Hello all; I have no idea what this means. I clicked on system restore, not intending on restoring, but to see what I had for restore points available; this is the first time in almost a year I checked this. My McAfee immediatelt flagged, what is worded like this....." C:\windows\system32\RSTRUI.exe....contains suspicious script activity." It also says " activity : the script is attempting to call the RUN method within the IWshShell3 object " Man, I'm lost on this one; does anyone have any idea if I have some sort of problem here? I should add, that my computer is running fine. I only went to check the restore points because I'll probably install the Microsoft critical updates tomorrow; as the server is very busy and slow tonight. Thanks very much ! ~Tommyo

tommyo, http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=RSTRUI.EXE It works for me D4

Thanks, Dog, very much....I've got quite a bit to read here, as I've never had to use system restore before, so I'm not very familiar with it. I don't even know how long that bad script has been there. I just noticed it tonight by clicking to see what my restore points were set to. I didn't even get into system restore, as McAfee flagged it right away. Thanks again; I'll read up on it and see how to delete this thing, what ever it is.

Hi Dog...I've been reading non-stop here, and tried a few things, but I guess I'm not doing the right things here. Because in my event viewer, I recieve a (yellow exclamation mark) warning every day, about event 36, W32 time. So, I must be looking in the wrong places here. As I scanned the events in event viewer, I notice a warning every day for the same thing....event 36; W32 time....."the time service has not been able to sinchronize the time for 49,152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is un-synchronized. " That is strange, as my clock seems to keep good time, at least it appears it does to me. Well, enough for tonight....my eyes are gettin' heavy here. I'll add some more info Wed. morning when I delve into this again. I just wanted to keep ypu posted on how I was making out. Thanks very much, Dog. ~Tommyo

tommyo, Have a look at this also http://forums.eyo.com.au/arc/t-36015 It works for me D4

Hi Dog..thanks for the additional info. I did search everywhere for the "ipstack" virus, and I can't locate it anywhere; so at this point I don't know if I've got some hidden virus, or a synchronization problem with my clock. I don't know why I show a (yellow) warning, for every day, in my event viewer. I've got to try and determine what "event 36; W32TIME" refers to. Thanks again for your help...I'll be reading all day long here to try and decipher this mess. ~Tommyo

I forgot to ask....can someone advise if I should hold off with the install of the new Microsoft critical updates, until I can figure out this problem??? Thanks!