Over 1 million tech questions and answers.

Strange disk behavior and Win32\Zperm

Q: Strange disk behavior and Win32\Zperm

A few weeks ago you aided me in cleaning an infection off my computer and I thought it was clean.  However, the last week strange things have been happening.  Here is the original thread http://www.bleepingcomputer.com/forums/t/508728/dds-and-combofix-logs-as-requested/?hl=requested#entry3174075
 
I am running Windows XP Pro SP3, AVG internet security, Ad-Aware antivirus in compatibility mode and from time to time I run I-obit antivirus and Mal-warebytes free version.
 
Within the last week,

1.  I several times got a boot disk not found error while booting.  I thought it was the hard drive going bad but after a couple of days it was fine.
 
2.  AVG has several times detected and quarentined Win32/Zperm.  It seems to come back.
 
The last full system virus scans with I-Obit picked up a few things, I think Trojans, most of which I think are false positive, in old data files in an external backup.   These files have not been accessed for years except for copying them from one place to another.
 
3 This morning WinPatrol informed me that a number of things had been removed from my startup.  These included WinPatrol, AVG Toolbar, RTHDCPL.exe, Ad-Aware AV (set in compatiblity mode), spybot search and destroy's tea timer and maybe some more that I can't remember.
 
The programs were still in my system tray but I am reinstalling them just in case now.
 
Any help would be appreciated.
Thank you in advance,
Jeffery Sitz

RELEVANCY SCORE 200
Preferred Solution: Strange disk behavior and Win32\Zperm

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Strange disk behavior and Win32\Zperm

Hi -
Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.Note: If a security program requests permission to access the Internet, allow it to do so.
 
 
Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes:
•Flush DNS
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).
 
 
Please download Malwarebytes Anti-Malware Free (a.k.a. MBAM) and save it to your desktop.NOTE : Do not accept the Free Trial Version at this time
* Follow these instructions for doing a Quick Scan in Normal Mode.
* Check for database Updates through the program's interface before scanning.
* Click on Scanner > Place a dot in Perform Quick Scan > Click Scan
* After completing the scan, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab .
* Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
* Exit Malwarebytes when done.
* Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately.
* Failure to reboot normally can prevent Malwarebytes from removing all the malware.
Check the list of found items and review any PUPs (Potentially Unwanted Programs) or PUMs Potentially Unwanted Modifications, as these can be Unticked if known to be wanted programs.
 
 
Thank You -

Read other 11 answers
RELEVANCY SCORE 69.2

Ok,

I'm going to try and explain this the best I can. I have a drive that I use as storage. Recently, this drive has had a problem that has now restricted the drives use. The problem is related to the size reporting of the drive.

When I remove a file, the space is not freed on the HD. I have gradually used all but 18MB of this drive, and now it is virtually useless. I remove large chunks of data, but the drive still reads full.

I have ran a scandisk, nothing. I have deframented, nothing. I would reformat, but there is valuable data on the HD. I am hoping someone has run into something like this before, however I searched and did not find a thread on this topic.

I have also ran a scandisk to check for viruses, whith no luck. Could it be an undetectable virus? Is a virus something I should be thinking at all?

Thanks for your help,

Nycho
 

A:Strange Hard Disk Behavior

Read other 6 answers
RELEVANCY SCORE 69.2

Hello!
 
I have had an internet connectivity problem for about a week now. First off, my internet connection randomly disconnects, goes silent for 5-10 seconds every few minutes, and then reconnects. Secondly, and I don't know if this is related, but I have two active connections now, which I never noticed before. My first connection is to my wireless router, and other than the aforementioned problems it behaves normally. My second connection is to Network 3, which I don't remember ever having and cannot control; it acts kind of like a hard line connection from a router in that I can't turn it off, but has no network access and serves no known purpose - I have no wired connection.
 
I ran AVG free, which detected win32/zperm, quaranteened it and removed it. I ran it again and it found it again. I then ran Ad-Aware which found and removed it several more times. Then I ran AdwCleaner, Junkware Removal Tool and finally ComboFix. The problem seemed to go away for about two days, then the internet connectivity issues returned, and now AVG nor Adaware can seem to find win32/zperm, but the problem persists.

A:win32/zperm

Hello having run ComboFix on your own we will need to see that log to determine what it removed. Please repost here ....Virus, Trojan, Spyware, and Malware Removal Logs. Include your above info and the CF log.

Read other 5 answers
RELEVANCY SCORE 68.8

Hi All,
I am a pc admin that is working on a machine for a good friend. She claims that her machine started acting up after she downloaded a "claim ticket" from an email from fedex. I received the laptop and immediately ran malwarebytes. This picked up some trojans, and this was found:
behavior:win32/crowti.e
behavior:win32/crowti.a
behavior:win32/crowti.b
 
This laptop is a hard core cad laptop for an engineer. It has 64bit os and is an Asus model. The laptop is clean with regards to programs other than autodesk and MS installs. That is the good news. The bad news is that its doing the following:
 
1. when shutting down images (pop ups)  flash as the computer is all but turned off.
2. When typing the space key and backspace keys stick sometimes for two or three seconds.
3. IE will just start up and loads pages (about 6 of them) with microsoft help pages. ( so far only ms pages)
4. when I try to get into safemode, itpops up asus's program and wants me to do a full system recovery so I cannot get into safe mode.
 
Seems like its a pre-boot corrruption. So here is what I have done. CCleaner, Malwarebytes, disk cleanup. Reset all IE browsers back to factory settings.
 
I did a chkdsk /r and it deleted a bunch of files, including videos (which at one time seemed to be popping up randomely)
I did a sfc /scannow and it found corrupt files that it could not fix ( I cannot open the log "access denied") I am logged in as the administrator.
 
I feel l... Read more

A:behavior:win32/crowti.e--plush fedex virus. Pc acting strange please help

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.To attach a file select the "More Reply Option" and follow the instructions.Wait for further instructions.

Read other 10 answers
RELEVANCY SCORE 68.4

I have a pretty similar problem like another user, but decided to post here, because I am not sure if the same fix applies to me (his thread was: http://www.bleepingcomputer.com/forums/t/480470/avg-quarantined-win32zperm/)
 
My problem is same or similar. I have an AVG and ad-aware. Whenever I scan with AVG alone (even in safe mode), it doesn't  find anything, but whenever I scan with ad-aware, my AVG finds win32/zperm, detects it as a virus and quarantines it. However, each time I scan, each time I find it there, so it keeps on being there. The file, which gets quarantined is in C:\Windows\Temp\(folder with many numbers, which every time are different)\(folder tmp with more numbers)\(tmp with more numbers). 
 
I am not sure if it's a false positive or not, but I'd rather hear the opinion of professionals. Another thing is that my videos online also freeze from time to time. Maybe this might be the cause... Issue started just a few days ago.
 
 
My DDS log:
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by home-pc at 17:51:08 on 2013-11-12
Microsoft Windows 7 Ultimate   6.1.7601.1.1257.370.1033.18.16259.14133 [GMT 0:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D56... Read more

A:Infected with Win32/Zperm

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

Read other 10 answers
RELEVANCY SCORE 68.4

Hi,
I ve been wrestling with the removal of the win32/Zperm virus and came across the posting from Gabrielrock nov12 2013 that seems to be a similar problem to mine. see http://www.bleepingcomputer.com/forum/t/513821/infected-with-win32/zperm
As with above, Ad-Aware detects the win32/Zperm virus and appears to deal with it only for it to re-instates itself in a windows/temp/file. Please advise how I can get rid of it.
I am operating on windows Vista and being relatively PC niave would appreciate guidance.
Many Thanks
 

A:Infected with win32/Zperm

Hello DaidaftI'm Seedy21 and I will be helping you with your issues.Please note the following information about the malware forum:From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by mePlease do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactiveIf you are using Cracked or Illegal software your thread will be closedLastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.Note:There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.If you are unsure what you're system bit type is..... click Here for help.For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.Double-click the downloaded icon to run the tool.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it also makes another log (Addition.txt).... Read more

Read other 21 answers
RELEVANCY SCORE 68.4

Hello everyone. Recently AVG quarantined a file called Win32\Zperm. Should i be worried about this? Also, i noticed that when i watch a video online, it's not uncommon for the video to freeze. I than have to close the program and restart internet explorer to get it to work. I orginally started another thread with a Rkill log and was kindly directed, to the proper procedure of starting a thread.

This is the original post: http://www.bleepingcomputer.com/forums/topic480398.html/page__pid__2937102#entry2937102

Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448
Run by Elan at 21:23:28 on 2013-01-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3999.1711 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestric... Read more

A:AVG quarantined Win32\Zperm

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 16 answers
RELEVANCY SCORE 68.4

ComboFix 14-08-19.01 - repeat 08/20/2014  21:24:48.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29329 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-21 to 2014-08-21  )))))))))))))))))))))))))))))))
.
.
2014-08-21 02:28 . 2014-08-21 02:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-18 03:37 . 2014-08-18 03:37    --------    d-----w-    c:\program files\Common Files\Lavasoft
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieUserList
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieSiteList
2014-08-16 23:55 . 2014-08-1... Read more

A:win32/zperm Combofix Log

ComboFix 14-08-15.01 - repeat 08/16/2014  18:36:07.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29682 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp5AEB.tmp
c:\windows\SysWow64\tmp5BD6.tmp
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-16 to 2014-08-16  )))))))))))))))))))))))))))))))
.
.
2014-08-16 23:39 . 2014-08-16 23:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-16 23:30 . 2014-08-16 23:30    --------    d-----w-    c:\windows\ERUNT
2014-08-16 23:28 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-16 23:15 . 2014-08-16 2... Read more

Read other 12 answers
RELEVANCY SCORE 67.6

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.


I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.91.2
Run by Nicholas at 12:28:54 on 2016-12-22
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8102.2929 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG ... Read more

A:Win32/Zperm virus & popups.

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Read other 11 answers
RELEVANCY SCORE 67.6

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.



I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

Read other answers
RELEVANCY SCORE 66.8

Hello,
 
I have both AVG and Ad-Aware installed (Ad-Aware is in compatibility mode so the real-time protection is off). AVG resident shield keeps reporting that Win32/Zperm has been found in the temp folder and this is due to the Ad-Aware Service. I choose the action to remove it, which it says is successful but then it reports the same thing again a little while later. An actual scan by AVG does not find anything, neither does a scan by Ad-Aware.
 
AVG resident shield report: Virus found Win32/Zperm, c:\Windows\Temp\... (actual folder and file changes every time)
 
The process name: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
 
I have also tried scanning with Malwarebytes Anti-Malware and that too doesn't give any postives. Could you help me remove it please or is it a compatabilty issue between AVG and Ad-Aware?
 
Thanks
 
My DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Paulette at 13:17:06 on 2013-11-22
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2038.701 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/... Read more

A:AVG keeps finding Win32/Zperm in temp folder

Actually, I forgot that Malwarebytes did find some PUPs which I deleted but ir didn't seem to have any affect.
 
Here is the log:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org
Database version: v2013.11.20.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Paulette :: PAULETTE-PC [administrator]
Protection: Enabled
20/11/2013 10:50:45
mbam-log-2013-11-20 (10-50-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201716
Time elapsed: 13 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\Paulette\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
Files Detected: 9
C:\ProgramData\YouTube Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\Local Settings\Tempo... Read more

Read other 22 answers
RELEVANCY SCORE 56

please help, windows defender detect Behavior:Win32/Powessere.D and BrowserModifie:Win32/Sasquor.
 

Read other answers
RELEVANCY SCORE 52

I tried to launch a game today, but less then a minute in, the game crashes and the systems bluescreens. This happened twice in a row.

During the restart, unusual pixels appear in the BIOS splash, red squares before the windows logo appears, and then green vertical bars during the windows load, followed by a bluescreen. Then happened multiple times (even after system was powered down, and psu shut off). These startup colors didnt appear every time, however if I got into windows, it was quite unstable and bluescreened in less then 5 mins.

Possible causes / fixes? (See pics below)

http://imgur.com/3k30U.jpg
http://imgur.com/DY4yI.jpg
http://imgur.com/XNBl9.jpg (Hard to see because of flash, but look carefully)
 

A:Strange Behavior

is the fan on the video card spinning? is it full of dust?
 

Read other 3 answers
RELEVANCY SCORE 52

I'm trying to help an elderly friend,whose computer is doing the following...Win98 stops booting just before the desktop appears...hit ctrl-alt-delete...a strange name is shown in task box(ie:margo1 c)I hilight this name and end task...the computer then boots to desktop.He then randomly gets "this program has performed an illegal operation etc."If you click close the program closes and goes back to desktop.If you do not close the error box you can continue to work(in Windows Explorer for example)
Ran HiJackThis found...C:\Windows\Margo1 c.exe...had HijackThis fix it.I the checked and searched the registry and found C;\Windows\margo1 c.exe in the "Run once" key under Windows.I deleted the margo1 c.exe .
When I restarted the computer it stopped at the same place during the boot,found another strange name(ie: zpj2x4.exe) in the task box and in the Run Once key in the registry....I went to the Windows folder and deleted all the strange .exe files and now the computer boots O.K. Does this activity ring any bells for anyone as to what virus-worm or trojan whatever might be causing this.I have checked the viruses listed at Trendmicro for this type of activity and could find none....
 

A:Strange behavior

If you could use paragraphs next time its alot easier on the eye.

and try these steps after you eventually boot into desktop.

Before doing anything turn of system restore
My computer > Control Panel > System > System Restore Tab > Check Turn off system restore on all Drives

When your done dont forget to turn it back on

1)Go to Online Av Scan And run a free anti-virus test
1a)reboot

2)Then dowload ad-aware
Ad-Aware
Before you scan with AdAware, check for updates of the reference file by clicking on "Check for updates now", connect.

Click on Start, Use custom scanning options, Customize.

Make sure the following settings are made and on -------"ON=GREEN"

"Scan within archives"
"Scan active processes"
"Scan registry"
"Deep scan registry"
"Scan my IE Favorites for banned URL"
"Scan my host-file"

Click on Tweak,
Select scanning engine and click on "Unload recognized processes during scanning"
Select cleaning engine and click on "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

Then click "proceed" to save your settings.

Click on Next

Run the scan and fix everything.

2a)Reboot

3)Then get Spybot S&D to clear remaining spyware.

Short tutorial and download link here:
Spybot

Fix everything SpybotSD labels in red, and immunize.

4)Then download Spyware Blaster
Spyware Blas... Read more

Read other 3 answers
RELEVANCY SCORE 52

As noted in my profile running Windows 7 Professional and all was working well until a couple of days ago.  I upgraded my internet service through Comcast to 30 Mbps download speed, and initially was not seeing that speed on my PC.  I adjusted MTU on my router (Netgear WNDR3400 running DD-WRT) down from 1500 to 1450 and that seemed to allow the speed measured by Speedtest.com to go up to my anticipated 30Mbps. But almost immediately, I noticed while I could get email messages through my Comcast email account I could not get messages from my Charter mail account, and more worrisome is that I now have very limited ability to load websites...something seems to be re-directing the searches and the sites never load.  Some load OK (like Bleeping Computer (luckily ), but while speedtest.com won't load, I can load the speedtest on the Comcast site.
 
I ran MalwareBytes and removed a few problems, and tried to install Avast Free (had been using AVG regularly), but Avast says "Unable to start scan: there are no more endpoints available from the endpoint mapper".
 
Please evaluate these symptoms and let me know a next step to take.  Please also indicate if this should be posted and continued in another Forum...I wasn't sure where to begin so thought the Forum for my OS would be a logical starting point. 
 
Thanks for any help and suggestions.
 
 

A:Strange Behavior...Please Help if Possible

See this thread ... https://forum.avast.com/index.php?topic=142330.0 .

Read other 1 answers
RELEVANCY SCORE 52

Dell inspiron 4100 laptop Intel 1.1mhz, 384 ram, 20 gb hd XP Pro SP 2

Whether I boot into safe mode or regular, two problems come up every time.
First, the system will not allow me to set default applications. When I try, via set program defaults, the status bar indicating the computer is setting the default application comes up and hangs about 90% of the way through and not change in default application happens.
Second, With every boot up I have to manually check the show quick launch box in taskbar properties.
Third, this just happened while writing this post, pressing shift and quotation mark caused Firefox 1.5 to go back a page.

I have found no viruses or spyware on the computer.

Any ideas how to correct these problems short of reformatting the HAD.

Joe
 

Read other answers
RELEVANCY SCORE 52

At start up this window opens C:\Program Files\Windows and it is empty. My anti-virus and spyware searches return nothing. Please advise.Logfile of HijackThis v1.99.1Scan saved at 12:42:04, on 13/01/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\Comodo\Firewall\CPF.exeC:\Program Files\Ad... Read more

A:Strange Behavior

Hello amaker and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.Like SifuMike stated previously, post a question in the XP forum here: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/ .The window is coming from one of the installed applications and that forum can help determine which one it is.Cheers.OT

Read other 6 answers
RELEVANCY SCORE 52

I turned on my computer this afternoon, only to find out that Windows Explorer will not open multiple files. Outlining a group of files and clicking the "open" command produces an error message that says Windows has encountered a problem and needs to close. Clicking the "debug" command locks up the system.

It was working fine just a couple of days ago, and I have no idea what I could have done to alter the system in this way. I've cleaned out the registry, disabled DrWatson, and restored the system to a previous day, but the error still persists.

Any ideas?
 

A:Strange new behavior

Get Xplorer lite, a stand-alone file browser. Pretty neat, you can dual panel.
 

Read other 2 answers
RELEVANCY SCORE 52

For the past couple of months I have been routinely assaulted by some threat or another every time I open my browser(IE). I am subscribed to Norton's (go ahead and boo) and the little yellow icon in the bottom tray glows red and I am prompted to "autofix" the problem. When I scan with Norton's, nothing comes up. When I scan with this "Intelliscan", I get 9 infections or so. I don't really know who these "intelliscan" people are, so I'm assuming I can just ignore them.

Could this be the conflicker virus trying to enter? Is Norton's worth the money? Can I get just as good service with AVG free? Sure would appreciate some answers.

A:Strange behavior.

Hello

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 52

Hello,

I'm using IE 6 (Build 6.0.2800.1106.xpsp2.021108-1929 to be exact).

I have configured it to prompt for passwords and to save logins and and passwords....

However, it never seems to store them ... and it alway prompts for passwords again even for logins for which passwords have been prompted for and stored earlier...

Also, there is another irritation which I remember encountering before on some other computer... when I do Control N to open a new window... the status bar does not show... it has to be manually enabled in View/Status Bar each time to show it....

This is in a new computer with Win XP Tablet PC edition Version 2002 Service Pack 1. On my other computer which has Win 98 with IE 5, I don't have any of these problems for the logins / passwords etc...

*Sigh*... the good old days @@

Thanks in Advance...
 

A:Strange behavior from IE 6

Have a look here:

OLEXP: Your Dial up Password Is Not Retained in Windows 2000 or Windows XP (Q264672)

As for the Status bar issue:

1) With (only one) IE open, click View, select: Status Bar
2) Right-click on IE's Toolbar and select: "Lock the Toolbar"
3) Hold down the Ctrl key and click the close button (upper right)
4) Open Windows Explorer, click View, select: Status Bar
5) Right-click on Explorer's Toolbar and select: "Lock the Toolbar"
6) Click Tools | Folder Options | View tab
7) Click the "Apply to all folders" button.
8) Hold down the Ctrl key and click the close button (upper right)

Cheers,
 

Read other 3 answers
RELEVANCY SCORE 52

First off, I'll say hi since I'm new to the forum. My name is Tom, I'm 22 years old and I'm from Algonquin, IL.
Now to the problem. Last week, my computer began acting strange. I would open up google.com in the newest version of firefox and any query I would search for, the browser would just sit there attempt to load and but never load anything. So google.com loads but it wont search for anything. Ive attempted to navigate through different websites. Some with success and some without. I belive there is a bug or something thats making this act up. What would be a good place to start. I've attempted to run Adaware with no results. Mcafee with no results. Spybot shows virtumonde but it does not delete. Thanks for any input. Hope everyone has a great week!

A:Strange Behavior

Are you finding any suspicious processes in Task Manager? When you experience or encounter strange behavior, always check for new, unknown or suspicious processes that may be running on your system.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show R... Read more

Read other 3 answers
RELEVANCY SCORE 52

good morning

I spent the weekend upgrading my PC's from win 7 to win 10. the 1st one had some issues after the upgrade, but most have been solved. 2 of the other 3 went fine and all seem to be working as expected.

the last one, and the most important one, has lots of issues

only one user account made it through the upgrade, the rest are still on disk but not in the users group

the network did not work, and any settings changes made would not stick until about 4 or 5 reboots

the upgrade did not find my 2nd raid as it did not have drivers for it, once I installed the drivers I have its drives in 2 places in explorer, This PC, and Desktop.


Quicken Home and Business 2011 gives and administrator account error on start, it works only partially, very slowly and without the mouse. this works fine on the laptop with Quicken and Windows 10.

I have 2 scenarios I can think of,
1. keep fighting these and other less critical problem until Windows 10 works correctly
2. restore the PC from an Acronis backup I did before the upgrade and start again.

if I restore this PC back to Windows 7 from a backup, will Microsoft have any issues with doing the upgrade again? It would be a lot easier than a rollback inside WIndows 10.

many people are having issues with Quicken and Windows 10, and so far I have not found a solution. the account that did make it through the upgrade is my main account, and it has administrator privileges so "run as administrator" is not needed. I took ... Read more

Read other answers
RELEVANCY SCORE 52

Hello everyone. I was attempting to install Mcafee Suite, and kept getting redirected to porn. They said on their page to do a stack dump and some other stuff, and it screwed things up. So I did a system restore, going back about 2 months. Now system restore, help, Media Player, and probably other stuff has disappeared. I still have the icons, but nothing works. I poked around a bit, and found alot of files with $ signs before and after the file name. I don't have an XP disk to reinstall. Thanks in advance for helping me out.
{Moved to more appropriate forum~~boopme}

A:Strange Xp Behavior...

Have you performed any anti-spyware scans? Have you tried doing your scans in "Safe Mode"? Are you doing scans while logged into the "Administrator Account" or an "account with administrator privileges"? You need to start there first. If rescanning in Safe Modes does not help, then do this:Perform an Online Virus Scan like BitDefender.(These require Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component. If given the option, choose "Quarantine" instead of delete.)Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet. Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)Under the "Configuration and Preferences", click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows ... Read more

Read other 1 answers
RELEVANCY SCORE 52

Hello all,

My normal routines haven't been successful in troubleshooting - and the behavior is subtly strange...unknown executables listed in my taskbar, slow internet, cryptic messages from my antivirus software... flicking screen, etc.

Below is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:22:37, on 27/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Users\Information\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
C:\... Read more

A:Strange behavior

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 52

My computer types by itself! It is hard for me to type and my computer is slowing down when this happens. I don't know how to describe it...I will put parenthesis around the computer's typing...this is no joke so please don't dismiss me! I was told that it might be Bonzi so I deleted all those files and for a while it worked fine. Now it has started again and I can't find the cause.(a a ) It causes my computer to run slowly and I can't play my games. I get a "runtime error" from the Visual C++ Runtime Library. I don't know if all this is tied together or what...I don't know anything anymore...! It's driving me crazy! I even deleted my comet cursor, thinking THAT might be causing it but it's still typing on it's own. I have run a virus check and found none. It doesn't matter where I am...a search engine...it types in the search box, my e-mail, it types in the body, this forum, it is trying to overtype me. I will just sit here and let you see what it does, again, this is no joke...please help me! (in-a bad home buying you know you know why did you form the opinion, the way the media player your can you not copy into a Simi you choose to not nicely on the walls and the people I mean, you only see the-wall in the kitchen you need is to call me crazy mean you're referring you have to , station will do to home near the way the time the time enemy station decide up for review this evening 3:00 AM and you may know,... Read more

A:Strange behavior!

Read other 16 answers
RELEVANCY SCORE 52

Hi all
First post, so hello everyone,

I have a basic mp3 player ( ALBA ) 1 gb. The player works well and I've had it nearly 6 years.

But when I connect it to my laptop (running Vista Ultra) via usb and format it there's 996mb of free space.

Lately when adding an audiobook which is, say 185mb long, it will only load two thirds of the audiobook and a small window appears saying can't create no.178 (or stops transfering at 178 when theres 240 parts to the audiobook.

Another strange thing is that I've had "Harry Potter and The Deathly Hallows" (995mbs) on the player and it loaded without a hitch. (May have been magically shortened to get it all on) some how I don't think thats the case.

But why does it accept a large audiobook and then wont even accept just over 100 mbs.

I was thinking that the formatting application on Vista is at fault.

Any ideas on this one please.

Thanks.
 

Read other answers
RELEVANCY SCORE 52

I suspect my PC is infected with a malware.
 
One strange thing is that I'm using "Opera Next Browser", and when I try to make a search in google, it shows and old version of the google theme. This happens in IE too, but does not happens in Opera Browser.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.17.2
Run by Paulo at 21:00:25 on 2014-04-25
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1033.18.4087.2345 [GMT -3:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\SysWOW64\svchost.e... Read more

A:Strange behavior

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

Read other 2 answers
RELEVANCY SCORE 52

Since reinstalling WMP11 and configuring it to be my default player for all media types it refuses to play my mp3 podcasts. These will play perfectly well on Realplayer, etc. WMP will play my mp3 music collection with no problem. Also many online radio channels will not play. On the screen it looks as if they are playing as it connects and the clock starts running but there is no sound and the pause button is greyed (blued) out. I will be very grateful for any help that you can give me.
 

A:Strange behavior of WMP 11

C'mon guys. Don't let me down now.
 

Read other 1 answers
RELEVANCY SCORE 52

When I visit a website, and I check my active connections on computer
(netstat)
it shows numerous TIME_WAIT connections to that site's IP address
Doesn't on all, but for a few.

Its gotten to the point that my computer(s) are registering so many connections to their server, they think I am ping hammering them or soemthing, and then denying my IP address.
A release/renew of my ISP's ip address ( using DSL so it changes everytime ) allows me to get back on to that site, but after about 1 - 3 mins, it auto blocks my IP address again.

Scanned comptuer(s) with numerous programs and nothing found

This is happening on a XP computer and a VISTA computer on my network
Does any one have any idea what could be causing this behavior ? or find a program that can tell me ( monitor )
 

A:Strange behavior

This is an example of what I am seeing when just going to my router

TCP 192.168.0.100:2698 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2699 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2700 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2701 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2702 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2703 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2704 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2705 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2706 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2708 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2709 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2710 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2711 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2712 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2714 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2715 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2716 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2717 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2721 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2722 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2723 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2724 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2725 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2726 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2727 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2728 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2729 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2730 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2731 192.168.0.1:80 TIME_WAIT
TCP 192.168.0.100:2732 192.168.0.1:80 T... Read more

Read other 2 answers
RELEVANCY SCORE 52

Hello fellow Vista users.

I have a question regarding usb. Yesterday I inserted my usb flash stick in my computer to connect with my wireless router.

I had internet for a whole day when all of a sudden my connection was gone. At first I thought it could of been that the usb stick is broken, so I went out and got a new one. Plugged that one in and the same thing happens.

Every time I plug it into my pc I hear the sound that Vista makes when a device is not recognized. I installed all the drivers and everything was working fine 2 days ago.

I'm now using my old usb connector and it's working great. I tried all the usb connectors but all of them make the sound when a device is not recognized.

I really hope someone can solve this for me, I'd like to use my new hardware at it's fullest.

P.S. I'm running on Windows Vista Ultimate x64 with SP1 applied with the latest patches and updates.

A:USB Strange behavior

Still no solution? Come on people... I'm sure someone knows how to fix this.

Read other 5 answers
RELEVANCY SCORE 52

Hello. My name is max and i'm a teenager from Illinois. Normally i know considerable amounts about computers, but because my access to the internet is *quite* restricted, i know almost nothing about the internet, viruses, and the like. Recently, my computer (not really my computer, just the one i use for Internet access) has been acting rather strange.

It's been
A) during time when the internet is connected, (broadband) possible shows a pop-up box saying "this page is accessing information that is not under its control. This poses a security risk. Continue? Whether you click yes or no, it comes back in 5 seconds. Even now it's over in the corner. The icon for the window of it on the taskbar is a wierd cube with blue red and green sides.
B) unable to system restore properly
C) find any viruses or adware by using my scanner (latest mcfee specs)

So i ask you... please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:47 PM, on 12/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.ex... Read more

A:Strange Behavior

Afraid i'm bumping for help
 

Read other 1 answers
RELEVANCY SCORE 52

Can anyone tell me why this is happening.

When I am on the internet, such as ticketmaster, and click on something I instantly get booted off Internet Explorer and end up back at my desktop. It's been happening on various websites.

Any ideas on why this is happening? I'd really appreciate any help on this.

Thanks!
 

A:strange behavior

Read other 6 answers
RELEVANCY SCORE 52

Ok, so let me start off with my spec:

Windows 7 Pro X64
Intel I7
16GB Ram
NVidia GeForce GTX 750ti (latest driver)
liquid cooled core
1 x SSD
1 x HDD (storage)

Now my PC is custom a year old, the OS was done by me. I have had no issues until this error started, no new hardware installed, it started about 2 months ago.

So the issue, my PC will randomly restart, you could be mid email or opening Google chrome (this is important and I will come back to this later) the Event log shows an error ID of 41, which is "The system has rebooted without cleanly shutting down first" no other logs, so not much use there, so I don't think this points to an OS issue

so what have I done?

-had the PC sent back to the shop they stress tested it, and all tests came back as no issues

-I imaged the SSD and HDD using Acronis replaced both drives, random restart still happens

-ran both chkdsk /f C: and Memory Diagnostic tool, both fine

-unplugged all USB devices and changed keyboard and mouse

after all this it still restarts, it could do nothing for 3 days, then restart 5 times in one day.

now I know you will say its overheating... nope the core is a steady 50?C - 65?C (which is optimal)



So it really doesn't like Google Chrome, if I open it, it will restart the PC 5 out of 10 times, almost instantly within a second of chrome opening. using internet explorer it still restarts but not as much. it has restarted using Adobe also

I am a decent tech... Read more

A:Need help, strange behavior!

Have you updated the motherboard chipset? and Bios, i would also reset it to default values.

Roy

Read other 6 answers
RELEVANCY SCORE 52

Hi all,

At our work we run a WPAD script as a proxy for all users.

There's an Active Directory group that gives restricted internet access to domain accounts by tying a filter in our web filtering product to that AD group.

I have an issue where one of our IT guys logged onto a Windows XP machine using his domain account. He then switched to the local Administrator account.

He put the URL to the WPAD.dat file in his proxy settings in Internet Explorer. He was then able to access the external internet, but without having to provide a domain account/password after authenticating with the Admin account. So, he logs into a machine using a domain account, while logged in he changes his login to the local Administrator account, then he gets on the internet.

Now, what's strange about this (to me at least) is that we follow standard default-deny practice (if you're not a member of an AD group tied to a filter, you get blocked). The reason he was able to get on the internet was because that restricted internet access group in AD was applied to the local Admin account after he logged into it, thus the web filter allowed him through to the net. This should not be happening, right? A global AD group shouldn't be randomly applied to a local, machine-based account, even if it is Administrator (no local Admin accounts on any machine are members of that group, only domain accounts).

Is this an example of privilege escalation, or am I missing something here?

A:Strange behavior

I have no idea about this type of thing, but perhaps this will help you.

Using Automatic Configuration, Automatic Proxy, and Automatic Detection

Read other 5 answers
RELEVANCY SCORE 52

Days ago, I noticed that all my .html files turned into an unidentified file icons, it used to show my browser's icon (my internet browser is Opera) so it used to show opera's icon but now instead of showing the browser's icon, it is showing as an unidentified file icon. When I tried connecting my ipod to my laptop, it didn't recognize my ipod so I did what is written in here http://support.apple.com/kb/TS1363. Later when I did another try, it does recognize my ipod but when it actually brought me to itunes, I can see the word 'hijack' on the search bar in itunes then later it went blank again like the normal search bar. Since then, I experienced weird things happening to my browser. Like today when I click on one of my html files, it brings me to my browser but shows me some error which never happened before in the past then it opens another 2 browser tabs with the address: www.and.com and www.settings.comWhen I was browsing the internet earlier, it messed up my browser settings. Like it changed my bookmarks and shortcuts to the websites that I never visit. After that I had to close my browser. Later when I click on my browser again, it goes back to my normal settings. So I am wondering if this is normal? or am I infected by some browser hijacker or something?I hope someone could help me with this.

A:Strange behavior?

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say ... Read more

Read other 14 answers
RELEVANCY SCORE 52

First off, Im looking for a way to fix this, so don't tell me to use another browser.

Here is the problem, IE has started acting very strange, many pages are no longer fully loading, some fail to load anything yet they claim they are "done". Other places, like TS and other msg boards will load but QUOTES appear as empty boxes and some lines of text won't show up either.

I have had this happening for almost a month and have tried Spybot, Adaware, and HijackThis. They are all fully up to date. I have also tried scanning for virii with fully updated NAV, as well as using every online scan I know of.

The problem seems isolated to IE, as it does not affect Firefox. I have reasons for needing to use IE for some things so I don't want to just give it up completely.

Here is an example http://www.techspot.com/gallery/showphoto.php?photo=229&size=big&password=&sort=1&cat=500
 

A:Strange IE behavior

do u have sp1 installed? if u do, try to re install it. either way, install it again and it should patch everything up.
 

Read other 15 answers
RELEVANCY SCORE 52

I recently had trojans on my computer and thought I had deleted all of them. However, when in Microsoft Office software, if I do a "save" "save as" "open", etc. the window appears in a full-screen format as opposed to a small format as per usual. Also, my desktop icons have a "shadow" to the text that I often remove. I was unable for a while to run in safe mode but have recently managed to log on as such and have ran my antiviruses from there. I had the Virtumonde as well as a SirCam problem. I am new to this forum and think I am supposed to put my highjack log here. I hope I am correct. Also, in my Task Manager, one of my processes is named "system" and I cannot end it. Thank you for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:54, on 09-03-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AppRanger\SWSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsr... Read more

A:Strange behavior

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 52

I posted in this forum a few months ago. My old computer crashed and so I moved on to this computer. It used to be my aunt's so it was passed down to me since my last computer messed up. I share it with my brother who could care less about trying to keep the computer safe.
It's super slow and pops up a black window at the start-up but I cannot determine what it says. I've run MalwareBytes and it deleted a few things. Spybot finds numerous things but never can delete it. It states that there's something with Bear Share (ugh!) but I went through the old files and deleted everything related to BearShare... or so I think. I need help figuring out what's going on with this slow machine! Please?

Read other answers
RELEVANCY SCORE 52

Hi!

Why is the fan (only one fan in this crappy HP pavilion dv6835eo notebook) running at almost max rpm for at least five minutes during and after logon, but not otherwise? If i check the temps with HWMonitor 64 they are low, that is, under 40 degrees celcius so the fan should not be running as much as it is.

When i power on the comp, fan spins up to max for a few secs (normal behavior) then run at very low rpm during the whole boot process until i get to the logon screen where it freaks out and start to get noisy. As i said, it stays that way for at least five minutes despite low temps. Same thing when waking up from sleep mode and hibernation. Using latest F.32 bios. Trying to rollback but can get hold of older version.

Its a fresh Win 7 x64 install with latest drivers. CPU and GPU throttling working. No aparent CPU-hogging software in the background or anything like that. CPU usage is less than 5%.

It feels like Windows 7 is ignoring the laptops own fan speed control for five minutes or so.

Aside from this issue, fan control, power schemes and everything else is working good.

I've been playing around with DSDT extracted from the registry (and then put back with ASL compiler etc etc) to try to change temp thresholds and stuff like that but it wont help a bit. No change whatsoever. Been looking at this guide How to Reduce Fan Noise on HP Notebooks: Patching the DSDT table to do it. My DSDT table and its fan/temp section is unfortunately a bit more complicated than ... Read more

A:Strange fan behavior

I experience this with my desktop. I updated my graphics card driver (the fan on my graphics card did this) and it seemed to help a bit. Although it does spin very fast during boot and after logon. I am thinking it might just be doing this until the software that controls the fan loads and tells it to slow when the temp is fine. Try updating your PCs software if you haven't. Now since this is a notebook, you're graphics card won't have a fan like mine I am sure, but updating software might help.

Read other 2 answers
RELEVANCY SCORE 52

Hi guys,
 
I'm running Vista Home & have been experiencing increasingly annoying mouse issues with both Firefox & Chrome browsers.  Opening & closing pages takes a random number of click (same with minimizing).  Highlighting sometimes turns the screen light blue.  Cut/copying is almost impossible due to the inability to highlight the desired area.
 
I have found malware (windows installer.exe) and removed it with Malwarebytes.  This seems to have eased the severity of the issues but not illiminated them.
 
I know that your instructions are to not run GMER or ComboFix but I learned that after running them , so I do have the logs.
 
 

A:Strange behavior

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

Read other 1 answers
RELEVANCY SCORE 52

My wife and I both have laptops with Win 7 Home Premium (only difference is hers is 64 bit, mine 32 bit). Both also have Foxit Reader, latest version. I downloaded a fillable PDF form from my bank. On my laptop, it doesn't work (it opens but I can't fill in anything). When I open it on hers, it works fine. Any ideas why that would be??
 

A:Strange PDF Behavior

Read other 7 answers
RELEVANCY SCORE 52

need advice on repairing laptop. problem started two weeks ago, after booting up & the desktop appears a window shows up & follows the cursor everywhere, then everything stops responding except the cursor. i can move it around but nothing responds to clicking. ctrl/alt/delete lets me go back & restart, but the same thing happens again. the window that follows the cursor around is the one that opens when you rclick an empty space in the taskbar. it,s a 10 month old lenovo laptop,i3 processor, win7, using ie9 browser. i've run full scans with malwarebytes & mse & nothing was found. also ran ccleaner. please help. sloboat.

A:strange behavior

Probably, this is hard-ware related.Options:Right mouse button on your laptop hangs, is dirty or otherwise obstructed or damaged. -> Solution, try cleaning it if you haven't before. Also, wiggling it around and/or place a vacuum-cleaner on a 45 degree angle (DO NOT PLACE IT DIRECTLY ON TOP!!!) over the button to suck out loose dust. NEVER TOUCH THE LAPTOP with the vacuum-cleaner!!! Canned air would be even better.Also, the touch-pad itself could be damaged. -> Solution, buy a wireless mouse with USB connector and turn of the touch-pad in the device manager all together.Please let us know if this fixes your problem,\0/-Sec

Read other 5 answers
RELEVANCY SCORE 52

Hey,

So I have an HP ExperssCard Digital/Anaglog TV Tuner for my laptop.

So the first thing I did after inserting it (and after installing the dirver of course) i went to windows media centre to setup the TV Signal. It worked fine, I have a analog cable source.

Then sometime later, it just said there was no signal coming into my device, which made no sense because the HP QuickPlay program could play the TV fine.

So now I go to resetup the TV Signal but it will ONLY look for a digital signal and it does not seem to be looking for my analog source at all.

Is there anyway to make it find this signal or why it would have just arbitraily stopped? i really can't rmember doing anything that would break this at all, and I am quite experienced with computers, just not with this program since I never had a tv tuner till now.

thanks for all your help!

A:Strange Behavior

and... i forgot rule #1... restart the computer. now it is magically working fine. I love magic!! but im still confsued as to why this would happen.... oh windows...

Read other 2 answers
RELEVANCY SCORE 52

Hey guys,

I posted another thread about my friends computer and I ran into trouble with my own.

My computer is acting really strange. For a couple of weeks my computer kept freezing. In-game, during normal operations in windows and even in BIOS and other test software using a USB-stick (outside of Windows)

Now for at least 2 weeks straight the computer funtioned like a dream with no freezes and everything working real smooth. Just now like 10 minutes ago it froze in-game and didn't respond. After a hard shutdown, I waited 5 min and gave it another shot. The computer booted up and started running post but froze again. Another hard shutdown and 5min later still the same result.

When my computer functioned normally I ran, Memtest with no errors at all. I ran HDD test with 2 different types of software and I tried 2 different graphics card. My temps on the computer is really good so I doubt it could be that.

This computer hasn't been a good friend. It has cost me alot of failures over these 3 years from changing MOBOs, 2 Graphics cards and 2 memory sticks.

My first thought was that it could be the MOBO but I'm starting to think that it could be the PSU. Because if it delivered too much or too low power it could damage the hardware right?

Could you please give me your input on this

Best regards!
 

A:Strange behavior

Read other 9 answers
RELEVANCY SCORE 52

recently i am experiencing strange problems.
it started with my vista 32 so i formatted and reinstalled,
then it came back and now it's occurring on my XP SP3.

under vista i used to log off and my computer went into "power saving mode" and stayed there, moving the mouse or pressing the keyboard had no effect, the screen would remain black. then i would restart my computer and there would be no boot screen just the message "power save mode" and then after two three minutes the screen would turn on and my desktop gets visible.

now under xp (happened after a week of use) when i restart my computer it also goes into power save mode and the screen remains black thru the entire boot process (very annoying).
from time to time i do get to see the windows login logo,the problem comes and goes,
any idea what it could be?

my montor is:
lg L226WTQ

and i have Asus geforce 7950GT graphic card
with nvidia 178.24 driver

10x in advance
 

A:strange behavior

So the vista and xp are the same box/

go into your bios and change the power settings to your liking.
 

Read other 3 answers
RELEVANCY SCORE 52

I just received an email with a birthday greeting link. The message said to click on the link below to receive the card. However, there was no active link to click on. I finally forwarded the email to my wife the other identity on OE6. I opened the email and the link was active. I was able to get my birthday card. Now I remember I have also received other emails that were supposed to contain links, but they were not there, just as I described above with the birthday card. How do I fix this? I have Windows XP Home and IE 6.
 

A:OE 6.0 Strange Behavior

In Outlook Express, go to Tools>Options>Read tab. Take the check mark out of the box for "Read all messages in plain text." Click OK. See if that fixes the problem.
 

Read other 2 answers