Over 1 million tech questions and answers.

HTTP Malicious Toolkit Variant Activity 2 & HTTP SurfAccuracy Config Request

Q: HTTP Malicious Toolkit Variant Activity 2 & HTTP SurfAccuracy Config Request

Yesterday I got this threat HTTP Malicious Toolkit Variant Activity 2 and my Norton Internet Security blocked them. I installed Malwarebytes and SuperAntiSpyware, updated them, restarted in safe mode, disconnected from the internet and did a full system scan for both and didnt detect anything. Today I got this threat HTTP SurfAccuracy Config Request.

So I was wondering if my computer is infected with malawares and if someone could give me a hand here.

Any help would be appreciated!

Here's my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:03 AM, on 11/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\mobsync.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O13 - Gopher Prefix:
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6986 bytes

RELEVANCY SCORE 200
Preferred Solution: HTTP Malicious Toolkit Variant Activity 2 & HTTP SurfAccuracy Config Request

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: HTTP Malicious Toolkit Variant Activity 2 & HTTP SurfAccuracy Config Request

Hello, gunnersluver
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on your system.
Double click on your desktop.
If prompted by any script blocking tools, please allow any actions taken by DDS.
When prompted to preform an Optional Scan, please select
Two reports will open. Please reply with the generated reports:DDS.txt <-- Copy and paste into your next post
Attach.txt <-- Attach to your next post


We need to scan for Rootkits with GMERPlease download GMER from one of the following mirrors:This is the Primary mirror
This is a Secondary mirror
This is a Secondary mirror

Close any and all open programs, as this process may crash your computer.
Unzip the downloaded file to your desktop.
Double click on your desktop.
Allow the gmer.sys driver to load if asked.
You may see this window. If you do, click No.

Click on and wait for the scan to finish.
If you see a rootkit warning window, click OK.
Push and save the logfile to your desktop.
Copy and Paste the contents of that file in your next post.

In your next reply, please include the following:DDS.txt
Attach.txt
GMER's Log


Billy3

Read other 2 answers
RELEVANCY SCORE 176

Today I was browsing the internet in my Sandboxed web browser (Safari) and went to download a file. However, before I could click the download button, my firewall (Norton 360) popped up and told me "A recent attack on your computer was blocked" or something of the sort. I immediately closed Safari and erased history, but I'm not sure that's enough.So I went and looked at the details, and I was told it was a known attack called HTTP Malicious Toolkit Variant Activity 2. The question is, am I safe now? Or do I need to do some things before I'm alright?

A:HTTP Malicious Toolkit Variant Activity 2

"HTTP Malicious Toolkit Variant Activity 2" generally refers to a particular attack using a specially crafted PDF document which exploits a vulnerability in older versions of Adobe Reader. If the download you mentioned was a PDF and it was prevented from completing by Norton then you should be fine. Of course, it wouldn't hurt to run a malware scan and make sure that all your software is up-to-date.

Read other 1 answers
RELEVANCY SCORE 176

I'm getting popups from my Norton Antivirus saying "A recent attempt to attack your computer has been blocked" and when I click on it, it says "An intrusion attempt by KRISSY-PC has been blocked".This is particularly confusing because "KRISSY-PC" is the name of MY computer.Here is DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Krissy at 15:09:28.00 on 29/09/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1013.195 [GMT -7:00]============== Running Processes ============================= Pseudo HJT Report ===============mStart Page = hxxp://www.toshiba.ca/welcomeuInternet Settings,ProxyOverride = *.localBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLLBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0... Read more

A:HTTP Malicious Toolkit Variant Activity 13

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 14 answers
RELEVANCY SCORE 174

My computer, connected via a wired connection to a router, has Norton Antivirus and Norton Smart Firewall 2010. I noticed a pop-up saying HTTP Malicious Toolkit Variant Activity 16 and showing inbound traffic from okelkas.co.cc/okelkas5/trafflit.php and an IP address 195.226.220.12

This is a bit scary since I believed my PC was protected from inbound traffic by the router. I wouldn't expect any inbound traffic.

Some months ago my laptop was infected with a root kit which I removed with TDSKiller. So I ran TDSKiller to do a scan and it found that sptd.sys was locked and suspicious. (Note: I did the scan only; have not attempted to fix anything).

Help would be appreciated!

Thanks
BFW

A:Not sure what... HTTP Malicious Toolkit Variant Activity 16 means?

I have restarted my computer, XP SP3, in safe mode F8 and performed a Norton full scan. It found 21 tracking cookies, which I allowed it to 'fix', but otherwise no issues.

I'm a bit unsure as to what I should do next?

Thanks in advance
BFW

Read other 1 answers
RELEVANCY SCORE 145.2

I run a Web site: www.TeamRCIA.com. Two people in the last week have told me they are getting "malicious toolkit" warnings when they log onto the site. Everything was fine when I signed on, and I asked several other people to log on from their computers. Also fine.I use Firefox, so I installed IE8 to see if that mattered. When I logged on in IE8, Norton gave me a warning: "An intrusion attempt by NICK-PC was blocked. Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\AVG\AVG8\AVGNSX.EXE" I posted a screenshot of the full alert here: http://bit.ly/iQLtUNICK-PC is my desktop. I am running Vista. The site is hosted by 1and1.com and it uses a WordPress template.Thanks for your help.Nick Wagnere-mail address removed to protect from spambots. ~ OB

A:HTTP Mailicious Toolkit Variant Activity on my Web site

Hello NickWagner,

We can't see the image because that link goes to a Yahoo log-in page and not to the image.

Orange Blossom

Read other 14 answers
RELEVANCY SCORE 140

Hi. I have had this problem for many months now and have tried to remove the infection manually using instructions found on ehow, using Norton Antivirus, malwarebytes and spybot search and destroy. Nothing has been successful at removing it. I have just been using my laptop instead of my desktop because I don't want to use an infected computer. The computer is running Windows XP Professional SP3. I receive notifications from Norton that an intrusion attempt has been blocked. When I go into the log, I found that there were three high risk log entries, one for HTTP Tide Serv Request2, one for HTTP CrimePack Activity 1, and one for HTTP Nukesploit Request. As I mentioned this has been going on for months now. At the beginning it was mostly just HTTP Tide Serv Request2, the other two are new today. I'm hoping you can help me, otherwise I'm going to have to reinstall Windows, which I'd like to avoid doing. I hope I have included enough background. My scans are below and attached. Your help is greatly appreciated!

Thanks,
Mike
DDS Scan Results:

DDS (Ver_10-12-12.02) - NTFSx86
Run by PPSV at 12:53:22.68 on 01/13/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1463 [GMT -5:00]

AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Bitdefender Firewal... Read more

A:HTTP Tide Serv Request2 / HTTP CrimePack Activity 1 / HTTP Nukesploit Request Problems

Hello mthess, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on... Read more

Read other 7 answers
RELEVANCY SCORE 134.4

HTTP Fake Antivirus Install Request 4Intrusion Attempt - High Risk - BlockedNetwork Traffic - 69.42.67.204 ,80Attack Resulted from \DEVICE\HARDWAREVOLUME1\PROGRAMFILES\INTERNETEXPLORER\IEXPLORE.EXEHTTP Malicious IFrame Image RequestIntrusion Attempt - High Risk - BlockedNetwork Traffic - 89.248.179.94 ,80Attack Resulted from \DEVICE\HARDWAREVOLUME1\PROGRAMFILES\MOZILLA\FIREFOX\FIREFOX.EXEDo these events require investigation. Is my system clean.No unusual behavior to report.(May I run DDS and GMER from any user account)Edit > I was pointed to Bleeping by the Norton Community Forum. The Severity Risk for both Attempts is HIGH. HIGH is very unusual for me and Norton wanted me to investigate further at BC as to maybe Rootkit got in DDS (Ver_10-03-17.01) - NTFSx86 Run by BJMS at 17:18:36.39 on Thu 06/03/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1709 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\... Read more

A:HTTP Fake Antivirus Install Request 4 | HTTP Malicious IFrame Image Request

bjm_ OP edit I hope my post to Norton Community Forum does not violate bleepingcomputer rules. I did not follow any instructions @ Norton Forum...other than "go to bleepingcomputer" to investigate / post Topic re this issue. ThanksEdit > Does bleeping send automated response by email that my Topic has been received .... and to wait for reply ....and what if no reply after X days ? Expected automated response Topic received with what to do if no reply after X days...understand Forum gets swamped ... just don't know if after 100 reviews I should have received automated response or any response or just too soon. Only one day...so may be too soon for even automated response.

Read other 31 answers
RELEVANCY SCORE 124

Hello,

I run a website called http://www.seamheads.com and one of my writers recently e-mailed to tell me that he received the following message when he tried to access the site: "Malicious toolkit variant activity 21 detected." Apparently the page stopped loading and he wasn't able to access what he was trying to access. This is the first I've heard of any problems. I've accessed the site with no problems using both Firefox 3.6.14 and IE 8.0.7600.16385 and no one else has contacted me about any issues. But I obviously would prefer that no one have any issues accessing my site, especially my writers. I'm running Windows 7 and ran a virus scan a few minutes ago but nothing was detected.

Any suggestions on how I can determine whether there's a virus lurking about and how I can get rid of it if there is?

Thanks!
Mike

Read other answers
RELEVANCY SCORE 121.6

I was hoping I wouldn't have to resort to this, but I guess I've no other choice. I've looked up this thing and from what it sounds like, I'm in deep. Like an abyss.This whole fiasco started about a week ago when my parents found a charge from McAfee on their card. None of us ever purchased anything, and called McAfee and had them remove the charge which (according to my Dad), simply removed the LiveUpdate thing McAfee had.Not long after that, Google Chrome started acting weird and some program called "pbupdate.exe" had to be closed. My computer subsequently froze and I had to manually shut down.I rebooted my computer only to find that Chrome had been completely fried and would not load any web pages at all. Resorting to Firefox, I Googled "pbupdate.exe" and clicked the first link, allowing "Top PC Defender" onto my computer (and maybe some other things).As such, I ran Malwarebytes, SUPERAntiSpyware, McAfee, AVG, and Spybot to rid myself of the problem. When this yielded no results, I ended up using System Restore which seemed to get rid of the problem.Not long after, we switched over to Norton due to Comcast preparing a move, and uninstalled McAfee. Norton ended up having to uninstall AVG in order for it to install.And ever since then I've had these messages popping up repeatedly on my computer from Norton, telling me an attack was blocked but not allowing any action to be taken. The fact that I'm still getting these mess... Read more

A:HTTP Tidserv Request, HTTPS Tidserv Request 2, and HTTP Trojan Sasfis Activity

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 17 answers
RELEVANCY SCORE 119.6

The other night I was on "givesmehope.com". It is supposedly a great website and I've never had trouble with it. But the last time I was on it ( the other night ), Java randomly started and then Norton popped up two times and went "A recent attempt to attack your computer was blocked." The infection that was blocked was HTTP Phoenix Malicious Toolkit.
The thing that worries me is that my computer seemed to be a little weird for a bit, and my Norton full scan that normally takes over an hour took just 18 minutes.

Do you think I'm infected ? & I don't need any scanners and whatnot, I just want your opinion on if I'm infected or not.

& Hey, does anyone know how to change your profile name on here ?

Thank you !

Read other answers
RELEVANCY SCORE 102.4

Hello guys,I've gotten numerous alerts from Norton telling me that I have attempted intrusions from HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2. I have turned off my System Restore, continued to allow Norton to continue blocking the attacks, and have NOT rebooted my computer since first receiving the intrusion alerts.. so far I haven't seen any damage to my computer. I do, however, have sensitive information saved into my browser which I am worried about (I have since wiped out the master password). Here are my logs below:DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 15:00:37.71 on 07/06/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.149 [GMT -7:00]AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBC... Read more

A:HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit th... Read more

Read other 17 answers
RELEVANCY SCORE 100.8

Hello,On July 18th, as I was watching a streaming TV show, my computer apparently picked up Antimalware Doctor, which kept telling me that my computer was infected and that I needed to pay them money to get rid of all these infections. I managed to get rid of that with MalwareBytes. Shortly after though, my Norton Antivirus started regularly informing me (every 20 minutes to half hour) that it had blocked an intrusion attempt from either HTTP Tidserv Request (most common) or HTTPS Tidserv Request 2 (2nd most), and every once in a while some oddball like HTTP Fake Scan Webpage 5 or some Trojan (Vundo or Ad.Clicker). It seems like it's always been blocked, but as these Norton alerts keep coming, even when I don't have a browser open, I am upset and concerned. Also seems as if the attacks are coming from several different computers.I tried running Malwarebytes a few more times. It usually leaves me with 8 or so pieces of malware, identified as Rootkit or Trojan agents, which it tells me will be deleted upon reboot. However, after I reboot and run Malwarebytes immediately thereafter, there are still 8 pieces of Malware. I tried updating my Norton and running a scan, but that didn't fix the problem. I also ran Norman Malware Cleaner, with no real results.Again, though the alerts always classify the threat level as high, it seems like they are being blocked. I haven't entered any passwords into my computer since this came up, and I never save any on a regu... Read more

A:HTTP Tidserv Request; HTTPS Tidserv Request 2; HTTP Fake Scan Webpage 5

Very sorry about the multiple posts. Firefox had gone grey, and I didn't think any had gone through. Sorry.

Read other 21 answers
RELEVANCY SCORE 94.4

Hi.I'd really appreciate some help here.4 days ago, I started to get the following messages from my Norton:Network traffic from 213.163.89.104 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXENetwork traffic from 60.12.117.145 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENetwork traffic from a57990057.cn matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENorton identifies the first one as HTTP Tidserv Request and the next two as HTTP Tidserv Request 2 respectively.It blocks those attempts but won't let me take any action to remove (says no action required).I've run DDS and downloaded GMER. Tried running GMER several times but it only gets as far as the devices and then freezes my computer. I have to unplug it just to restart it.Also, I have Firefox, Google Chrome, and Internet Explorer on my Computer. At random times, new tabs in these browsers will automatically open taking me to sites advertising products and Congratulations! You are the 1,000,000th visitor or something like that. Click here to claim your prize.No matter which search engine I use in any of these browsers, when I click on a search result, it does the same thing as stated in the previous pa... Read more

A:Infected with HTTP Tidserv Request and HTTP Tidserv Request 2 and can't run GMER

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will o... Read more

Read other 12 answers
RELEVANCY SCORE 94.4

IssueWhen using Firefox, I keep encountering a pop-up message from Norton informing me that a recent attempt to attack your computer has been blocked. I view details of the attack and it names it either as a HTTP Tidserv Request 2 or HTTP Tidserv Request. The browser also redirects me to different sites when selecting google search results. Firefox sometimes crashes for no reason and the PC sound has disappeared as well. ActionsI have run a Fully System Scan using Norton twice. It is only picking up cookies after the system scan is complete. I also ran BitDefender scanner and nothing was picked up. I was able to find this site and it looks like a lot of members were able to help on issues such as mine so might as well give it a try. I've read the guidelines for requesting help and followed it to the best that I can. The DDS.txt is below and I have also attached the Attach.txt. I tried running the GMER program twice using the links in the guidelines but a blue screen always appear with the following message.PAGE_FAULT_IN_NONPAGED_AREATechnical Information:STOP: 0x00000050 (0x9973AB30, 0x00000001, 0x99478FA6, 0x00000000)I tried a third time by getting GMER directly at its web site and saving it with a different name but it still did not work. A blue screen still appeared.DDS (Ver_10-03-17.01) - NTFSx86 Run by Meyrick Mataac at 21:39:52.82 on Thu 06/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.... Read more

A:PC infected with malware - HTTP Tidserv Request 2, HTTP Tidserv Request,

Hi parokyano,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.

Read other 28 answers
RELEVANCY SCORE 90.8

I was browsing a forum on IE8 when I got an intrusion attempt alert for something called "HTTP Neosploit Toolkit Activity". It shows my computer as the the Attacking Computer and the source address to that of my internal I.P. (192.168.199). The Attacker URL and destination address was something completely different from the website I was browsing - kasefe.info/page/best.php (74.118.192.209, 80).

Norton 360 was able to block it and said I required no further actions. But should I be concerned that it shows myself as the attacking computer?

I was told by someone on the Symantec forum to post here. Am also running Malware Bytes as we speak.


Thanks.

A:HTTP Neosploit Toolkit

Okay, malware scan done. Didnt find anything -

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4216

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/19/2010 5:49:17 PM
mbam-log-2010-06-19 (17-49-17).txt

Scan type: Quick scan
Objects scanned: 135832
Time elapsed: 15 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Am I safe?

One other thing I'd like to note, so fare there has been no performance problems with my computer nor am I being redirected to malicious websites when clicking on search engine links like Google.

Read other 2 answers
RELEVANCY SCORE 90.8

Running XP home, SP3. Over the past few weeks. Svchost.exe group rapidly after reboot and slows down computer dramatically. Grows to 1.6gb is the largest I've seen.. Also Norton picked up several Malicious Java Download 13 and Malicious Toolkit Activity 3 Web attacks.. that reference the Svchost file. I have run Superanitspyware, adaware, Spybot, Malawarebytes, Cc cleaner, and nothing has been detected. Not sure if this is spyware or just windows gotton corrupted. On a related not, when visiting the Dell website, when I tried to have then read my service tag automatically, their program could not and indicated: to update to Microsoft Common Languange Runtime  Verson 4.0.30319.0. When I triedd to, it said I had the latest... not sure if this is related.  If I end the offending Svchost.exe process, it will stary smaller for a while, but then certain things wont work.. like sound, etc.... Any help would be greatly appreciated!

A:Svchost grows rapidly and slow plus possible Malicious Toolkit Activity 3 attack

Hello dougled I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

Read other 3 answers
RELEVANCY SCORE 88.8

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael at 1:26:59.53 on Sun 13/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2547.798 [GMT 10.5:30]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Small Business\... Read more

A:Pissibley infected with HTTP Phoenix Toolkit

Hello Michael , Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change th... Read more

Read other 10 answers
RELEVANCY SCORE 88.8

Hi! I'm new to this forum. Thanks for accepting me!

I really need help in removing some viruses from my computer. I have been getting the same 3 Trojan horses in the couple of months, and have managed to get rid of them. But this really weird thing happened about a month ago. I was just on Google not doing anything when 3 random Java popups and requests to let the Trojan horses mentioned above run appeared. I naturally clicked no but then the computer froze so I had to hard reset it. When the computer booted up again, Norton removed these Trojan horses but was reporting 20 attacks a minute and still is (HTTP Phoenix Toolkit Activity 1 and 3, I believe). At first, other computers were attacking me, but now my computer is attacking itself. Also, I have been redirected on Google to random websites. I believe a rootkit has gotten into the computer. ComboFix could probably remove this rootkit, but I do not want to run it as it seems very risky. Also, I have tried many other anti viruses and anti rootkits, but to no avail. If possible, I would like to avoid using ComboFix to remove this virus.

Thanks in advance. Please reply quickly.
AA500

Read other answers
RELEVANCY SCORE 86.8

Hello,My name is Ivan and this is my first post here :-)I have some suspicions that my computer has been infected, and I'd like to find out if this is the case. Here is what happened and what I have done so far:What happenedI clicked on an image in Google Images search. The URL that the image was pointing to did not seem suspicious at the time (it was some web site about cars etc.). After I clicked on the image my browser (Internet Explorer ; normally I use Opera, but this time I was using IE) got redirected to the following site http://YahooRating.info/AVORP1BOBA.asp. At this point my antivirius AVG kicked in and notified me that the web site has been blocked, because it is potentially dangerous. I'm not sure if the redirect was caused by me clicking on the image link, or by some virus/malware running on my machine. I googled the problematic website and it appears to be related to HTTP Neosploit Toolkit Activity threats and Drive-by downloads threats.Things I've doneAfter the notification by AVG I scanned my computer using the following (all of the programs are up to date):MalwareBytes Anti-malware (both Quick scan and Full scan)- No threats detectedSUPERAntiSpyware (both Quick scan and Full scan)- Detected and removed a bunch of tracking cookiesTDS Killer- No threats detectedSymantec Endpoint Protection- No threats detectedAVG- No threats detectedAvira- No threats detected- Detected hidden objectsI run Avira two times - each run the detected hidden objects diffe... Read more

A:HTTP Neosploit Toolkit / Drive By Download - potential infection

Hello and welcome at this point we will need you to repost.We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Skip Gmer. Instead Please download Rootkit Unhooker and save it to your DesktopDouble-click on RKUnhookerLE to run itClick the Report tab, then click ScanCheck Drivers, Stealth, and uncheck the restClick OKWait until it's finished and then go to File > Save ReportSave the report to your DesktopCopy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"Let me know if that went well.

Read other 5 answers
RELEVANCY SCORE 85.6

Norton Internet Security has been reporting that it blocks an intrusion attempt from a variety of addresses and reports the risk name as either HTTP Tidserv Request or HTTPS Tiderv 2 Request. I get a few unrequested webpages, but the main symptom is the warning messages from Norton. In attempting to fix the problem myself, I learned that I can not boot to Safe Mode because my system hangs at amdagp.sys and returns to the "how would you like your computer to boot" screen. I think this is an unrelated problem, but thought I'd mention it.Thanks! I appreciate your time.DDS (Ver_10-03-17.01) - NTFSx86 Run by Ann Nymous at 23:19:25.80 on Sun 04/18/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1534 [GMT -5:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi... Read more

A:http tidserv request and https tidserv2 request

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.When finished, it wi... Read more

Read other 16 answers
RELEVANCY SCORE 85.6

Please help. My computer is constantly being attacked (HTTP Tidserv Request & HTTPS Tidserv Request 2). I do not know how to keep this from happening. I've been letting others use my laptop (my first mistake), and about a week ago this all started happening. Needless to say, I'm concerned as I don't know how much damage these attacks can do. My Norton Anti-Virus/Internet Security has been blocking the attacks, but they come constantly from several attacking IP addresses and URLS. Below please find my dds.txt and attached my attach.txt and gmerlog.log as instructed. Thank you in advance for your assistance, and I look forward to hearing from someone.DDS (Ver_10-03-17.01) - NTFSx86 Run by MY NAME at 20:01:23.87 on Wed 08/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.132 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Progra... Read more

A:HTTP Tiderv Request & HTTPS Tidserv Request 2

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 2 answers
RELEVANCY SCORE 84

I just updated my laptop's Norton antivirus. I use Firefox. Since then, when I sign on to AOL the first part goes fine, but when I try to access my emails, it shows 400 Bad request. The plain HTTP request was sent to HTTPS port. I urgently need to respond to some emails but don't know what's gone wrong. Can you please help? In simple terms......... Thank you very much
 

Read other answers
RELEVANCY SCORE 82.4

Symantec Endpoint Protection pops up " [SID: 23793] HTTP Malicious RMF File detected " but it won't remove it. CPU usage is at 100%; svchost.exe using 90+%. Also gives "Generic Host Process for Win32 Services has encountered a problem and needs to close." after it sits idle for a while.

System restore did not resolve the problem. Malware Bytes Anti-Malware found two objects (probably unrelated) and removed them, but the problem persists. ComboFix didn't solve the problem either.

I know Symantec sucks but I work remotely and my company's VPN host-checker requires this exact version. I also just read that you don't recommend ComboFix but I didn't know that when I ran it, and it had worked for me one time a year or so ago when all else failed.

Any help would be greatly appreciated!

A:HTTP Malicious RMF File detected

New notification while sitting idle just now: [SID: 24225] Web Attack: Blackhole Toolkit Website 5 detected

Please help.

Read other 3 answers
RELEVANCY SCORE 82.4

Kaspersky and Trojan remover cant get rid of them and Macafee dosent even see them.... I removed Macafee and installed Kaspersky and it catches them but they keep coming back over and over......TYIA........ DavidLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:20:19 AM, on 4/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dell\NICCONFIGSVC�... Read more

A:A Little Help Please....virtumonde And Monder.gen And Malicious Http

HelloYou might want to save this page on your favorites, so you can find it again when you return.Please take note of the following:I will be handling your log and helping you, please do not make any system changes yet. The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.The fixes are specific to your problem and should only be used for this issue on this machineIf there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.

Read other 18 answers
RELEVANCY SCORE 81.6

A message keeps popping up every 5 seconds:

Attempted intrusion "HTTP LOP Toolbar Activity" from your machine against 64.34.228.126 was detected and blocked.
Intruder: localhost(2640).
Risk Level: High.
Protocol: TCP.
Attacked IP: 64.34.228.126.
My Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:08:29 AM, on 8/17/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\... Read more

A:HTTP LOP Toolbar Activity

Read other 6 answers
RELEVANCY SCORE 81.6

I'm far from being a technological genius, so please bear with me :)

Norton is informing me every minute or so that an attack on my computer has been blocked, named an "HTTP LOP Toolbar Activity." I took a HijackThis log - if anyone can give me some step by step instructions of where to go from here, it'd be very much appreciated :)
(Apologies if I've done any of this incorrectly or missed some info out - I hope I've done this right so far!)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:11 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Securit... Read more

A:HTTP LOP Toolbar Activity - help?

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

I see you have more than one Anti-Virus program installed, Norton and TrendMicro. While this may seem like greater protection, it can cause problems including slowdowns and system hangs. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:re-install the program -> reboot -> uninstall-----------------------------------------------------------------------

Next....


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
... Read more

Read other 1 answers
RELEVANCY SCORE 81.6

About a month or so ago I was infected with some kind of virus that would cause a lot of pop ups and messages telling me to download "WinAntiVirus pro 2007." I downloaded CA Security Center, Avg Anti-spyware, Windows defender and Ad-Adware SE to try to remove this virus. They all somewhat worked and lessened the problem a bit. But I still would get some pop ups here and there and the "WinAntiVirus Pro 2007" message. But running the virus scans seemed to help keep them away for a while until they came right back. Then I noticed I would get an audio coming through the speakers of people talking about politics and such, without me running any progams at all. So I downloaded the Norton Antivirus Trial and ran a scan. It seems that everything is running ok but was left with one problem. Every 10 minutes exactly, Norton warns me of a block made with this message:Risk Name: HTTP QuickBrowser ActivityRisk Level: HighDefault Action: BlockAction Taken: BlockAttacking Computer: DHEARNDestination Address: www.top-banners.com(193.189.93.14,80)Traffic Description: TCP, 1042I'm fed up with my computer being infected with a virus and having no clue how serious it is and what it could do to my laptop. Logfile of HijackThis v1.99.1Scan saved at 11:33:34 PM, on 7/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WIND... Read more

A:Http Quickbrowser Activity?

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ozy87 Copy and paste the following bold blue text in the Quote box below into Notepad.Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.Then double click on the fix.bat file on your desktopYou'll see a black screen flash,thats [email protected] offsc stop Net Agentsc delete Net AgentRestart your pc.======================Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.======================Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire cont... Read more

Read other 7 answers
RELEVANCY SCORE 81.6

HI,

I keep getting an alert about every 10 seconds from norton anti-virus 2006 saying that an intrusion attempt has been blocked.
Norton details the intrusion as 'HTTP LOP toolbar activity'.

I hope someone can help me

Here is my HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:50 AM, on 20/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.ex... Read more

A:HTTP LOP toolbar activity

Hi......................

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
[*]First close any other programs you have running as this will require a reboot
[*]Double click NoLop.exe to run it
[*]Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
[*] When scanning is finished you will be prompted to reboot only if infected, Click OK
[*] Now click the "REBOOT" Button.
[*] A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKLM\..\Run: [mpeg heck log link] C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck\grim info.exe

Read other 4 answers
RELEVANCY SCORE 81.6

I have a message pop up every 15 seconds saying a recent attempt to attack your comuter was blocked but when i use noron scan it don't get rid of it, I was wondering if there was anyone here able ot help me get id of the area

Risk Name: HTTP LOP Activity
Risk Level: High
Default Action: Block
Attacking Computer ACER-1424F82190 (192.168.0.3,1881)
Destination Adress: ads.dns-look-up.com(64.34.228.126,80)
Traffic Description: TCP, 1881

Please Help ME!,

Tutty
 

A:HTTP LOP Toolbar Activity

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 81.6

Norton keeps popping up with this message: Norton Internet Worm Protection has detected and blocked an intrusion attempt. Intrusion: HTTP QuickBrowser Activity / Attacked IP: www.top-banners.comHave ran several different antivirus programs as well as stinger, but nothing comes up; however the security message comes up every two minutes that I am using IE. Any help you can give me would be most appreciated. Logfile of HijackThis v1.99.1Scan saved at 8:50:32 PM, on 6/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\sys... Read more

A:Http Quickbrowser Activity

Hi defective,Sorry for the delay, this forum is swamped right now.If you still need help, please do the following:Please download Combofix to your desktop.Doubleclick combo.exe to launch the application.Follow the prompts that will be displayed on the screen.Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt.Post this log in your next reply together with a new hijackthislog.Dave

Read other 2 answers
RELEVANCY SCORE 81.6

When I go logging in into hotmail I get this error -HTTP 400 Bad Request- It does not only happens with hotmail, it also appears on some other websites too.

I run on Windows Vista Home Premium 32Bit
Can anyone please give me some help? What to do?
it also happens when I go to you tube i only can play videos that appear in the home YouTube page, but it wont allow me to search videos as I'd get the error.

I can login into gmail and chech my email but when I logout the error comes up again.
It also happens in so many other websites most of which I cannot even remember, but in example some of them displays the whole site but in some windows within the site it displays the error too.
I have done a System Restore but it didn't help.

My browser is Windows Internet Explorer
I have deleted all my cookies and temp files too
I've done a full antispyware & antivirus scan. Only the antispyware found 3 threats that it corrected itself without any problems. Antivirus did not found anything, all ok.

I have downloaded and installed the latest java.

The problem is still there though...

I must mention that my computer has become so slow lately. I also have some other problems I've could never get rid of:

-Internet Explorer has stopped working
-Windows Explorer has stopped working

These 2 above could happen anytime especially if I switch between screens or download something new I think

And recently, when starting my machine:

-Application failed to initialize pro... Read more

A:Http 400 Bad Request

Hi; I suggest you ARE infected; whcih is your installed antivirus program and can you please name your other protection programns?you use Limewire ? if you seek help on cleaning you will need to remove it as there is little point in running cleaning programs while you continue to download most probably infected materials via a P2P program can you please run this tool which is vista compatible if the computer will let you ; it can give us a clearer picture of what is on the computer infection-wise do you have your computer cd and licence key to hand if you do need to do a reformat? Superantispyware; guide on how to install and run If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ; Installing superantispywareSuperantispyware is found here http://www.superantispyware.com/index.htmlDownload to the Downloads folder the free exe to superantispyware from herehttp://www.superantispyware.com/downloadfi...ANTISPYWAREFREEyou install superantispyware by clicking on the icon in the downloads folder ; it will launch the installation process; follow the instructions and I suggest you ask for a default installation ; ensure it creates a desktop icon for you ;once the program has been installed it should ask you if you wish to update the program ; say YES if it does not ask you , you need TO fully update the definitions by opening the program and find the ?check for updates ?tab in the bottom left of the... Read more

Read other 5 answers
RELEVANCY SCORE 81.6

Hi, I have an annoying problem with internet, the error is HTTP 400 Bad requestI am surely infected by downloading stuff from Limewire, music, videos, etc.Can you help me please?...This is the Hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:19:36 p.m., on 14/05/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\Windows Live\Family Safety\fssui.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.... Read more

A:Http 400 Bad Request

Hello Momentum. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine)We apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.If you still would like help, please follow the following instructions: Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one w... Read more

Read other 1 answers
RELEVANCY SCORE 81.6

can someone please tell me how to fix my firefox. every time i go to a site like blackplanet and click on enter it takes me to Http/1.1 bad request. my lil brother showed me something and it said alot of disallowed key or characters. so please if u know anything about this oh i'm running it with windows vista by the way if that helps. please if u can help email me at [email protected] thanks.

Read other answers
RELEVANCY SCORE 81.6

After installing the latest Windows updates, IE8 yields an HTTP 400 Bad Request page instead of going to certain websites (my company's webmail page, my credit union's homepage, the MS Windows Update page). Firefox and Chrome do not give the HTTP 400 Bad Request result when navigating to the same pages.

I did a system restore to back to yesterday to undo the updates, and the HTTP 400 error in IE8 went away.

So, here's a "heads up" to all you Windows XP Pro users with Internet Explorer 8.

A:HTTP 400 Bad Request

Thanks, I'm sure that there are some users out there who may have a similar experience.

Louis

Read other 6 answers
RELEVANCY SCORE 81.6

A week ago I started getting "http 400 bad request" error messages using Internet Explorer 8. I downloaded the latest version and installed it, with no change in results. I also installed Firefox, which has no problems with the exact same addresses. Google seems to work fine and I can go to any addresses Google finds. I reset IE8 and cleared cookies and history. A full scan with my antivirus did not find anything. I am out of ideas. I searched the forums here and did not find anything relevant. System is XP sp3. This started after my son (age 9) was using the computer, but he claims (of course) he didn't change anything.

Any help is appreciated. Thank You.

Bill Clapper

A:http 400 bad request

Welcome to TSF

Go to Control Panel, Add or Remove Programs and uninstall IE8. Reboot the computer and then try connecting using IE7. Let me know the results plz

Read other 8 answers
RELEVANCY SCORE 81.6

Quite often when clicking on an item in ebay.com.au I get this > Http/1.1 Bad Request < come up. Doesn't always happen but can't find out why. It does the same thing in IE, Firefox, and Opera. Running WinXP [email protected] all updates.
Is it something wrong with my computer or something wrong at ebay.
I can't seem to find anyway to contact ebay either. Anyone know how to fix this?
I haven't as yet tried it at another computer or tried it on my OSX 10.4

A:Http/1.1 Bad Request

welcome


Quote:




I can't seem to find anyway to contact ebay either




you have a better chance of winning lotto

anyway, go to internet options in your control panel - go to the advanced tab - click on restore defaults at the bottom

post back

Read other 7 answers
RELEVANCY SCORE 81.6

What is that?

I am trying to go to www.transportforlondon.gov.uk.

I am on their site trying to get to their journey planner but when I click on the darn thing to get the journey planner up the page displays HTTP/1.1 400 Bad Request with Mozilla and HTTP 400 Bad Request with internet explorer.

Can some one please explain to me what is happening?
 

A:HTTP/1.1 400 Bad Request

Read other 15 answers
RELEVANCY SCORE 81.6

I have a PC that has Windows XP SP2 on it. It had IE6 on it and started giving the 400 error for any website that I visited. I installed Ad-Aware and had Avast running on the PC. I cleaned up all the Malware on the PC and Avast didnt find any viruses. I installed Kaspersky and that found a couple Trojans that got deleted.

I updated to IE8 and still have the same issue. I disabled the firewall and still no go. I installed Firefox and that works just fine. Now I'm stumped.

Any help/ideas would be appreciated.

A:HTTP 400 Bad Request

Hi,Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results butto... Read more

Read other 16 answers
RELEVANCY SCORE 81.6

I keep getting these errors when I go to sites I frequent (and as of 2 minutes ago, one that I dont any more thanks to Windows Live Mail). I will browse to the site, then I'll come back a little while later and the error will pop up and sometimes it takes all day for it to go away. I've never had this happen before. It just started happening when I cleared out my cookies and my temporary internet files while trying to set up my new router.

I use IE 8.

How do I get them to stop? And how do I fix them?

A:IE HTTP 400 Bad Request

  
Quote: Originally Posted by ACWN


I keep getting these errors when I go to sites I frequent (and as of 2 minutes ago, one that I dont any more thanks to Windows Live Mail). I will browse to the site, then I'll come back a little while later and the error will pop up and sometimes it takes all day for it to go away. I've never had this happen before. It just started happening when I cleared out my cookies and my temporary internet files while trying to set up my new router.

I use IE 8.

How do I get them to stop? And how do I fix them?


A simple google of the error return the explanation and fix. I just chose this as an example. HTTP Error 400 Bad request Explained

Good Luck

Ken

Read other 9 answers
RELEVANCY SCORE 81.6

Hi, first my apologies if I'm posting in the wrong place!

When using ebay and only when trying to create a new listing, browsing is fine I keep getting an error message Http 400 bad request, I've visited several websites and fact pages etc and am now baffled!

I've tried all the simple suggestions I could find, deleting cookies etc and running spybot S&D, Ad-Aware and Anti Malware ..... nothing works although immediately after running spybot S&D occasionally it will let me list one item!

My question is, can I fix it? having very limited knowledge I'm scared of doing more damage than good and not being able to follow instructions anyway! so, would I be better off flinging this thing through a window and getting a new one? or sending it to a professional, I dont want to spend money on a computer expert having been ripped off in the past!

Any help or advice would be very gratefully received!!

A:Http 400 - Bad request, help!! ??

hello,
did this problem just start? (it may be an ebay issue)
what browser are you using? (try a different browser. ie, chrome or firefox)
do you have access to another computer to see if its the computer in question ?

good luck!

Read other 5 answers
RELEVANCY SCORE 81.6

What is that?

I am trying to go to www.transportforlondon.gov.uk.

I am on their site trying to get to their journey planner but when I click on the darn thing to get the journey planner up the page displays HTTP/1.1 400 Bad Request with Mozilla and HTTP 400 Bad Request with internet explorer.

Can some one please explain to me what is happening?
 

A:HTTP 400 Bad Request????

You don't need to post it again. I, and someone else are already providing suggestions in your original thread.
 

Read other 1 answers
RELEVANCY SCORE 81.6

i'v just installed a new pc with win xp sp2 and ie 7.

for some reason when i try to log on to facebook or when i try to browse gmail i get an error: http 400 bad request. (i believe it happens on other sites as well, but not all)

i'm sure it's not a network problem because it's a laptop and it didn't work at public places.

i have insalled mozila firefox and it works - but still is there a way to resolve he problem??

A:http 400 bad request

try this

http://support.microsoft.com/kb/826437

Read other 1 answers
RELEVANCY SCORE 81.6

I can not connect to Chase.com. I get HTTP 400 Bad request.
> My PC has been unplugged for one month,it worked fine before.
> I can connect to ALL my favorites,except Chase.com.I even typed it into my
address bar.
> I even down loaded IE8 again.
I tried to do a restore and it won't let me?
> It will work with Fire fox.
XP SP3
> What could have happened?
> Phil

A:I get HTTP 400 Bad request

Being a banking site, chase.com uses SSL encryption. What happens when you go to other SSL sites such as this one - https://encrypted.google.com/

Read other 3 answers
RELEVANCY SCORE 81.6

I cannot log onto MSN Texas Holdedm or MSN Bridge. I am using msn vista home edition. Each time I get the message "HTTP bad request". "this page cannot be found". "there might be a typing error" "if you clicked on a link it may be out of date"
 

Read other answers
RELEVANCY SCORE 81.6

Can anyone help me everytime i log into either ebay or hotmail its always comes up http/1.1 bad request or http1.1 internal server error i'm not great with coms so if someone could explain in detail what to do i doin't seem to have any problem logging into any other sites i think its just secure ones ant help would be greatly appreciated
thanks

Seamus

Read other answers
RELEVANCY SCORE 81.6

Hi folks
I'm having all sorts of problems with my computer right now - please see my separate postings under Windows xp. I think a trojan or worm has invaded my computer because I am now getting a HTTP 400 - Bad Request window whenever I go on any site to try and deal with the virus problem. I can't even renew my mcafee subscription because I'm getting the same window for their site. All the sites which say they can deal with the http 400 bad request problem don't work because I get the same message when i click on the links to resolve the problem. Any ideas?

A:HTTP 400 - Bad Request

Welcome to TSF

Sorry to hear your having so much trouble. The security team can help you with this. We cannot assist you with this issue here in the Microsoft Support Forum.


Look over these http://www.techsupportforum.com/secu...oval-help.html
If you cannot complete any of the steps for whatever reason, just continue on with the next one until they are all completed, and post your logs in Virus/Trojan/Spyware Help; where an Analyst will assist you. However, it is very important to make mention of any of the steps that you were not able to complete.

After you?ve posted your logs, please be patient, as the Security Team Analysts are very busy.

Read other 1 answers