybe I'm not paranoid enough (normally I solve this stuff by myself, but this file is even invisible whit "show hidden files" active
So I thought, Better safe than sorry, can you help me out?
# 2 Jan 2017, 16:46
GREETINGS ALL,
@ Corinne Larimore: Other than when buying a new Computer with Windows 10 installed, NO ONE forces anyone to install windows 10.
I HAD voluntarily installed windows 10 on my laptop and after a few weeks UNINSTALLED IT as it isn't (to ME) a good system since "some options" are unavailable for laptops.
I prefer 8.1!!
I Hope your problems are resolved.
CHEERS!!
# 8 Feb 2017, 7:12
i am trying to install Vodafone Mobile Broadband Router on computer and it keep on telling me that c:\ProgramFiles\Vodafone Mobile Broadband\Vmbnotefier.exe is not a valid Win32 application. i am using Windows XP Delux 2009 on my computer. Please help.
# 8 Feb 2017, 14:58
I was going to delete this IadHide5.dll as I've been pre-advised that anything backweb is bad, however I noticed that it times out with the ERDNT AutoBackup I made sure was still working in the background. It seems a shame if I were to work so hard on keeping a way to fix my computer of I fry it again, just to accidently delete an important part. I think maybe I ought to keep it after all.
I thank you so very much for the help with keeping my computer going. I haven't had to wipe it back to factory specifications since I downloaded your program.
Thank you again.
Keep up the good work.
Bonnie Pheil
# 3 Mar 2017, 1:01
First, I want to thank you for bringing my XP back from the PC Cemetary. I really thought it was a goner that time. (I've been using freefixer for about 2 years but that first time I was sure that this old thing had gone to PC Heaven.) A friend whose intentions were good I'm sure, put IOBit on my computer and had to leave before he was done helping me with the settings. Of course he told me just don't click the optimizer function until he get back to help me finish up. Well you know how things happen. I restarted my computer one day and the little box showed up in the corner and I don't know what I was thinking but I clicked it without thinking. Everything went out and I couldn't figure out how to fix it. In the mean time life goes on and my well intentioned friend forgot and didn't stop back in for 3 or 4 months. My CD/DVD Player was useless. Thank God My WiFi adapter came with a program disk. (I ended up putting an additional CD/DVD Player in)All my Ports were unplugged and I was hopeless concerning my XP. I really love this old thing. I still don't really understand everything about how it works or what I actually need to do to make this old thing work as well as it was manufactured to. I'm sure if I had any true idea what I was doing It really could. This poor things been through fire and flood (unfortunately all the program disks were lost in the fire. They were on the shelf and the shelf didn't make it)I've had to do at least 25 factory restores on it. A huge part of it still being capable of any functions at all is that freefixer is so easy to use. I mean, even I can use it and I'm a computer dim whit. I really just don't get it. Thanks to freefixer, even I still have a working computer. Thank You, Bonnie Pheil
# 18 May 2017, 16:52
Hi Roger
Just wanted 2 let u know that today while attempting 2 find exactly wut this (MBAE.SYS) waz, I came across ur site & started reading. I must let u know that once I finished reading ur information posted, I waz highly impressed with all that waz presented & the manner in which is waz presented. Would like u 2 know that u have just picked up another follower...(smile). And I will be tuning in 2 keep up on the latest info u post & 2 remain informed as just wut is happening in the world of cyber threatz. I would also like 4 u 2 know that while wordz r alwayz nice 2 hear & receive, wut u take time out of ur life & devote it 2 helping otherz like myself gain knowledge & understanding who r in the dark about so much highly important information,deservez 2 be shown just how much that which u do is truly appreciated, & I have decided that I will do just that. Keep ur eyez open 4 future donation frm me. Thx a million once again 4 all of ur work & sacrifice on our behalf. Keep doing that which u do, & remain safe. Peace
(SHAMIR KWAHLIF)
# 11 Dec 2017, 12:15
Bonjour j'ai un problème message d'erreur vendor APIRUN64 exe erreur d'application mon ordinateur reste en page noir après avoir mis mon mot de passe je ne sait plus quoi faire malgres mes modes sans échec ou date antérieur merci de votre réponse.
# 9 Jan 2018, 23:05
I have written twice and keep clicking out before I post. So I will write you when I get on my desktop. Great site, and thanks. Joan
# 16 Feb 2018, 5:53
Thank you for all the info - don't understand comps, but I have installed and run TOTALAV. Thank you for info. Now I will see if my comp was fixed
# 18 Mar 2018, 15:11
Hey , back some time ago I upgraded my windows 7 to windows 20 but put 10 on a clean hard drive and kept windows 7 running until just recently I decided to go ahead and use windows 10 on a new build of older but still good hardware . A msi z77a-gd65 mobo I-5 3570k cpu a couple gtx760’s in ski 750 w 80 bronze psu 16 Tb gskill R.I.P. jaw ddr3 1600 mhz ram4x4. So not a new system but plenty good still. But anyway windows 10 booted up and oil had a few little things to update and it did it’s thing . But now no matter what I try I can seem to get rid of the “ not supported this platform “ error at startup. I don’t know why it terms it like that but that’s exactly what it says in a window with a red x . What do I do to eliminate that . Otherwise it doesn’t seem to affect anything after I click on the close window box...thank you
# 5 Jan 2019, 14:34
It doesnt say how to check for this stuff, like where do i find this information for my files/programs to make sure they're legit??
# 18 Jul 2019, 8:50
Hi freefixer team,
I rarelly write any comments but this time i had to tell you how great your service is, i rarelly had all the answers i needed in ONE place and in only a fiew minutes. I am amazed! Thank you for your efforts and hard work!
# 12 Oct 2019, 16:04
On that scan with the GENERL DLL, to note, the authentic Windows file will be lowercase, the hacker file is in capitals. It's pulled up a few more in the scan. On you updated once installed look at the dates. If you've done any streaming or downloads of any files see if they have corresponding dates. It's kind of like being on Facebook or Myspace and you accept someone as a friend, then notice a flurry of ads all of a sudden, go to the person's page, then follow thru to the rest of their friends, this will lead you to the leader of the spam group. In the same fashion you can follow the file to it's originator. Understand, info can be taken or sent in a multude of ways undetected, this isn't 2950 or 60s spying. An encyclopedia of info can be sent in anyone of thousands of pixels in one photo. Nothing is truly free on the internet. If there's valid cookies and trackers do a click on you toolbar, there can be one valid tracker and hundreds of additional cookies and trackers attached to you're toolbar that you're not even aware of, nor the webpage owner. Be aware , be safe, once they grab your info you're pretty much done for. Put security on you're smartphone and know, the Adobe is the most used fashion to enter your computer and or phone. As far as browsers I'd go with DUCK GO DUCK, it erases and clears all info do it eliminates access to you're data.
# 17 Jan 2020, 2:01
I am sure it is not malware but I have to get rid of it because I almost 100% sure it is part of Easytune 6, and trying to update that Gigabyte software, it may be what is not allowing me to. So it is a get rid of and get back.
# 16 Aug 2020, 22:41
from Kaspersky Total Security
'Cannot guarantee authenticity of the domain to which an encrypted connection is being established.
Invalid name of certificate (not on allowed list or was explicitly excluded.'
That is nott exactly the sort of professional care you expect from a major Microsoft product.
# 4 Oct 2020, 22:24
Roger! Thank you so much for posting information that a layman can understand! Every time I ask Microsoft a question they answer with complicated, non-understandable for a novice to grasp info! I actually understand what you've posted, and now know if I want to allow a certain file past my Controlled Folder Access! Thanks for being there for us non-PC guys!
# 14 Dec 2020, 11:47
NPE (Norton Power Eraser) detected the file: iqvw64e.sys as a threat yesterday. It took 2 reboots to remove it. I still don't know if it's 100% legitimate because according to file.net
the risk is 24% dangerous.
# 14 Feb 2021, 23:46
@ Clearspirit: I found your post really helpful but I was wondering about a couple of the things you mentioned that concern me because I am far from being a computer whiz.
? #1) is regarding this quote from your post:
" If there's valid cookies and trackers do a click on you toolbar, there can be one valid tracker and hundreds of additional cookies and trackers attached to you're toolbar that you're not even aware of, nor the webpage owner. Be aware , be safe, once they grab your info you're pretty much done for."
Im curious about this because when I get on a website and it tells me to that they collect cookies for that website, should I not give them permission to do that? I always just click OK and move on because like I said Im no PC whiz. Am I just giving all of these different websites my information is that what cookies mean ?
? #2 regarding this comment from your post:
"Put security on you're smartphone and know, the Adobe is the most used fashion to enter your computer and or phone."
What kind of security should I put on my phone?
Is Adobe something that I shouldnt have on either my computer or phone?
Im confused about that one!
? #3) regarding this quote from your post:
"As far as browsers I'd go with DUCK GO DUCK, it erases and clears all info do it eliminates access to you're data."
I use GOOGLE CHROME or GOOGLE on my PC and on my smartphones I use these browsers as well, occasionally I might use SAFARI but 90% of the time I use GOOGLE or CHROME!
Should I not use these browsers?
Is DUCK GO DUCK available on both PC and SMARTPHONE?
# 29 Mar 2021, 12:49
@ Clearspirit: I found your post really helpful but I was wondering about a couple of the things you mentioned that concern me because I am far from being a computer whiz.
? #1) is regarding this quote from your post:
" If there's valid cookies and trackers do a click on you toolbar, there can be one valid tracker and hundreds of additional cookies and trackers attached to you're toolbar that you're not even aware of, nor the webpage owner. Be aware , be safe, once they grab your info you're pretty much done for."
Im curious about this because when I get on a website and it tells me to that they collect cookies for that website, should I not give them permission to do that? I always just click OK and move on because like I said Im no PC whiz. Am I just giving all of these different websites my information is that what cookies mean ?
? #2 regarding this comment from your post:
"Put security on you're smartphone and know, the Adobe is the most used fashion to enter your computer and or phone."
What kind of security should I put on my phone?
Is Adobe something that I shouldnt have on either my computer or phone?
Im confused about that one!
? #3) regarding this quote from your post:
"As far as browsers I'd go with DUCK GO DUCK, it erases and clears all info do it eliminates access to you're data."
I use GOOGLE CHROME or GOOGLE on my PC and on my smartphones I use these browsers as well, occasionally I might use SAFARI but 90% of the time I use GOOGLE or CHROME!
Should I not use these browsers?
Is DUCK GO DUCK available on both PC and SMARTPHONE?
# 29 Mar 2021, 12:49
@ Clearspirit: I found your post really helpful but I was wondering about a couple of the things you mentioned that concern me because I am far from being a computer whiz.
? #1) is regarding this quote from your post:
" If there's valid cookies and trackers do a click on you toolbar, there can be one valid tracker and hundreds of additional cookies and trackers attached to you're toolbar that you're not even aware of, nor the webpage owner. Be aware , be safe, once they grab your info you're pretty much done for."
Im curious about this because when I get on a website and it tells me to that they collect cookies for that website, should I not give them permission to do that? I always just click OK and move on because like I said Im no PC whiz. Am I just giving all of these different websites my information is that what cookies mean ?
? #2 regarding this comment from your post:
"Put security on you're smartphone and know, the Adobe is the most used fashion to enter your computer and or phone."
What kind of security should I put on my phone?
Is Adobe something that I shouldnt have on either my computer or phone?
Im confused about that one!
? #3) regarding this quote from your post:
"As far as browsers I'd go with DUCK GO DUCK, it erases and clears all info do it eliminates access to you're data."
I use GOOGLE CHROME or GOOGLE on my PC and on my smartphones I use these browsers as well, occasionally I might use SAFARI but 90% of the time I use GOOGLE or CHROME!
Should I not use these browsers?
Is DUCK GO DUCK available on both PC and SMARTPHONE?
# 29 Mar 2021, 12:49
Hello, its always good to see legitimate sites ran by individuals or a few regular joes with vast knowledge. If you any of you guys can offer me ANY insight i iwll be eternally grateful for any knowledge i may acquire. Us DIY Techies gotta stick together and share our knowledge among us as we acquire more and more so we may never need dependency on any bureaucratic structure such as a corp to be our PC saviors when difficult issues arise as they sometimes do in the PC world. a few months ago i was playing my mmorpg game like i always did and it began dc'ing me for no discernable reason i could detect. first day or two it was only a couple times with closer than not to 12 hours or so. then one day a few days later it dc'd me again. i relogged and made it to the character selection screen but the instant i pressed the button taht would initialize loading into the world it immediately dc'd me again. i found it would do this every time now. couldnt get into the actual gameplay whatsoever now. so i did some snooping andi found i had been attacked with crypto mining malware. whomever did it must be a better cybercriminal than your average because i could see the traces where he got into my comp via my network to install it. it was not via an active download on my part i hadnt downloaded ANYTHIng in a very long time. it hijacked administrator from me, and im pretty sure its somehow remote connected to a "business" network of his i assume because when i have a search done to bring up users for my comp it shows about 2 dozen half of which hail from my PC (I am the ONLY user both in the literal physical sense and in the microsoft user sense; that I myself had ever created on this PC ever.) i noticed that there were SEVERAL suspicious things going on in task manager such as dozens upon dozens of "services" been turned on and active several of which i was blocked from turning off or disabling at all. i can see the file locations of at least a few of the malicious files that ive found and SOME of them i was able to delete via doing the search for users in advanced permissions in properties after having it conduct the search for users to select one, then changing the ownership of the file to myself or at least my knew name he had given me some arbitrary numbers and whatnot. but the actual .exe and the several backup dlls i know are set to function as .exe's i can change the ownership of but it tells me i still dont hav epermission to delete upon trying. i have a not quite year old ryzen 7 3700x 32gb 3600 cl16(ithink) ram with a gtx 970 superclock and at least according to the many ways task manager and other hardware monitoring softwar such as hwinfo im only using about 8-10% cpu (even with modern semi demanding games in background),10-20% ram, and alost no gpu unless the game is running (i was able to access the game again after successfully deleting at least some of his installs and havent been dc'd since) which seems like it should be at least close to normal to me. one last thing i had forgotten to mention that almost as soon as i discovered i had malware that could fry my hardware from working it way too hard i tried to do a system restore but there wasnt one that went far back enough so i tried reinstalling windows. that didnt work, then i tried wiping all of my drives the proper, long way. i forget what method itw as called but it was in the menu that pops up after your comp fails to post windows twice in a row. that aslo didnt work. the malicious software remained. THEN i spent near 48 hours researching and using trial and error to finally end up getting as far as i can tell maybe about 10% of it deleted. ik i made this long but it was only in the name of providing as much detail as i possibly could come up with in this given moment of time. PLEASE if ANYONE has ANY info that MIGHT be helpful in ANY way PLZ RESPOND! Thank you, and i hope you all are blessed with a PC guardian angel to protect you from any and all cyber attacks. those people are scourge, but you guys are genuine PC nerds of your own volition! if we all work together we can all divulge enough knowledge between us all to make cyber criminals like that irrelevant. thank you for your time. also since i may end up forgetting about this for longer than id like i hope it is ok if i leave my email address: plz contact me with any info you may have. notanygoodnames@gmail.com
thanks again
# 16 Mar 2022, 7:29
p.s. i forgot to mention i tried 4 different anti-malware softwares specifically recommended for removgint the files i found and NONE of them even found a single threat. so.
# 16 Mar 2022, 7:30
Craig Barbre writes